Skip to Main Content

Research Data Management

Data management at George Washington University

Data Security

Keeping data safe and secure is the responsibility of everyone involved in the research project. Steps and procedures for ensuring data security should be discussed, planned, and implemented before the project even begins. For help with data security questions, contact your school's IT, the GW IT Security Office, or Research Technology Services. They can assist you with developing workflows and plans for keeping your data secure.  If you need help identifying who to reach out to, contact Data Services Librarians, and we will help you navigate your options.

The following diagram reveals some of the riskiest employee practices that can lead to data security breaches:

Waffle Works Top 10 Riskiest Employee Behaviors: Data Security Risks. Visit the link below for more information.


Ethical and Legal Obligations


For any data collection that involves human subjects, you need:

  • IRB approval from GW Office of Human Research (OHR)
  • an informed consent for data sharing for research purposes while keeping participants' identities confidential
  • disclosure risk management of key identifiers when privacy is a concern
  • developed terms of restricted access if necessary, i.e. health data covered by HIPAA Privacy Rule.

Intellectual Property Rights

  • Data are not copyrightable. Information (i.e. charts, tables, reports) created from data is.
  • Data access and use can be licensed for privacy protection.
  • Consider CC0 Declaration if you want to promote unlimited use of your data.


The GW Privacy Office has developed a helpful resource for understanding and locating different policies and guidance related to data and records management and retention.

Data Use Agreements

If you have a requirement for a Data Use Agreement (DUA), please complete the DUA Intake Form.

What is a Data Use Agreement (DUA)?

DUAs are legally binding contracts between GW and another party providing for the transfer of data from the provider organization to the recipient organization.  These agreements may also be called Data Transfer Agreements or Data Sharing Agreements.

In general, any sharing of “restricted use” data requires an agreement between the providing party (owner of the data) and the receiving party (data user).  Failure to follow DUA terms could result in significant liabilities including possible criminal sanctions as well as impacting other rights of the parties involved.

What is OVPR's role?

OVPR reviews the terms of proposed DUAs so that the data may be accessed and used as soon as an appropriate Data Management Plan has been approved.

To request a proposed DUA or to submit a DUA for review and approval, please complete the DUA Intake Form. Please contact OVPR with questions.

Applicable Policies

Information Security Policy: All university members have the duty to protect university data from unauthorized generation, access, modification, disclosure, transmission or destruction. Certain data require specialized protections, and some of these protections may be provided through data sharing/transfer agreements generally referred to as Data Use Agreements (DUAs) with other parties.

GW Libraries • 2130 H Street NW • Washington DC