User-friendly version of the TRE User Agreement

Owned by Laura Ward
Last updated: Aug 20, 2024 by Simon Li
2 min read

Introduction

In 2024 we updated our TRE User Agreement, which has previously been known as the Data User Declaration, or DUD. We did this to align with the Pan-UK Data Governance Steering Group of the UK Health Data Research Alliance, their publication is here. The aim of this update is to accelerate data research by improving trust among TRE users and data providers and increase standardisation of data agreements.

We recognise that a 9-page document is relatively lengthy to read, so we have provided a condensed, accessible format (without the legal jargon) to help users understand its contents.

The TRE User Agreement is a legal document that sets out the terms for using the Trusted Research Environment (TRE). This article provides a brief overview of its contents.

Scope and purpose

The TRE User Agreement outlines the terms under which researchers can access and use data within the TRE. It emphasizes the importance of protecting data security, maintaining privacy, and ensuring that data usage aligns with legal and ethical standards. The Agreement is structured around the Five Safes with explanations as to how our processes align with these set of best practices for secure data management.

Roles and Responsibilities

  1. TRE User, the researcher/ analyst/ postdoc/ student, must:

    1. Complete credentialling, including providing a proof of completion of the HIC approved Information Governance training. Understand and sign the Agreement and share all relevant project documentation (e.g. ethical approval, data protection impact assessment, data management plan).

    2. Adhere to relevant approvals only using data for the ‘Safe Project’.

    3. Follow HIC processes for keeping data secure (e.g. not working in openly public spaces, avoiding unauthorised screen sharing), never share access credentials, report any unauthorised access or breaches immediately, and undergo disclosure control.

 

  1. User Organisation, where the user works, must

    1. Ensure Users are trained and comply with the Agreement.

    2. Inform HIC of any changes in User status or breaches.

 

  1. HIC, the TRE provider, will

    1. Provide a secure TRE workspace and monitor usage (suspending access if Agreement is breached).

    2. Approve any data inputs/outputs to ensure privacy and confidentiality are maintained.

Compliance and Monitoring

  • There are legal repurcussions outlined in the Agreeement based on current laws, such as Data Protection and GDPR.

  • Monitoring and audits will be conducted to ensure adherence. Non-compliance can lead to suspension of access and penalties. Immediate reporting of unintentional breaches will influence legal consequences and HIC's actions.

General Provisions

  • The Agreement is legally binding and lasts for 3 years.

  • Whether or not you use HIC data, the Agreement covers all projects conducted within the TRE.

 

This summary provides a general overview; Users should read the full TRE User Agreement to understand all details. Any queries please contact us at HICBusiness-Support@dundee.ac.uk

 

 Related articles