Destruction of Data Provider shall destroy or delete all Personally Identifiable Data contained in Student Data and obtained under the DPA when it is no longer needed for the purpose for which it was obtained or transfer said data to LEA or LEA’s designee, according to a schedule and procedure as the parties may reasonable agree. Nothing in the DPA authorizes Provider to maintain personally identifiable data beyond the time period reasonably needed to complete the disposition.
Data Return and Destruction of Data (a) Protecting PII from unauthorized access and disclosure is of the utmost importance to the EA, and Contractor agrees that it is prohibited from retaining PII or continued access to PII or any copy, summary or extract of PII, on any storage medium (including, without limitation, in secure data centers and/or cloud-based facilities) whatsoever beyond the period of providing Services to the EA, unless such retention is either expressly authorized for a prescribed period by the Service Agreement or other written agreement between the Parties, or expressly requested by the EA for purposes of facilitating the transfer of PII to the EA or expressly required by law. As applicable, upon expiration or termination of the Service Agreement, Contractor shall transfer PII, in a format agreed to by the Parties to the EA.
(b) If applicable, once the transfer of PII has been accomplished in accordance with the EA’s written election to do so, Contractor agrees to return or destroy all PII when the purpose that necessitated its receipt by Contractor has been completed. Thereafter, with regard to all PII (including without limitation, all hard copies, archived copies, electronic versions, electronic imaging of hard copies) as well as any and all PII maintained on behalf of Contractor in a secure data center and/or cloud-based facilities that remain in the possession of Contractor or its Subcontractors, Contractor shall ensure that PII is securely deleted and/or destroyed in a manner that does not allow it to be retrieved or retrievable, read or reconstructed. Hard copy media must be shredded or destroyed such that PII cannot be read or otherwise reconstructed, and electronic media must be cleared, purged, or destroyed such that the PII cannot be retrieved. Only the destruction of paper PII, and not redaction, will satisfy the requirements for data destruction. Redaction is specifically excluded as a means of data destruction.
(c) Contractor shall provide the EA with a written certification of the secure deletion and/or destruction of PII held by the Contractor or Subcontractors.
(d) To the extent that Contractor and/or its subcontractors continue to be in possession of any de-identified data (i.e., data that has had all direct and indirect identifiers removed), they agree not to attempt to re-identify de-identified data and not to transfer de-identified data to any party.
Return/Destruction of PHI 15.1 Business Associate in connection with the expiration or termination of the contract or grant shall return or destroy, at the discretion of the Covered Entity, all PHI received from Covered Entity or created or received by Business Associate on behalf of Covered Entity pursuant to this contract or grant that Business Associate still maintains in any form or medium (including electronic) within thirty (30) days after such expiration or termination. Business Associate shall not retain any copies of the PHI. Business Associate shall certify in writing for Covered Entity (1) when all PHI has been returned or destroyed and (2) that Business Associate does not continue to maintain any PHI. Business Associate is to provide this certification during this thirty (30) day period.
15.2 Business Associate shall provide to Covered Entity notification of any conditions that Business Associate believes make the return or destruction of PHI infeasible. If Covered Entity agrees that return or destruction is infeasible, Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible for so long as Business Associate maintains such PHI. This shall also apply to all Agents and Subcontractors of Business Associate.
Data Destruction When no longer needed, all County PHI or PI must be cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media Sanitization such that the PHI or PI cannot be retrieved.
Retention of Data With regard to business transactions covered by this Agreement, Licensee must retain any records for a period of ten years starting on 1th of January of the year following the year during which the data were transmitted or otherwise transferred, or for the minimum period prescribed by applicable law, whichever is longer. In addition, Licensee must maintain current, complete and accurate reports on all of SAP’s Confidential Information in its possession or in the possession of its representatives.
Loss, Theft, Destruction of Warrants Upon receipt of evidence satisfactory to the Issuer of the ownership of and the loss, theft, destruction or mutilation of any Warrant and, in the case of any such loss, theft or destruction, upon receipt of indemnity or security satisfactory to the Issuer or, in the case of any such mutilation, upon surrender and cancellation of such Warrant, the Issuer will make and deliver, in lieu of such lost, stolen, destroyed or mutilated Warrant, a new Warrant of like tenor and representing the right to purchase the same number of shares of Common Stock.
Return or Destruction of Confidential Information If an Interconnection Party provides any Confidential Information to another Interconnection Party in the course of an audit or inspection, the providing Interconnection Party may request the other party to return or destroy such Confidential Information after the termination of the audit period and the resolution of all matters relating to that audit. Each Interconnection Party shall make Reasonable Efforts to comply with any such requests for return or destruction within ten days of receiving the request and shall certify in writing to the other Interconnection Party that it has complied with such request.
Protection of Data The Contractor agrees to store Data on one or more of the following media and protect the Data as described:
a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards.
b. Network server disks. For Data stored on hard disks mounted on network servers and made available through shared folders, access to the Data will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on disks mounted to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism. For DSHS Confidential Information stored on these disks, deleting unneeded Data is sufficient as long as the disks remain in a Secure Area and otherwise meet the requirements listed in the above paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area.
c. Optical discs (CDs or DVDs) in local workstation optical disc drives. Data provided by DSHS on optical discs which will be used in local workstation optical disc drives and which will not be transported out of a Secure Area. When not in use for the contracted purpose, such discs must be Stored in a Secure Area. Workstations which access DSHS Data on optical discs must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
d. Optical discs (CDs or DVDs) in drives or jukeboxes attached to servers. Data provided by DSHS on optical discs which will be attached to network servers and which will not be transported out of a Secure Area. Access to Data on these discs will be restricted to Authorized Users through the use of access control lists which will grant access only after the Authorized User has authenticated to the network using a Unique User ID and Hardened Password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. Data on discs attached to such servers must be located in an area which is accessible only to authorized personnel, with access controlled through use of a key, card key, combination lock, or comparable mechanism.
Loss, Theft, Destruction or Mutilation of Warrant The Company covenants that upon receipt by the Company of evidence reasonably satisfactory to it of the loss, theft, destruction or mutilation of this Warrant or any stock certificate relating to the Warrant Shares, and in case of loss, theft or destruction, of indemnity or security reasonably satisfactory to it (which, in the case of the Warrant, shall not include the posting of any bond), and upon surrender and cancellation of such Warrant or stock certificate, if mutilated, the Company will make and deliver a new Warrant or stock certificate of like tenor and dated as of such cancellation, in lieu of such Warrant or stock certificate.
Termination and Data Destruction Upon Project Close-out, the Requester and Approved Users agree to destroy all copies, versions, and Data Derivatives of the dataset(s) retrieved from NIH-designated controlled-access databases, on both local servers and hardware, and if cloud computing was used, delete the data and cloud images from cloud computing provider storage, virtual and physical machines, databases, and random access archives, in accord with the NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy. However, the Requester may retain these data as necessary to comply with any institutional policies (e.g., scientific data retention policy), law, and scientific transparency expectations for disseminated research results, and/or journal policies. A Requester who retains data for any of these purposes continues to be a xxxxxxx of the data and is responsible for the management of the retained data in accordance with the NIH Security Best Practices for ControlledAccess Data Subject to the NIH Genomic Data Sharing (GDS) Policy, and any institutional policies. Any retained data may only be used by the PI and Requester to support the findings (e.g., validation) resulting from the research described in the DAR that was submitted by the Requester and approved by NIH. The data may not be used to answer any additional research questions, even if they are within the scope of the approved Data Access Request, unless the Requester submits a new DAR and is approved by NIH to conduct the additional research. If a Requester retains data for any of these purposes, the relevant portions of Terms 4, 5, 6, 7, 8, and 12 remain in effect after termination of this Data Use Certification Agreement. These terms remain in effect until the data is destroyed.
