Data Destruction and Return of Restricted Data Policy

Policy Volume: RD
Responsible Executive: CISER Secure Data Services Manager
Responsible Office: Cornell Institute for Social and Economic Research

Issued: 2020-10-07

NOTE: This policy replaces these previous policies:

  • CRADC Data Destruction and Return of Restricted Data Policy [issued 2015-07-13, revised 2019-09-16]
  • Secure Standalone Desktop – Data Destruction and Return of Restricted Data Policy [issued 2017-09-17]

POLICY STATEMENT

In order to comply with the terms set forth in the Data Use Agreement, Cornell Restricted Access Data Center (CRADC) staff must certify to the Data Provider that the associated data have been destroyed and/or returned to the Data Provider at the termination of the agreement.

This policy applies to all research data regardless of the storage medium (e.g., disk drive, electronic tape, CD, DVD, external drive, paper, fiche, etc.) and regardless of form (e.g., text, graphic, video, audio, etc.), physically housed within the Cornell Institute for Social and Economic Research (CISER) auspices.

POLICY REQUIREMENTS

To protect restricted‐access data appropriately and effectively, CRADC researchers and staff must understand and carry out their responsibilities related to data security, as set forth by the Data Provider Agreement(s) (including referenced laws and regulations), Cornell University Institutional Review Board for Human Subjects, Cornell University Office of Sponsored Programs, and Cornell University Policy. This policy applies regardless of the source of funding for the research.

Data Destruction Procedures

Destruction of Physical Media

The Secure Data Services Manager staff will be the person responsible for the return and destruction of all associated materials as determined by the Data Use Agreement. All physical media, whether originally supplied by the Data Provider or by CISER Secure Data Services created backup copy of electronic original data, will be destroyed and the Data Provider sent a Certificate of Data Destruction, unless the Data Provider requests the media returned within the Data Use Agreement. As stipulated by the Data Use Agreement, requested physical media will be returned to the Data Provider using a traceable method via FedEx, with requirement for a signature by the recipient.

  • Physical destruction methods:
    1. CDs/DVDs are destroyed using a crosscut shredder.
    2. USB flash drives are first sanitized by utilizing Department of Defense shredding algorithm, using seven‐rounds of overwriting and/or degaussing. After sanitation, the flash drives are turned over to Cornell University’s R5 recycling unit whom then delivers the drives to a licensed company for physical destruction.
    3. Hard disk drives are first sanitized by utilizing Department of Defense shredding algorithm, using seven‐rounds of overwriting and/or degaussing. After sanitation, the hard disk drives are turned over to Cornell University’s R5 recycling unit whom then delivers the drives to a licensed company for physical destruction.

Destruction of Original Data Files on CRADC Servers and the Secure Standalone Desktop

The Secure Data Services staff will be responsible for the destruction of all original data on the CRADC servers and the Secure Standalone Desktop as determined by the Data Use Agreement. All original data will be destroyed and the Data Provider sent a Certificate of Data Destruction.

  • Electronic destruction method: Electronic files on the CRADC servers and Secure Standalone Desktop are disposed of utilizing Department of Defense shredding algorithm, using seven‐rounds of overwriting.

Destruction of User‐Created Electronic Files

The Secure Data Services staff will be responsible for the destruction of user‐created electronic files as determined by the Data Use Agreement. Electronic files on the CRADC servers and the Secure Standalone Desktop are disposed of utilizing Department of Defense shredding algorithm, using seven‐rounds of overwriting.

  • Researcher Requested Copy of User‐Created Electronic Files: If permitted by the Data Use Agreement, researchers may request a copy of their user‐created, disclosure proofed, application code and log files, to be transferred to the researcher prior to the destruction of the project files.

Destruction of Paper Materials

No paper materials or copies are produced or stored by CISER Secure Data Services, unless provided with the original media. The Secure Data Services staff will be responsible for the destruction of all paper materials. If the Data Provider requests the return of any paper materials provided with the original media, the paper materials will be returned to the Data Provider using a traceable method via FedEx, with requirement for a signature by the recipient.

  • Paper Destruction Method: Paper materials are destroyed using a crosscut shredder.

Certificate of Destruction

Upon completion of the disposal of all project related data, the Secure Data Services staff will certify that the secure data and user created project‐based transitory files have been securely destroyed via a CRADC Certificate of Destruction or Secure Standalone Desktop Certificate of Destruction. The completed certificate of destruction will be sent to the Data Provider either as a paper copy through FedEx or electronically via email, with a copy of the certificate of destruction supplied to Office of Sponsored Programs.

  • Requested Formats for the Certificate of Destruction: In the case that the Data Provider requires the completion of a specific certificate of destruction, or certification of destruction format, for the conclusion of the Data Use Agreement, the requested certificate will be completed in replacement of the CRADC Certificate of Destruction or Secure Standalone Desktop Certificate of Destruction. Notarized affidavits may be requested as a section of a specific certificate of destruction, to be completed by the Secure Data Services staff as required.

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Contacts

If you have questions about specific issues regarding this Sharing, Transmission and Distribution of Restricted Data Policy, call the following offices:

NAMEEMAILTITLEPHONE
William BlockCISER Director607‐255‐4801
Elena GoloborodokoCISER Secure Data Services Manager607‐255‐4801
Jonathan BohanCRADC Secure Data Specialist607‐255‐4801
Resa ReynoldsCAC Assistant Director, Systems607‐254‐8686
Kim BurlingameSystem Administrator607‐254‐8686
Lucia WalleSystems Analyst/Programmer607‐254‐8686
Brenda LappTechnical Consultant607‐254‐8686
Cornell University
Security Office
607-255-6664