CCSS-RS

The Secure Data Services Manager staff will be the person responsible for the return and destruction of all associated materials as determined by the Data Use Agreement. All physical media, whether originally supplied by the Data Provider or by CCSS Secure Data Services created backup copy of electronic original data, will be destroyed and the Data Provider sent a Certificate of Data Destruction, unless the Data Provider requests the media returned within the Data Use Agreement. As stipulated by the Data Use Agreement, requested physical media will be returned to the Data Provider using a traceable method via FedEx, with requirement for a signature by the recipient.

• Physical destruction methods:
  1. CDs/DVDs are destroyed using a crosscut shredder.
  2. USB flash drives are first sanitized by utilizing Department of Defense shredding algorithm, using seven‐rounds of overwriting and/or degaussing. After sanitation, the flash drives are turned over to Cornell University’s R5 recycling unit whom then delivers the drives to a licensed company for physical destruction.
  3. Hard disk drives are first sanitized by utilizing Department of Defense shredding algorithm, using seven‐rounds of overwriting and/or degaussing. After sanitation, the hard disk drives are turned over to Cornell University’s R5 recycling unit whom then delivers the drives to a licensed company for physical destruction.

The Secure Data Services staff will be responsible for the destruction of all original data on the CRADC servers and the Secure Standalone Desktop as determined by the Data Use Agreement. All original data will be destroyed and the Data Provider sent a Certificate of Data Destruction.

• Electronic destruction method: Electronic files on the CRADC servers and Secure Standalone Desktop are disposed of utilizing Department of Defense shredding algorithm, using seven‐rounds of overwriting.

The Secure Data Services staff will be responsible for the destruction of user‐created electronic files as determined by the Data Use Agreement. Electronic files on the CRADC servers and the Secure Standalone Desktop are disposed of utilizing Department of Defense shredding algorithm, using seven‐rounds of overwriting.

• Researcher Requested Copy of User‐Created Electronic Files: If permitted by the Data Use Agreement, researchers may request a copy of their user‐created, disclosure proofed, application code and log files, to be transferred to the researcher prior to the destruction of the project files.

No paper materials or copies are produced or stored by CCSS Secure Data Services, unless provided with the original media. The Secure Data Services staff will be responsible for the destruction of all paper materials. If the Data Provider requests the return of any paper materials provided with the original media, the paper materials will be returned to the Data Provider using a traceable method via FedEx, with requirement for a signature by the recipient.

• Paper Destruction Method: Paper materials are destroyed using a crosscut shredder.

Upon completion of the disposal of all project related data, the Secure Data Services staff will certify that the secure data and user created project‐based transitory files have been securely destroyed via a CRADC Certificate of Destruction or Secure Standalone Desktop Certificate of Destruction. The completed certificate of destruction will be sent to the Data Provider either as a paper copy through FedEx or electronically via email, with a copy of the certificate of destruction supplied to Office of Sponsored Programs.

• Requested Formats for the Certificate of Destruction: In the case that the Data Provider requires the completion of a specific certificate of destruction, or certification of destruction format, for the conclusion of the Data Use Agreement, the requested certificate will be completed in replacement of the CRADC Certificate of Destruction or Secure Standalone Desktop Certificate of Destruction. Notarized affidavits may be requested as a section of a specific certificate of destruction, to be completed by the Secure Data Services staff as required.