Library Guides: Guide for Data Use Agreements: Secure Technology and Spaces

Data Use Agreements and Data Protection Plans

sample office technology showing a computer and several laptops Data use agreements (DUAs) are legally binding contracts between data providers, users, and their institution that detail how data must be transferred, used, and disposed of.

Data Security/Protection plan is a separate, supporting document that usually must be submitted in addition to the DUA (plus any other supporting documents, such as IRB approval, research proposal, researcher CV, etc). They include requirements for how the users' technology must be configured and how their work spaces must be regulated. Before you apply to work with data from a provider, it is vitally important to work closely with IT services within your local department or college to determine if these requirements can be met and are consistent with University policy.

Why do you need help?

Applying to work with data from a provider

Providing necessary technical language and documentation for the application is vital

Adding and including the right people in the contract for the life cycle of the project is important

Ensuring compliance with a provider's DUA

Technology requirements can be highly technical

Space requirements may conflict with departmental policies

Working with data from a provider

Your application to your data provider will need to be resubmitted and the compliance of your technology and work space will need to be verified...

if your work space changes

if your provider's DUA requirements change during the project

Examples of DUA Requirements

Requirements for Data Use Agreements will vary with providers. These are just some samples of requirements that come from the examples cited below.

Technology

Data stored in password-protected, encrypted form

Access to analytical software in a secure environment.

Destroying and cleaning the data from technology after the project

Space

Removable devices holding the data (CDs, diskettes, zip drive disks, etc.) stored in a locked compartment or room when not in use

Physical environment in which computer is kept (e.g., in room with public access, in room locked when not in use by research staff);

Example DUA's

Welfare, Children, and Families: A Three-City Study
For an example of requirements for a Data Protection Plan see Appendix D of the Welfare, Children, and Families: A Three-City Study
Health Retirement Study (HRS)
The Health and Retirement Study (HRS) provides fairly detailed requirements for a DUA. Some of the requirements are so stringent that there is a Secure Data Enclave facility option at ICPSR [see below].

Secure Data Enclaves

Secure Data Enclaves are spaces that have been constructed specifically for restricted data research. Often they are constructed around the requirements of a specific set of data, because there are simply no standards.

As a member of ICPSR, researchers can apply for access to a physical data enclaves for certain data sets on-site at the University of Michigan. Researchers can also apply for access to the Federal Statistical Research Data Centers (FSRDC) located in various sites around the country and within the University Libraries at Penn State.

Penn State's FSRDC
This site provides information about the FSRDC at Penn State. You will also find Information about how to apply for access.

The Population Research Institute has data enclaves available for it affiliated faculty. However there is no centralized facility currently for unaffiliated researcher at Penn State.

Virtual Data Enclave

Data providers are experimenting with virtual machine technology that will allow a researcher access to a virtual private network on a machine. However, this still makes it necessary to make sure a secure environment exist to use the data.

ICPSR Virtual Data Envclave