{"id":1383,"date":"2016-11-18T15:54:09","date_gmt":"2016-11-18T23:54:09","guid":{"rendered":"https:\/\/www.washington.edu\/research\/?page_id=1383"},"modified":"2026-02-26T15:27:33","modified_gmt":"2026-02-26T23:27:33","slug":"data-protections","status":"publish","type":"page","link":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/","title":{"rendered":"Data Protections: Privacy, Security, Proprietary"},"content":{"rendered":"<p>At a minimum, a <a href=\"\/research\/myresearch-lifecycle\/setup\/collaborations\/sharing-information-and-data\/\">Data Use Agreement (DUA)<\/a> must be in place whenever there are restrictions for: Information Privacy, National Security, Protecting Commercial, Proprietary, or Confidential Interests in Data.<\/p>\n<p>In some cases there are additional guidelines or requirements which must be followed before a DUA can be put into place. Review the following guidance on these topics for next steps and more information.<\/p>\n<p>Topics Covered:<\/p>\n<ul>\n<li><a href=\"#information-privacy\">Information Privacy<\/a><\/li>\n<li><a href=\"#info-sec-national-security\">Information Security \/ National Security<\/a><\/li>\n<li><a href=\"#commercial-proprietary-confidential\">Protecting Commercial, Proprietary, or Confidential Interests in Data<\/a><\/li>\n<\/ul>\n<hr \/>\n<p><a name=\"information-privacy\"><\/a><\/p>\n<h2>Information Privacy<\/h2>\n<p><span style=\"font-weight: 400;\"><\/p>\n<div class=\"accordion non-bold\" id=\"accessible-accordion\">\n<div class=\"screen-reader-text\">Accessible Accordion<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Protected Health Information &amp; HIPAA<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>HIPAA protects the privacy of individually identifiable information, sets standards for the security of electronic PHI, and includes breach notification rules.<\/p>\n<p>Researchers that will obtain and use protected health information (PHI) must obtain: <strong>(a)<\/strong> authorization from the participant; or <strong>(b)<\/strong> a waiver of authorization granted by an IRB, unless the PHI is:<\/p>\n<ol>\n<li>de-identified;<\/li>\n<li>a limited data set, or<\/li>\n<li>from decedents.<\/li>\n<\/ol>\n<p>Many UW researchers are also health care providers at a UW covered entity. These researchers follow all policies, procedures, and requirements about the research use of PHI, such as prior IRB approval and a waiver of authorization, even for one\u2019s own patients, and following all UW Medicine Honest Broker requirements.<\/p>\n<p>Please see <a href=\"\/research\/policies\/guidance-hipaa-2\/\">GUIDANCE HIPAA<\/a> from the UW&#8217;s Human Subjects Division (HSD) for additional information.<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">UW Medicine Clinical Research Data<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>UW Medicine maintains policies regarding use of UW Medicine clinical data in research.<\/p>\n<ul>\n<li><a href=\"https:\/\/uwnetid.sharepoint.com\/sites\/uw_medicine_honest_broker\/SitePages\/Honest-Broker-Policy.aspx\" target=\"_blank\" rel=\"noopener\">Honest Broker<\/a>: An honest broker is an individual or group acting on behalf of a covered entity to search the entity\u2019s health care records, collect PHI, and make the PHI available to researchers. The PHI may be de-identified, coded (with the researcher having no access to the code link) or identifiable. The Honest Broker acts as a gatekeeper and must be independent of the research team.<\/li>\n<li><a href=\"https:\/\/uwnetid.sharepoint.com\/sites\/uw_medicine_honest_broker\/SitePages\/Clinical-Data-For-Research-Purposes-Policy.aspx\" target=\"_blank\" rel=\"noopener\">Release of UWM Clinical Data for Research Purposes<\/a>: This policy defines clinical data, which is broader than PHI, and the circumstances when such data can be used for research purposes.<\/li>\n<\/ul>\n<h4>Questions?<\/h4>\n<p>Contact <a href=\"mailto:ritdatahelp@uw.edu\" target=\"_blank\" rel=\"noopener\">ritdatahelp@uw.edu<\/a> with questions on the Honest Broker processor the Release of UWM Clinical Data for Research Purposes.<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Federal Certificate of Confidentiality<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>Information, including PHI, under a Certificate of Confidentiality, receives the following additional protections, under a Certificate of Confidentiality and sharing is not allowed:<\/p>\n<ul>\n<li>as part of a Federal, State, local civil, criminal, administrative, legislative or other proceeding<\/li>\n<li>to any other person not connected with the research<\/li>\n<\/ul>\n<p>Review: more guidance on <a href=\"\/research\/hsd\/guidance\/coc\/\">Certificate of Confidentiality (CoC) <\/a>from the UW\u2019s Human Subjects Division.<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">European Union - General Data Protection Regulation<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>The EU GDPR limits when and how organizations worldwide can collect, store, use, or otherwise process personal data of persons residing in the European Economic Area (EEA). Please review more information from UW IT on <a href=\"https:\/\/it.uw.edu\/guides\/privacy\/about-us\/governance\/laws\/european-union-general-data-protection-regulation\/#q\">European Union General Data Protection Regulation<\/a> including how they may impact access and use. If you carry out a UW activity that involves sharing personal data subject to EU GDPR, you will need to consider a <a href=\"https:\/\/it.uw.edu\/guides-by-topic\/data-processing-agreement\" target=\"_blank\" rel=\"noopener\">Data Processing Agreement<\/a>.<\/p>\n<p>If you will be handling incoming personal data subject to the EU GDPR, as a processor or controller, the party providing such data may require certain contractual clauses. If a sponsored program, these terms would be placed in the sponsored research agreement or related DUA by the providing party<\/p>\n<p>When routing an eGC1 to OSP and you are aware personal data subject to EU GDPR will be involved, please select the checkbox next to \u201cOther Sensitive Information\u201d under D-1. Ensure you are completing a privacy assessment with the UW Privacy Office if the data handling is considered <a href=\"https:\/\/it.uw.edu\/guides\/privacy\/take-action\/share-data\/data-processing-agreement\/\" target=\"_blank\" rel=\"noopener\">high-risk data processing<\/a>.<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">FERPA<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>Researchers who obtain records from schools are responsible for contacting the schools to make sure that the research will comply with FERPA requirements.<\/p>\n<p>Please see more from the <a href=\"https:\/\/studentdata.washington.edu\/academic-data-management\/data-requests\/\" target=\"_blank\" rel=\"noopener\">Academic Data Management Office<\/a>.<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Youth-Involved Research<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>UW-Led Youth-Involved Research includes any study that involves:<\/p>\n<ul>\n<li>personnel acting on behalf of UW;<\/li>\n<li>youth human subjects (under age 18); and<\/li>\n<li>collecting data from youth, analysis of identifiable youth data, or other interactions with youth that occur as part of UW\u2019s involvement.<\/li>\n<\/ul>\n<p>Please see more information on <a href=\"\/youth\/youth-at-uw\/protecting-youth-at-uw-aps-10-13\/aps-10-13-info-for-researchers\/\" target=\"_blank\" rel=\"noopener\">Youth Research Requirements<\/a> or contact the <a href=\"https:\/\/www.washington.edu\/youth\/about\/contact-us\/\" target=\"_blank\" rel=\"noopener\">Youth Protection Coordinator<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<hr \/>\n<p><a name=\"info-sec-national-security\"><\/a><\/p>\n<h2>Information Security \/ National Security<\/h2>\n<p><span style=\"font-weight: 400;\"><\/p>\n<div class=\"accordion non-bold\" id=\"accessible-accordion\">\n<div class=\"screen-reader-text\">Accessible Accordion<\/div>\n<div class=\"card\" id=\"doj-dsp\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Dept. of Justice - Data Security Program<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>The Dept. of Justice (DOJ) Data Security Protection (DSP) rule (<a href=\"https:\/\/www.federalregister.gov\/documents\/2025\/01\/08\/2024-31486\/preventing-access-to-us-sensitive-personal-data-and-government-related-data-by-countries-of-concern\" target=\"_blank\" rel=\"noopener\">28 CFR 202<\/a>) is designed to prevent access to U.S. sensitive personal data &amp; government related data by countries of concern or covered persons.<\/p>\n<p>This rule applies to <a href=\"\/research\/glossary\/covered-data-transaction-doj\/\">covered data transactions<\/a> with <a href=\"https:\/\/www.ecfr.gov\/current\/title-28\/chapter-I\/part-202#subpart-F\" target=\"_blank\" rel=\"noopener\">countries of concern<\/a> or <a href=\"\/research\/glossary\/covered-person-doj\/\">covered persons<\/a>. The rule covers two main categories of data: <a href=\"https:\/\/www.washington.edu\/research\/glossary\/bulk-sensitive-personal-data-doj\/\">bulk U.S. sensitive personal data<\/a> and <a href=\"https:\/\/www.ecfr.gov\/current\/title-28\/chapter-I\/part-202#202.222\" target=\"_blank\" rel=\"noopener\">U.S. government-related data<\/a>.<\/p>\n<p>It is key for UW researchers to understand whether this rule may apply to their data transactions.<\/p>\n<p>Contact the UW Privacy Office at <a href=\"mailto:uwprivacy@uw.edu\" target=\"_blank\" rel=\"noopener\">uwprivacy@uw.edu<\/a> for help identifying whether the Dept. of Justice Data Security Program applies before:<\/p>\n<ul>\n<li>Sharing or<\/li>\n<li>Initiating a data use agreement (DUA) or other type of agreement that involves bulk U.S. sensitive personal data or U.S. government related data with covered persons or country of concern.<\/li>\n<\/ul>\n<h4>Resources:<\/h4>\n<ul>\n<li>UW Privacy Office: <a href=\"mailto:uwprivacy@uw.edu\" target=\"_blank\" rel=\"noopener\">uwprivacy@uw.edu<\/a><\/li>\n<li><a href=\"https:\/\/www.justice.gov\/opa\/media\/1396351\/dl\" target=\"_blank\" rel=\"noopener\">DOJ DSP FAQs<\/a><\/li>\n<li><a href=\"https:\/\/www.justice.gov\/opa\/media\/1396356\/dl\" target=\"_blank\" rel=\"noopener\">DOJ Data Security: Program Compliance Guide<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Export Controls<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>The following should be discussed with the Export Controls Office (<a href=\"mailto:eco-help@uw.edu\">eco-help@uw.edu<\/a>) to ensure export compliance:<\/p>\n<ul>\n<li>Proprietary technical information or source code that is not intended for publication; OR<\/li>\n<li>Activities that have known defense\/military applications<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Foreign Interests<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>There may be restrictions or prohibitions on the sharing of data to foreign parties. Please see <a href=\"\/research\/compliance\/foreign-interests-in-sponsored-programs\/\">Foreign Interests and Sponsored Programs<\/a> for more information.<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Classified or Restricted Research<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>There are restrictions and prohibitions for sharing classified federal contract information (FCI) or Controlled Unclassified Information (CUI). Typically assessed at the proposal stage, please review proposal stage guidance on <a href=\"\/research\/myresearch-lifecycle\/plan-and-propose\/sponsor-requirements\/classified-or-restricted-research\/\">Classified or Restricted Research<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<hr \/>\n<p><a name=\"commercial-proprietary-confidential\"><\/a><\/p>\n<h2>Protecting Commercial, Proprietary, or Confidential Interests in Data<\/h2>\n<p>In general all research data are considered open access and available in the public domain. See <a href=\"https:\/\/policy.uw.edu\/directory\/fcg\/fcg-chapter-54-open-access\/\" target=\"_blank\" rel=\"noopener\">UW Policy on Open Access<\/a>. However there are commercial and proprietary interests considered in sponsored research contexts.<\/p>\n<p><span style=\"font-weight: 400;\"><\/p>\n<div class=\"accordion non-bold\" id=\"accessible-accordion\">\n<div class=\"screen-reader-text\">Accessible Accordion<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Sponsors or Third Party Data<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>Data from sponsors or third parties coming into the UW for use on a sponsored project often requires protection for proprietary purposes. Sponsors typically provide a license to us within a sponsored research agreement or will provide a data use agreement.<\/p>\n<p>Review more information on <a href=\"\/research\/myresearch-lifecycle\/setup\/collaborations\/sharing-information-and-data\/\">Data Use Agreements<\/a> and <a href=\"\/research\/myresearch-lifecycle\/setup\/collaborations\/agreement-types\/\">Agreement Types<\/a>.<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Research Data Developed by the UW<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>Research data are not typically considered intellectual property. However, all UW research data are owned by the UW, except as otherwise provided by an agreement, law, regulations, or policy, and in some cases protected by copyright. See <a href=\"\/research\/policies\/gim-37\/#Ownership%20and%20Stewardship\">GIM 37 Research Data<\/a>.<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Open Use &amp; Open Access<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>Generally research data developed under a UW sponsored project are required to be open use or available in the public domain. See <a href=\"https:\/\/lib.uw.edu\/research-services\/publishing\/open-access\/\" target=\"_blank\" rel=\"noopener\">UW Libraries Guide on Open Access<\/a>.<\/p>\n<p>Certain sponsors include public access, open use, or <a href=\"https:\/\/comotion.uw.edu\/licensing\/open-access\/\" target=\"_blank\" rel=\"noopener\">open access<\/a> requirements as a condition of award.<\/p>\n<p>Some examples include:<\/p>\n<ul>\n<li><a href=\"https:\/\/grants.nih.gov\/policy-and-compliance\/policy-topics\/public-access\" target=\"_blank\" rel=\"noopener\">NIH Public Access<\/a><\/li>\n<li><a href=\"https:\/\/www.nsf.gov\/public-access\" target=\"_blank\" rel=\"noopener\">NSF Public Access Initiative<\/a><\/li>\n<li><a href=\"http:\/\/www.gatesfoundation.org\/How-We-Work\/General-Information\/Open-Access-Policy\" target=\"_blank\" rel=\"noopener\">Gates Foundation Open Access Policy<\/a><\/li>\n<li><a href=\"https:\/\/wellcome.ac.uk\/funding\/managing-grant\/open-access\" target=\"_blank\" rel=\"noopener\">Wellcome Trust Open Access Policy<\/a><\/li>\n<li><a href=\"https:\/\/www.ahajournals.org\/public-access-policy\" target=\"_blank\" rel=\"noopener\">American Heart Association Public Access Policy<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Open Source<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>Some sponsors may require terms in agreements for open source licensing of software. When this happens, your OSP reviewer will request the Principal Investigator to acknowledge and sign the UW IP Disposition Memo (also referred to as the GIM 40 Memo).<\/p>\n<p>UW\u2019s CoMotion also provides detailed guidance on <a href=\"https:\/\/comotion.uw.edu\/licensing\/open-source\/\" target=\"_blank\" rel=\"noopener\">Open Source Licensing<\/a> at the UW.<\/p>\n<\/div>\n<\/div>\n<div class=\"card\">\n<div class=\"card-header\" id=\"accordion-header\">\n<h3 class=\"mb-0\"><button class=\"btn btn-link\" type=\"button\" data-toggle=\"collapse\" data-target=\"#collapse\" aria-expanded=\"false\" aria-controls=\"collapse\"><span class=\"btn-text\">Data Protections for Proprietary Purposes<\/span><span class=\"arrow-box\"><span class=\"arrow\"><\/span><\/span><\/button><\/h3>\n<\/div>\n<div id=\"collapse\" class=\"collapse \" aria-labelledby=\"collapse\" data-parent=\"#accordion\" role=\"region\">\n<p>Research data is not usually eligible to be protected as standalone commercial innovations. However, data can carry key information necessary to securing intellectual property protection. Additionally, it is important to understand how the parties to an agreement are defining \u201cdata\u201d. If the agreement broadly defines data to include innovations, UW Intellectual Property policies apply. See for details:<\/p>\n<ul>\n<li><a href=\"https:\/\/policy.uw.edu\/directory\/po\/executive-orders\/eo-36-patent-invention-and-copyright-policy\/\" target=\"_blank\" rel=\"noopener\">EO No. 36 Inventions, Discoveries, and Copyright<\/a><\/li>\n<li><a href=\"\/research\/policies\/gim-40\/\">GIM 40: Disposition of 天美影视传媒 Intellectual Property in Sponsored Program Agreements<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>At a minimum, a Data Use Agreement (DUA) must be in place whenever there are restrictions for: Information Privacy, National Security, Protecting Commercial, Proprietary, or Confidential&#8230;<\/p>\n","protected":false},"author":13,"featured_media":0,"parent":457,"menu_order":5,"comment_status":"closed","ping_status":"closed","template":"templates\/page-builder-lifecycle.php","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-1383","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data Protections: Privacy, Security, Proprietary - UW Research<\/title>\n<meta name=\"description\" content=\"Example data security requirements, PHI, Identifiable Records, Certificate of Confidentiality (CoC)\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Protections: Privacy, Security, Proprietary - UW Research\" \/>\n<meta property=\"og:description\" content=\"Example data security requirements, PHI, Identifiable Records, Certificate of Confidentiality (CoC)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/\" \/>\n<meta property=\"og:site_name\" content=\"UW Research\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-26T23:27:33+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/\",\"url\":\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/\",\"name\":\"Data Protections: Privacy, Security, Proprietary - UW Research\",\"isPartOf\":{\"@id\":\"https:\/\/www.washington.edu\/research\/#website\"},\"datePublished\":\"2016-11-18T23:54:09+00:00\",\"dateModified\":\"2026-02-26T23:27:33+00:00\",\"description\":\"Example data security requirements, PHI, Identifiable Records, Certificate of Confidentiality (CoC)\",\"breadcrumb\":{\"@id\":\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.washington.edu\/research\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"MyResearch Project Lifecycle\",\"item\":\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Setup\",\"item\":\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Compliance Requirements (Non-Financial)\",\"item\":\"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Data Protections: Privacy, Security, Proprietary\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.washington.edu\/research\/#website\",\"url\":\"https:\/\/www.washington.edu\/research\/\",\"name\":\"UW Research\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.washington.edu\/research\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Protections: Privacy, Security, Proprietary - UW Research","description":"Example data security requirements, PHI, Identifiable Records, Certificate of Confidentiality (CoC)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/","og_locale":"en_US","og_type":"article","og_title":"Data Protections: Privacy, Security, Proprietary - UW Research","og_description":"Example data security requirements, PHI, Identifiable Records, Certificate of Confidentiality (CoC)","og_url":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/","og_site_name":"UW Research","article_modified_time":"2026-02-26T23:27:33+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/","url":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/","name":"Data Protections: Privacy, Security, Proprietary - UW Research","isPartOf":{"@id":"https:\/\/www.washington.edu\/research\/#website"},"datePublished":"2016-11-18T23:54:09+00:00","dateModified":"2026-02-26T23:27:33+00:00","description":"Example data security requirements, PHI, Identifiable Records, Certificate of Confidentiality (CoC)","breadcrumb":{"@id":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/data-protections\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.washington.edu\/research\/"},{"@type":"ListItem","position":2,"name":"MyResearch Project Lifecycle","item":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/"},{"@type":"ListItem","position":3,"name":"Setup","item":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/"},{"@type":"ListItem","position":4,"name":"Compliance Requirements (Non-Financial)","item":"https:\/\/www.washington.edu\/research\/myresearch-lifecycle\/setup\/compliance-requirements-non-financial\/"},{"@type":"ListItem","position":5,"name":"Data Protections: Privacy, Security, Proprietary"}]},{"@type":"WebSite","@id":"https:\/\/www.washington.edu\/research\/#website","url":"https:\/\/www.washington.edu\/research\/","name":"UW Research","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.washington.edu\/research\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.washington.edu\/research\/wp-json\/wp\/v2\/pages\/1383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.washington.edu\/research\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.washington.edu\/research\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.washington.edu\/research\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.washington.edu\/research\/wp-json\/wp\/v2\/comments?post=1383"}],"version-history":[{"count":66,"href":"https:\/\/www.washington.edu\/research\/wp-json\/wp\/v2\/pages\/1383\/revisions"}],"predecessor-version":[{"id":62550,"href":"https:\/\/www.washington.edu\/research\/wp-json\/wp\/v2\/pages\/1383\/revisions\/62550"}],"up":[{"embeddable":true,"href":"https:\/\/www.washington.edu\/research\/wp-json\/wp\/v2\/pages\/457"}],"wp:attachment":[{"href":"https:\/\/www.washington.edu\/research\/wp-json\/wp\/v2\/media?parent=1383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}