Keeping data safe and secure is the responsibility of everyone involved in the research project. Steps and procedures for ensuring data security should be discussed, planned, and implemented before the project even begins. For help with data security questions, contact your school's IT, the GW IT Security Office, or Research Technology Services. They can assist you with developing workflows and plans for keeping your data secure. If you need help identifying who to reach out to, contact Data Services Librarians, and we will help you navigate your options.
The following diagram reveals some of the riskiest employee practices that can lead to data security breaches:
The GW Privacy Office has developed a helpful resource for understanding and locating different policies and guidance related to data and records management and retention.
If you have a requirement for a Data Use Agreement (DUA), please complete the DUA Intake Form.
What is a Data Use Agreement (DUA)?
DUAs are legally binding contracts between GW and another party providing for the transfer of data from the provider organization to the recipient organization. These agreements may also be called Data Transfer Agreements or Data Sharing Agreements.
In general, any sharing of “restricted use” data requires an agreement between the providing party (owner of the data) and the receiving party (data user). Failure to follow DUA terms could result in significant liabilities including possible criminal sanctions as well as impacting other rights of the parties involved.
What is OVPR's role?
OVPR reviews the terms of proposed DUAs so that the data may be accessed and used as soon as an appropriate Data Management Plan has been approved.
Information Security Policy: All university members have the duty to protect university data from unauthorized generation, access, modification, disclosure, transmission or destruction. Certain data require specialized protections, and some of these protections may be provided through data sharing/transfer agreements generally referred to as Data Use Agreements (DUAs) with other parties.