{"id":21959,"date":"2026-02-24T14:09:00","date_gmt":"2026-02-24T19:09:00","guid":{"rendered":"https:\/\/www.montclair.edu\/sponsored-programs\/?p=21959"},"modified":"2026-02-24T14:09:00","modified_gmt":"2026-02-24T19:09:00","slug":"understanding-data-use-agreements-and-confidentiality-agreements","status":"publish","type":"post","link":"https:\/\/www.montclair.edu\/sponsored-programs\/2026\/02\/24\/understanding-data-use-agreements-and-confidentiality-agreements\/","title":{"rendered":"Understanding Data Use Agreements and Confidentiality Agreements"},"content":{"rendered":"<p><span style=\"font-weight: 400\">As research administrators, we are primarily responsible for negotiating sponsored research agreements\u2013i.e. agreements that exchange something of value (funding) to carry out a project\/scope of work. However, this article focuses on the two types of <em>non-monetary <\/em><\/span><span style=\"font-weight: 400\">agreements we most commonly see at Montclair State University: Confidentiality Agreements and Data Use Agreements (DUAs). Both types of agreements outline provisions governing the transfer, protection, and destruction of sensitive and\/or confidential data.\u00a0 But what does this information look like, and how do the terms of these agreements differ depending on what information they seek to protect?<\/span><\/p>\n<p><span style=\"font-weight: 400\">In the context of Data Use Agreements that OSP negotiates, the term \u201cdata\u201d most commonly refers to human subjects data, such as medical records or survey results. Data Use Agreements can also cover sensitive administrative data, de-identified datasets, or government-regulated information. In contrast, \u201cconfidential information\u201d typically refers to non-public business\/organizational information. There are different matters at stake here. It is important to protect data about individuals from being disclosed to the general public to prevent invasion of privacy, discrimination, or other kinds of physical, social, or economic harm to these individuals. By contrast, it is important to keep an organization\u2019s proprietary information confidential to protect sensitive information and prevent other entities from infringing on intellectual property or releasing non-public information. Both these types of agreements can be one-way or two-way, or alternatively, \u201cunilateral,\u201d or \u201cbilateral.\u201d The party sharing the information is typically labeled the \u201cProvider,\u201d and the party receiving the data is the \u201cRecipient.\u201d<\/span><\/p>\n<h3>What is a Data Use Agreement?<\/h3>\n<p><span style=\"font-weight: 400\">A Data Use Agreement is used when there is a transfer of data between institutions that includes human subjects data or other kinds of sensitive data. These can include, but are not limited to the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Medical records<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Human subjects research datasets<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">School district data<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Census data<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">There are a number of regulations that govern the protection of this data. HIPAA covers protected health information (PHI), and FERPA regulations protect educational information. The FDP\u2019s <\/span><strong><a href=\"https:\/\/thefdp.org\/wp-content\/uploads\/human_subject_data_classification_tool.pdf\">Tool for Classifying Human Subjects Data<\/a><\/strong><span style=\"font-weight: 400\"> serves as a useful categorization tool for these cases.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">Data Use Agreements contain terms on how to protect this information. The terms can vary depending on how sensitive the data is. Data Use Agreements define a discrete timeline for the recipient to be able to access the data. They also outline a plan for storing the data during the term of the agreement and a plan for returning or destroying the data after the term of the agreement has ended.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">In the case of de-identified human subjects data, there is nearly always a provision specifying that the recipient must not use the data to try to re-identify or contact participants. The document also frequently outlines provisions about breaches of confidentiality, detailing who must be contacted in the event of a breach and how soon. Finally, the agreement can establish terms surrounding liability and indemnification to establish who can be held legally responsible for damages that may arise from misuse of the data.\u00a0<\/span><\/p>\n<h3>What is a Confidentiality Agreement?<\/h3>\n<p><span style=\"font-weight: 400\">By contrast, a confidentiality agreement, often referred to as a Non-Disclosure Agreement (NDA) or Confidential Disclosure Agreement (CDA), exists to protect an organization&#8217;s proprietary information. For an industry sponsor, this could take the form of a scientific methodology or protocol, such as a particular drug company\u2019s process for manufacturing a medication. Alternatively, it could be financial information or client information.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The standard terms in a Confidentiality Agreement outline what information must be kept confidential, often requiring that information is specifically labeled as such. This also includes defining what is <em>not <\/em><\/span><span style=\"font-weight: 400\">confidential information: that which has already been made public or that which was already known by the receiving party and is therefore not bound by the terms of the agreement.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">The agreement outlines the obligations of the receiving party, including whether the information can be shared with any third parties (such as research associates assisting with the project). This often includes the clause that confidential information may be disclosed to a court upon legal request. Like a Data Use Agreement, Confidentiality Agreements outline how long the recipient may access the data and how and when it should be returned or destroyed. They may also contain a number of other standard contract clauses, such as limitation of liability (which party can be held responsible for damages) and governing jurisdiction (which municipality\u2019s laws will govern a dispute).\u00a0<\/span><\/p>\n<h3>Conclusion<\/h3>\n<p><span style=\"font-weight: 400\">Data Use Agreements and Confidentiality Agreements protect the interests of different parties: research participants and business partners, respectively. In negotiating these agreements, it is vital to consider not only the interests of the providing party, but also those of the receiving party (the researchers). In most cases, the top consideration is protecting researchers\u2019 right to publish. In both of these kinds of agreements, research administrators often advocate for a publication clause establishing that the researcher may publish manuscripts, so long as they do not contain confidential information or the full dataset. Often, the provider of the data is granted a \u201creview and comment\u201d period, allowing them a certain amount of time to read the manuscript and request changes to protect their interests.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">Faculty members should contact OSP when they are performing work on a project that involves providing or receiving any type of data from another institution, even if the project is not grant-funded. DUAs, NDAs, and CDAs must be reviewed and endorsed by the institution, so faculty members should not sign these agreements independently.<\/span><\/p>\n<h4>By: Samantha Tassillo and Ted Russo<\/h4>\n","protected":false},"excerpt":{"rendered":"<p>As research administrators, we are primarily responsible for negotiating sponsored research agreements\u2013i.e. agreements that exchange something of value (funding) to carry out a project\/scope of work. However, this article focuses on the two types of non-monetary agreements we most commonly see at Montclair State University: Confidentiality Agreements and Data Use Agreements (DUAs). Both types of [&hellip;]<\/p>\n","protected":false},"author":235,"featured_media":21960,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[10],"tags":[],"class_list":["post-21959","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sponsored-programs-central"],"_links":{"self":[{"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/posts\/21959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/users\/235"}],"replies":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/comments?post=21959"}],"version-history":[{"count":1,"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/posts\/21959\/revisions"}],"predecessor-version":[{"id":21961,"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/posts\/21959\/revisions\/21961"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/media\/21960"}],"wp:attachment":[{"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/media?parent=21959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/categories?post=21959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.montclair.edu\/sponsored-programs\/wp-json\/wp\/v2\/tags?post=21959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}