Policy Volume: RD
Responsible Executive: CISER Secure Data Services Manager
Responsible Office: Cornell Institute for Social and Economic Research
NOTE: This policy replaces these previous policies:
- CRADC Restricted Data Security Breach Reporting and Response Policy [issued 2015-07-15, revised 2016-09-30, 2019-04-18]
- Secure Standalone Desktop – Restricted Data Security Breach Reporting and Response Policy [issued 2017-09-17]
This policy establishes measures that must be taken to report and respond to a possible breach or compromise of restricted data, including the determination of the systems affected, whether any restricted data have in fact been compromised, what specific data were compromised and what actions are required for forensic investigation and legal compliance.
Cornell Restricted Access Data Center (CRADC) is committed to compliance of restricted data. For the purpose of this document, restricted data relates to any nonpublic data that is protected by regulation, law or policy and/or is subject to contractual access restrictions as defined by a Data Use Agreement (DUA). CRADC, as the Data Custodian of these data,along with the authorized research team (Researcher),are obligated to adhere to the conditions set forth by the Data Provider in a signed DUA and this policy.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
If you have questions about specific issues regarding this Sharing, Transmission and Distribution of Restricted Data Policy, call the following offices: