Unfunded Data Use Agreement Data Destruction Process


Table of Contents

General Process

Described below is the process for deleting data to fulfill unfunded agreements and create a Certificate of Data Destruction. 


System Specific Processes and Considerations

Network Storage

     Folders Inside a Share

  1. Folder admin (can be non-DIT) deletes the folder/data from their side.
  2. After it’s deleted, DIT provides an audit logs snippet that shows the folder/data has been deleted.
  3. If 14-days snapshots retention are configured on this share, wait 14 days (14 days for the snapshot to expire) to confirm the data has been permanently deleted from Isilon storage.
  4. Audit logs and deletion confirmation are provided to ORA with in order to sign the Certificate of Data Destruction.   

UMD Box

UMD Box data deletions must currently be cleared with Office of General Counsel

     Box Files

  1. The files should be placed by the end-user into a single folder for deletion.
  2. The Box admins delete the files and record the action. Box logs are shared with the end user and ORA. 
  3. ORA reviews the records and signs the Certificate of Data Destruction. 

Google Drive

Data cannot be removed from Spanning Backups. Do not store data that must be ‘destroyed’ in UMD Google Drive. 

CUI Environment 

Data in the CUI Environment is destroyed cryptographically. Additional options are available using programs like Sdelete when data on virtual drives must be destroyed. 

     CUIE Vault

  1. CUIE Vault data is deleted by an end-user (files and folders).
  2. Audit logs showing the data deletion can be downloaded by CUIE Security and Compliance Analyst and provided to the appropriate admins for review and sign off. 

     CUIE Drives

  1. The Drive owner runs a deletion program like S Delete on the Drive in CUIE before detaching from VM.
  2. The Drive is deleted by the Drive owner. 
  3. Research computing compiles the logs showing deletion. 
  4. Drive backups  are deteled by the Storage and Backup team. 
  5. Backups deletion logs are provided to Research Computing. 
  6. Logs are provided to the researcher and ORA for review and sign off.