Data Access Committee Data Use Agreement

DATA USE AGREEMENT (DUA)

CF Airway Metagenomics and Clinical Metadata Resource Version 0.1 – Draft for Review

This Data Use Agreement (“Agreement”) is made between:

The Data Custodian / Institution: Robert Edwards / Flinders University (“Data Provider”)

and

The Data Recipient: Name: ______________________________ Institution: __________________________ Position/Role: _______________________ Email: ______________________________ (“Recipient)

and, where applicable,

Supervising Investigator (for students or trainees): Name: ______________________________ Email: ______________________________

Together referred to as “the Parties.”

1. Purpose of Agreement

The Recipient requests access to the CF Airway Metagenomics Dataset (“the Dataset”) for the purpose of conducting the research project titled:

Project Title: _________________________________________________

This Agreement governs the Recipient’s rights and responsibilities for accessing, storing, analysing, and publishing results derived from the Dataset.

2. Description of Data Provided

The Dataset may include:

  • Raw microbial, viral, and metagenomic sequencing reads (with incidental human reads removed).
  • Microbial taxonomic and functional profiles.
  • De-identified clinical and metadata fields.
  • Machine-learning-derived features and cluster loadings.
  • Longitudinal metadata (if approved by the Data Access Committee).

The Dataset explicitly excludes human genomic data and must not be used for human genetic or genomic research.

3. Conditions of Use

The Recipient agrees to comply with all of the following conditions.

3.1 Permitted Uses

The Dataset may be used only for:

  • The approved research project stated above,
  • Scientific analyses relating to microbial, viral, ecological, or computational biology,
  • Development of algorithms or methods for non-human genomic data.

Any additional use requires a new application to the Data Access Committee (DAC).

3.2 Prohibited Uses

The Recipient must not, under any circumstances:

  1. Analyse, interpret, or retain any human DNA sequences that may accidentally appear in the Dataset.
  2. Conduct research involving the human genome, genetic variation, ancestry, phenotype inference, or any other human genetic characteristic.
  3. Attempt to identify individuals from the Dataset.
  4. Attempt data linkage with external datasets for re-identification purposes.
  5. Share or redistribute the Dataset to any third party, including collaborators, unless explicitly approved by the DAC.
  6. Use the Dataset for clinical or diagnostic purposes.
  7. Use the Dataset for commercial purposes without express written permission from the Data Provider.

3.3 Obligations Regarding Incidental Human DNA

If any human-derived reads, contigs, or identifiers are detected, the Recipient must:

  1. Immediately cease analysis of those sequences.
  2. Notify the DAC within 48 hours, identifying:
    • The file(s) in which they appear,
    • The sequence identifiers (read IDs, contig IDs, etc.),
    • The approximate number of human-derived sequences detected.
  3. Permanently delete all human-derived sequences from all storage locations, backups, and analysis environments.
  4. Provide the DAC with a written declaration confirming deletion and non-use.

Failure to comply constitutes a breach of this Agreement.

3.4 Data Security Requirements

The Recipient must ensure that:

  • All datasets are stored in secure institutional computing environments (HPC, protected servers, encrypted storage).
  • Access is restricted to authorised personnel listed on the approved application.
  • Files are not transferred to unencrypted portable devices.
  • Any data breach or suspected breach is reported to the DAC within 48 hours.

3.5 Publication and Acknowledgement

Publications, presentations, and reports resulting from the Dataset must:

  • Acknowledge the Dataset, the study team, and the funding sources.
  • Cite relevant accession numbers and primary publications.
  • Be notified to the DAC upon acceptance.
  • Not disclose any information that could directly or indirectly identify participants.

If the DAC identifies a risk of re-identification in proposed outputs, it may require modifications.

3.6 Restrictions on Redistribution

The Dataset may not be:

  • Shared, loaned, sublicensed, or redistributed.
  • Stored in collaborative repositories accessible to unapproved users.
  • Made publicly available in whole or in part.

Collaborators wishing to work with the Dataset must independently apply for access.

3.7 Completion of Project and Data Destruction

Upon project completion or expiration of access approval, the Recipient must:

  1. Destroy all copies of the Dataset and derivative files containing raw or identifiable data.
  2. Retain only derivative results that do not permit reverse-engineering of the original data.
  3. Provide a signed data destruction certificate if requested.

4. Monitoring and Compliance

The Recipient agrees that:

  • The DAC may request progress updates.
  • The DAC may audit compliance (e.g., data security, pipeline outputs, publication drafts).

  • Non-compliance may result in:

    • Revocation of data access;
    • Reporting to the Recipient’s institution;
    • Notification to the Human Research Ethics Committee;
    • Legal action if required.

Intentional misuse will be treated as a serious ethical breach.

5. Term and Termination

This Agreement remains in effect until:

  • The approved project is completed,
  • The DAC revokes access,
  • The Recipient requests termination, or
  • The Dataset is fully destroyed.

Termination does not release the Recipient from obligations arising during the term, including destruction and confidentiality clauses.

6. Intellectual Property

The Dataset remains the property of the Data Provider. The Recipient retains IP only over new analyses, tools, or models created during the approved project, provided they do not compromise dataset confidentiality.

7. Confidentiality

The Recipient must treat all data as confidential and must not attempt to identify or publicise information about study participants, participating health services, or contributing investigators without explicit consent.

8. Amendments

This Agreement may be updated by the Data Provider. Recipients will be notified of material changes and may be required to re-sign the Agreement for continued access.

9. Declarations and Signatures

Recipient Declaration

I have read, understood, and agree to comply with this Data Use Agreement and the Data Access Policy. I agree not to analyse, use, or retain any human genomic material that may inadvertently appear in the Dataset.

Name: _______________________________________ Signature: ____________________________________ Date: ________________________________________

Supervising Investigator (if applicable)

I confirm oversight of the Recipient and agree to ensure their compliance.

Name: _______________________________________ Signature: ____________________________________ Date: ________________________________________

Data Provider Authorisation

Access to the Dataset is approved under the conditions described.

Name: _______________________________________ Position: _____________________________________ Signature: ____________________________________ Date: ________________________________________