Policies and Procedures: When Would A Data Use Agreement Be Needed and What Should It Include?
Definition
A Data Use Agreement (DUA) is a legal contract between the organization that owns access to a data source and a secondary organization that will receive the data for reuse. A DUA includes the terms and limitations on how the shared data can be used (such as restrictions on access to the shared data, requirement of destroying the data files when a project is complete, obligation on safeguarding the data).
Any request for Open Restricted Data (client-level) or Confidential Data (client-level, identifying information) from an organization that is NOT the organization entering the data into AKHMIS (Alaska Homeless Management Information System) will require a Data Use Agreement (DUA). A DUA must be entered into between ICA and the recipient organization before any data will be released. All DUAs (must be approved by the AK CoC (Continuum of Care) Director(s) of the CoC(s) containing the data to be released.
Procedure
A DUA must include the following information:
- Identification of the recipient organization;
- Parameters of the data to be provided;
- Describe the terms and conditions of data use (including limitations of use);
- Describe the data transfer, storage, access, retention, and destruction requirements to be met and/or upheld by the parties signed to the agreement; and
- Signatures of the Coalitions, ICA, and the recipient entity.