Retention and Destruction of Data. 12.1. CORE data providers may retain a version of the dataset as long as it is deemed necessary to support social housing policy. After the Data has been destroyed, CORE data providers will need to sign a declaration to confirm that the Data and all copies of the Data have been destroyed to the government standards for secure and complete destruction.
Retention and Destruction of Data. 14.1 The Parties are separately responsible and liable for their compliance with Article 5(b) and (e) of the GDPR which stipulates that personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
14.2 Personal data processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is not incompatible with the original purpose and can be processed for longer periods subject to Article 89. Under Article 89(1), when personal identifiers are no longer necessary for statistical and research purposes, records shall be pseudonymised. When the data is no longer necessary for statistical or research purposes, the Parties agree to securely destroy the shared data, in compliance with National Archives legislation.
14.3 The Parties shall comply fully through appropriate technical and organisational measures with the requirement to securely destroy personal data which no longer has any lawful purpose for processing, in compliance with National Archives legislation.
Retention and Destruction of Data. On termination of this Agreement, First Scottish will either return to the Customer the Articles in its possession or, pursuant to the Customer’s written direction, will securely delete or destroy (insofar as technically reasonable and practicable) the Articles. The Customer releases and shall hold harmless the Company from all liability by reason of the destruction of Articles pursuant to the Customer’s written direction..
Retention and Destruction of Data. The Parties are separately responsible and liable for their compliance with Article 5(b) and
Retention and Destruction of Data. 6.1 The relevant information will be retained by the party to whom it is disclosed until such time as it is no longer required for the specified purpose. At the expiry of that period, the relevant information will be destroyed by the party to whom it has been disclosed and a schedule of destruction will be maintained in relation to the relevant information.
Retention and Destruction of Data. 12.1. DCLG shall instruct ONS to store the data provided by the Council securely at all time. All personal identifiers contained within the data provided by the Council will be encrypted using a one way cryptographic hash after variables required in the linked dataset such as age have been derived. This encryption ensures the privacy of the individual while allowing ONS to link the data to other information sources if required.
12.2. DCLG have agreed to limit access to the Data to a small number of individuals at DCLG who can be named on request (these individuals have all been CTC security cleared). DCLG will instruct ONS to do so (all ONS staff with access to the data have been at least SC level security cleared).
12.3. At DCLG, access to the pseudo-anonymised dataset will be password-controlled and limited to a set of specific individuals. DCLG will instruct ONS to do so.
12.4. All individuals granted access to the datasets (at DCLG and ONS) have been briefed on the legal requirements around handling and storing the Data for this project.
12.5. Staff at ONS will be instructed to store the Data provided by the Council in their Secure Linkage Facility at all times. All access to the facility and the data within it is monitored and recorded. At the end of the Project staff will securely overwrite and/or destroy the original dataset provided by the Council.
12.6. Staff at ONS will be instructed to securely store the Data in encrypted format (using CESG approved encrypted media) at all times when manipulation and analysis is not in progress.
12.7. After the Data has been destroyed, DCLG will instruct ONS to sign a declaration to confirm that the Data and all copies of the Data have been destroyed to the required standards.
12.8. DCLG will instruct ONS to securely store the Data provided by the Council until two years after the completion of the Project in case DCLG decides to commission further analysis of the long-term impacts of the Programme following the main Project (Longitudinal Study). The Project is due to be completed in 2020 and therefore the Data will be retained until December 2022 to allow for the Longitudinal Study.
12.9. At the end of the data retention period for the Project and the Longitudinal Study, or upon termination of this Agreement if earlier, DCLG will instruct ONS to agree to destroy all copies of the Data on all media.
12.10. DCLG will instruct ONS to ensure that the Data are destroyed to the standards that meet government standard...
Retention and Destruction of Data. 14.1 State how long the data will be retained for by each Participant and what their arrangements are for secure storage, and disposal / destruction of data. Information held by HMRC will be retained in accordance with existing retention policies, typically for 6 years from date of last use for HMRC and 7 years from the date of case closure for the SRA. If the information becomes part of the SRA investigation records, we will then retain in line with the published SRA retention policy.
14.2 State what access controls each Participant will have in place to ensure access to the data will only be provided to authorised personnel with the appropriate security clearance.
Retention and Destruction of Data. The Local Authority for Local Enterprise Partnership shall only retain the data as long as necessary but for no longer than 7 years in order to fulfil its purpose for processing the data in accordance with the agreement.
Retention and Destruction of Data. 12.1. After the Data has been destroyed, MHCLG will sign a declaration to confirm that the Data and all copies of the Data have been destroyed to the required standards.
12.2. At the end of the data retention period for the Project or upon termination of this Agreement if earlier, MHCLG will to destroy all copies of the Data on all media.
12.3. MHCLG will ensure that the Data are destroyed to the standards that meet government standards for secure and complete destruction.
12.4. Annex B includes tables with dates for destruction for each dataset for the project
Retention and Destruction of Data. 10.1 All the personal data uploaded on DELTA will be deleted from the DELTA system after a maximum of 6 months. Kantar will securely store the personal data downloaded from DELTA until March 2023 at the latest, after which they will securely be deleted. The personal data provided on people not subsequently selected for the research will be deleted from Kantar’s systems within one month of that selection being made and by March 2021 at the latest. If a participant chooses not to participate or changes their mind about participating in the research, their personal details will be deleted from Kantar’s systems within one month. If it is not possible to contact someone selected to be part of the research at all, Kantar will securely delete from their system all their personal data within six months, with the exception of their H-CLIC case reference number.
10.2 If a participant withdraws their consent for data to be shared with MHCLG, the LA should inform Kantar if the data has already been shared. This request should be made securely via a form in DELTA and should detail what consents this applies to. The LA should not share any further data with Kantar for any individual who withdraws their consent for their data to be shared. Kantar will stop processing their data and not make any/any further attempt to contact them.
10.3 Any contractor processing personal data on behalf of MHCLG, during the time period covered by this agreement, will be required to process the Data securely and to the same standards as MHCLG. Data security measures will be set out in a Data Processing Agreement between MHCLG and the contractor.
10.4 ICF’s subcontractor, Kantar, will transfer personal data using Kiteworks. This has several layers of security – overall network security, application security, data encryption and secure processes and updates. Kiteworks provide account access and configurable authentication security, integrated SSO and LDAP/AD, embedded anti-virus and integrations with data leak prevention and advanced threat prevention software. Audit logs can be sorted by attribute and exported for audits and legal requests. Data is encrypted both in transit and at rest. Kiteworks data encryption module is FIPS 140-2 certified.
10.5 Kantar’s Public division follows the highest industry standards for data security and complies with all relevant corporate, legal, statutory and regulatory requirements including: ISO 20252; ISO 9001; ISO 27001; Data Protection Act (2018); Cyber E...
