Data-sharing Agreements

Note to Departments

The most common types of data sharing agreements are Incoming and Outgoing Data Use Agreements (DUAs). An Incoming DUA is used when a UChicago researcher intends to receive data from an external entity. In most cases, the providing institution will provide a draft agreement which the researcher should then submit to URA for review. An Outgoing DUA is used when UChicago is acting as the data provider, and for any case in which data generated or collected at UChicago is being sent to an external entity, we require a DUA to be put in place using our own template aimed at protecting the data. For more information on sending data to external entities, please see this page.

To submit a Data Use Agreement (DUA) for URA review, please visit AURA Agreements which has replaced Service Now as the system of record for all research-related contracts. AURA Agreements is a contract management system offered in the same software suite as the other AURA products and will be integrated with the AURA Grants module.

The AURA Agreements module offers a single point of entry for all research-related contracts and streamlines the process for routing contracts for negotiation and signature. It also offers complete transparency of the status of the agreement and terms that are under negotiation.

For more information about this process update, please see the campus announcement made August 24, 2020.

Why Share Data?

Data-sharing is an important way to increase the ability of researchers, scientists and policy-makers to analyze and translate data into meaningful reports and knowledge. Sharing data discourages duplication of effort in data collection and encourages diverse thinking and collaboration, as others are able to use the data to answer questions that the initial data collectors may not have considered.

Sharing data also encourages accountability and transparency, enabling researchers to validate one another's findings. Finally, data from multiple sources can often be combined to allow for comparisons that cross national and departmental lines.

What Is a Data-Sharing Agreement and Why Is It Necessary?

A data-sharing agreement is a formal contract that clearly documents what data are being shared and how the data can be used. Such an agreement serves two purposes. First, it protects the agency providing the data, ensuring that the data will not be misused.

Second, it prevents miscommunication on the part of the provider of the data and the agency receiving the data by making certain that any questions about data use are discussed. Before any data are shared, both the provider and receiver should talk in person or on the phone to discuss data-sharing and data-use issues and come to a collaborative understanding that will then be documented in a data-sharing agreement.

It is important to recognize that the process for setting up data-sharing agreements varies from country to country as well as the type of data that is being shared and agencies sharing the data.

What Should Be Addressed in a Data-Sharing Agreement?

Following is a list of items that are typically found in a data-sharing agreement. Although this list may cover the basics, additional concerns may be relevant to a particular dataset or provider agency.

Ideally, these added concerns should be addressed in the data-sharing agreement to facilitate clear communication and, if needed, establish additional safeguards:

  • Period of agreement:
    • Clearly define when the provider will give the data to the receiver and how long the receiver will be able to use the data.
    • Once the receiver agency no longer has the right to use the data, what will happen?
      • Will the data be returned to the provider or will it be destroyed (deleted from hard drives, shredded, burned, etc.)?
  • Intended use of the data:
    • State as specifically as possible how the receiver will use the data.
    • What studies will be performed, what questions will be asked and what are the expected outcomes?
    • Can the receiver use the data to explore additional research questions without the approval or consent of the provider?
  • Constraints on use of the data:
    • List any restrictions on how the data or data findings can be used.
    • Is the receiver required to document how the data are used?
    • Can the receiver share, publish or disseminate data findings and reports without the review of the provider?
    • If the receiver generates a report based on the data, does the report belong to the receiver or the provider?
    • Can the receiver share, sell or distribute data findings or any part of the database to another agency?
  • Data confidentiality:
    • Describe the required processes that the receiver must use to ensure that data remain confidential.
    • Because some data may contain information that can be linked to individuals, it is important to put safeguards in place to ensure that sensitive information (e.g., salaries, exam results) remains private.
    • Personal data should remain confidential and should not be disclosed verbally or in writing to an unauthorized third party, by accident or otherwise.
    • Will the receiver report information that identifies individuals?
    • What safeguards are in place to prevent sensitive information from becoming public?
  • Data security:
    • Describe the methods that the receiver must use to maintain data security.
    • Hard copies of data should be kept in a locked cabinet or room and electronic copies of data should be password protected or kept on a secure disk.
    • Will everyone at the receiver agency have the same level of access to data, or will some people have restricted access?
    • What kind of password protections need to be put in place?
    • Who will have physical access to the data, including the servers and the paper files?
    • What will happen to the data after the data-sharing period ends?
  • Methods of data-sharing:
    • Identify the way in which data will be transferred from the provider to the receiver.
    • Will data be transferred physically or electronically?
    • If data are to be sent over the Internet, how can a secure connection be guaranteed?
    • Will the data be encrypted before being transferred
  • Financial costs of data-sharing:
    • Clarify who will cover the monetary costs of sharing the data.
    • Will there be expenses related to sharing the data?\
    • Will the provider or the receiver share the costs, or will one agency pay for all data-sharing expenses?

Text adapted from The Capacity Project

April 1, 2011