Computing & Data Services

POLICY STATEMENT

The CCSS Research Support Resources Terms of Use policy outlines the expectations for the use of CCSS resources, including but not limited to CCSS Research Support computing resources (servers, software applications, file storage, secure access rooms, etc.), computing accounts (Research, Class and all levels of restricted access accounts), and the CISER Data & Reproduction Archive.

The appropriate use and protection of all systems and associated resources is expected from all clients including faculty, students, employees, and visitors throughout the institution. In addition, each CCSS Research Support service has distinctive policies specific to usage obligations.

A majority of the CCSS Research Support services do not require any form of registration, allowing you to visit our web site and Data Archive without telling us who you are. However, some services may require you to provide us with Personal Data. In these situations, if you choose to withhold any Personal Data requested by us, it may not be possible for you to gain access to certain services and for us to respond to your query. 

Computing Resources and Computing Accounts:

CCSS Research Support computing resources (servers, software applications, file storage, etc.) and computing accounts (Research, Class and all levels of restricted access accounts), are provided for research and academic needs only. Research and academic usage includes use associated with Cornell-approved research, class work for which a student is currently enrolled, and staff work associated with supporting the mission of Cornell University. These resources may not be used for any personal purposes, including but not limited to storage or backup of personal files (e.g. audio, images, photos, video files, etc.), personal email, use of social media, private consulting or business -related activities, watching streaming video or other personal activities.

Computing Resources-Related Terms:

1. The statistical software installed on the CCSS Research Support servers may not be used for private consulting or for non-academic research. Users may not distribute licensed software from our environment to themselves or to any other persons.

2. CCSS Research Support servers are a limited, shared resource available to multiple clients at any time. Each client is expected to maintain an acceptable level of performance and must assure that excessive or inappropriate use of the resources does not degrade performance for others.

3. CCSS provides multiple levels of secure computing environments. It is the client’s responsibility to select the appropriate level of technical security required to be in compliance with the terms and conditions, as well as laws and regulations, for the type of data to be used.

Computing Accounts-Related Terms:

1. CCSS Research Support computing accounts and passwords may not be shared with any other person. Sharing passwords and/or account information violates these Terms of Use, as well as Cornell’s Authentication to Information Technology Resources Policy 5.8.

2. It is the responsibility of every CCSS Research Support computing account holder to keep CCSS apprised of any changes to the information provided in your account application, including change in affiliated faculty member/supervisor, academic status, and your contact information.

3. CCSS collects personally identifiable information about you, such as your full name, phone number and email address when you register for an account. Personal Data is securely stored for the purposes of providing support services, analyzing computing usage statistics and maintenance communications.

4. CCSS clientele are responsible for complying with all applicable federal, state and local laws and must abide by Cornell University policies. Any misuse of computing resources, proprietary software, or data violates Cornell's Campus Code of Conduct and the Authentication to Information Technology Resources Policy 5.8.

5. CCSS reserves the right to disable a computing account immediately upon identification of possible misuse of any CCSS services, or non-compliance with CCSS or Cornell University policies. Account termination will occur if misuse is confirmed through appropriate channels, and no reinstatement will be allowed.

6. If requested within 60-days after account expiration, files left on the CCSS file storage may be made available to the affiliated faculty/staff advisor, or account holder, based on compliance with these Terms of Use. On day 61, the account will be closed, and all data files will be deleted. CCSS will not maintain a backup of any user data.

7. By applying for an account and using CCSS Research Support computing resources, you agree to the CCSS Research Support Resources Terms of Use as set out above.

CISER Data Archive:

1. Users are required to adhere to the CCSS Data & Reproduction Archive Acceptable Use Policy (review in tab below)  and any and all licensing requirements as stipulated by the providers of datasets held in the archive.

2. CISER Data & Reproduction Archive non-public use files which require Cornell University authentication may not be distributed to anyone other than current faculty, staff, and students, or used for private consulting or for non-academic research.

As determined by university administration, any employee found to have violated this CCSS Research Support Resources Terms of Use Policy may be subject to disciplinary action, up to and including termination of employment.

Contact

If you have questions about specific issues regarding this CCSS Resources Terms of Use Policy, contact CCSS by email at socialsciences@cornell.edu or by telephone (607)255-1986.

Cornell Center for Social Sciences (CCSS) is committed to protecting your privacy.

The following privacy notice describes what information we collect from you when you visit our website and affiliated web applications and how we use this information. Please read this privacy notice carefully so that you understand our privacy practices.

Effective Date of Privacy Notice

The privacy notice was introduced on November 27, 2018.

What information we gather during your visit

Information we gather:

We automatically collect certain information from you when you visit our websites. This data is used in conjunction with Google Analytics to gather metrics on site usage including geographic location of visitors, pathways navigated through the website, and which portion of our audience is internal to the Cornell network. The information we collect is not linked to anything that identifies you as an individual. Your session will be tracked but you will remain anonymous as a user. As part of Google Analytics, we also gather device and browser-related information.

Information you may provide:

As part of accessing our services, we collect information as described in this notice or other specific university privacy notices. In order to take advantage of our services, certain tools, such as CCSS Research Support computing account request form, and CCSS Research Support computing account password reset tool may request additional contact information and/or online identifiers (ex. name, email, Cornell netid, telephone number, affiliated faculty member, course number.)

How we use your information

We use gathered information to track user trends and site usage with the goal of improving our visitors’ experience and optimizing our websites. We also use the information to administer this website and prevent abuse.

Special cases - computing accounts:

If you use the CCSS Research Support computing account request form, the information that is gathered will be used to send you email regarding CCSS Research Support systems, notifying your faculty member of your account request, and notifying your college of your CCSS Research Support systems usage.

If you use the CCSS Research Support computing account password reset tool, the information that is gathered will be used to send you email providing you with a verification code. The email correlates to the one sent when submitting your computing account request form.

With whom we share your information

Information we gather may be shared with campus constituents to improve programs, outreach, and other campus initiative. However, we will not sell this data to third-parties for their use in direct marketing, advertising, or for the promotion of their products and services.

Cookies and other collection technologies

Cookies

Cookies are text files stored on your computer and accessible only to the websites which create them. Our websites may use cookies to keep you logged into secure areas of the website and/or to keep track of your preferences as you interact with certain services. You may disable cookies in your browser, however, our websites may not work properly if you do so.

Log Files

Our websites automatically gather anonymous information about our visitors including IP addresses, browser types, and the times and dates of webpage visits. The information collected does not include any personally identifiable details and is used to improve our services and administer our websites.

Protecting your information

No method of transmitting over the internet or storing electronic data is 100% secure, but this site has measures in place to help protect against the loss, misuse, or alteration of the information that is under our control.

Email Marketing

If at any time you would like to opt-out of receiving email from CCSS Research Support, please write to socialsciences@cornell.edu.

Social Media Presence

If you share our content through social media, such as liking us on Facebook or tweeting about us on Twitter, those social networks will record that you have done so and may set a cookie for this purpose. If you wish to opt-out of any of these social interactions please refer to the specific social media platform for instructions on how to do so.

Special Notice for EU Residents

If you are located within the European Economic Area (European Union, Norway, Liechtenstein, and Iceland), we acknowledge the rights granted to you under the General Data Protection Regulation (GDPR).

These rights may include:

1. Right to access your information held by us.

2. Right to correct inaccurate or incorrect information about you.

3. Right to the erasure of your information when it is no longer necessary for us to retain it.

4. Right to restrict processing of your personal information in specific situations.

5. Right to object to processing your information, including sending you communications that may be considered direct-marketing materials.

6. Right to object to automated decision-making and profiling, where applicable.

7. Right to complain to a supervisory authority in your jurisdiction within the EU.

Please contact us with any questions, concerns, or if you wish to exercise any of these rights: itservicedesk@cornell.edu.

Contact Information

If you have questions about our privacy notice or the privacy practices it describes, please contact: socialsciences@cornell.edu.

CCSS Research Support receives support from the Office of the Vice Provost for Research and Member Colleges. Acknowledgment of the CCSS Research Support services (or individual staff) in posters, publications, presentations and interviews helps to demonstrate the usefulness and effectiveness of the resources provided and can help strengthen institutional support. You can help us in this effort by acknowledging CCSS Research Support’s contribution to your research, such as use of data from the CCSS Data & Reproduction Archive, use of the CCSS Research Support or CRADC computing systems, and/or assistance from CCSS Research Support staff.

1. Add a citation acknowledging CCSS Research Support in your work

   Please acknowledge us in all posters, publications, and presentations of the work that utilized CCSS Research Support resources by using the following text:

   “This research was conducted with support and resources provided by the Cornell Center for Social Sciences (CCSS) at Cornell University.”

2. Notify us about your work which used CCSS Research Support resources

   Please send us information about your posters, publications, presentations and interviews to socialsciences@cornell.edu, so that we can reciprocate by linking to the data source to expand your research network.

3. Cite use of Data Archive Download Centers

   If you have used any of these CCSS Data & Reproduction Archive Download Centers, please also use this form to submit a citation:

   • Census 2010 SF1 – download center
   • Census 2010 SF2 – download center
   • Census 2010 Demographic and Housing Demonstration Files – download center
   • American Community Survey 2015 – download center

Additional references on research citations:

• https://data.research.cornell.edu/content/data-citation
• https://www.library.cornell.edu/research/citation
• http://guides.library.cornell.edu/c.php?g=31610&p=200436

Policy Volume: DA
Responsible Executive: Senior Data Librarian
Responsible Office: Cornell Center for Social Sciences
Originally issued: 2020-02-01

By downloading resources, you agree to the terms within our Acceptable Use Policy.

Researchers must:

• Use downloaded resources for statistical analysis and reporting aggregated information purposes only.
• Protect the confidentiality of all research participants at all times, including not attempting to identify individual subjects.
• Report inadvertent identification of individuals to CCSS Research Support immediately.
• Remain in accordance with any and all Data Use Agreements and licensing requirements as stipulated by the providers of datasets.
• Cite data studies appropriately using the suggested citation on the “basic information” tab of the archive catalog record.
• Not redistribute data or documentation unless given permission by CCSS Research Support or the data is in the public domain, such as US government data.
• Provide citation information for any books, articles, and other forms of publication created using CISER data.
• For any questions surrounding these policies, please contact the archive staff.

Policy Volume: DA
Responsible Executive: Senior Data Librarian
Responsible Office: Cornell Center for Social Sciences
Revised: 2017-10-20; 2020-09-16

POLICY STATEMENT

The CISER Data & Reproduction Archive is integral to CCSS Research Support’s overall mission to anticipate and to support the evolving data needs of Cornell social scientists and economists throughout the entire research process and data lifecycle. The goals of the archive are to make social science data available to researchers, while at the same time making data more Findable, Accessible, Interoperable, and Reusable (See The FAIR Data Principles). Towards those goals, archive staff can help researchers appraise, deposit, publish, make accessible, and preserve both research and secondary social science data. We also feature a custom-built catalog to maintain and preserve archive metadata along with our Results Reproduction (R-Squared) packages.

Background

The CISER Data Archive was established in 1982 to be a centralized information center and clearinghouse for the acquisition, storage, and access of machine-readable data for Cornell social science researchers. The archive’s content has gone through many changes through the years. We originally started as a clearinghouse for ICPSR, Roper, and government data, making files more accessible and usable for researchers. In more recent years, we have focused on adding to data collections in particular areas, collecting research data by individual researchers both at Cornell and beyond and archiving our Results Reproduction packages. Since the mid 2010s, most studies were assigned DOIs, and the archive catalog went through many additional improvements such as added search fields and expanded categories and keywords. In 2014 the archive earned the Data Seal of Approval, followed by the CoreTrustSeal. Also in 2014, the first Census download center was added to the archive, and in 2016 the first Results Reproduction code and data packages were added. In 2019-2020, the archive underwent a major upgrade, further expanding the download permissions system, adding additional DDI-compliant metadata, and making studies further discoverable to external researchers using Google’s dataset search. In 2020 the archive was rebranded as the CISER Data & Reproduction Archive.

Users

Core clientele for the data archive are Cornell faculty, graduate students, and research staff in schools and colleges that support CCSS Research Support, namely:

• College of Agriculture and Life Sciences
• College of Arts and Sciences
• College of Human Ecology
• SC Johnson College of Business
• School of Industrial and Labor Relations

CCSS also supports users from other Cornell schools whose interdisciplinary researchers have a need for social science data. Finally, we have publicly available data studies and most R2 packages to support the broader research community outside of Cornell.

Data in Scope

CCSS Research Support houses an extensive collection of research data files in the social sciences with particular emphasis on data that matches the interests of Cornell researchers. CCSS intentionally uses a broad definition of social sciences in recognition of the interdisciplinary nature of Cornell research. Our archive includes data studies which fall into three broad access categories: available to the public, available to the Cornell community, and restricted data available through various application processes.

CCSS Research Support collects and maintains digital research data files in the social sciences, with a current emphasis on Cornell-based social science research, Results Reproduction packages, and potentially at-risk datasets. Our archive historically has focused on a broad range of social science data including data on demography, economics and labor, political and social behavior, family life, and health.

The collection includes, but not exclusively so, federal or state censuses, files based on administrative records, public opinion surveys, economic and social data from national and international organizations, and studies compiled by Cornell researchers.

The CISER Data & Reproduction Archive acquires or accepts data for any geographic area. The historical collection focused on data related to New York State and the United States with some international datasets as well.

High Priority Data

Considering the changing landscape for data archives and the ease of access of many data sources, CCSS has refocused its collection priorities to the following areas:

• Demand – Datasets and studies required by CU researchers and unavailable elsewhere.
• Results Reproduction packages
• At-Risk Social Science Data – We are committed to seeking out and acquiring datasets and studies available from social science researchers and unavailable elsewhere. We are particularly interested in political conflict and political behavior data.
• International Data
• Local NYS and Cornell research data

Data Not in Scope

The following are the general criteria for data that are out of scope of CCSS Research Support’s data collection. CCSS reserves the right to archive any dataset which we believe will be useful to Cornell researchers.

• Non-social science data/science data
• Data with prohibitive costs
• Data within proprietary software or subscription databases
• Data availability: Unless data studies are part of the legacy collection for CU researchers or purchased for CUL or other entities, data available in a trusted repository will not be archived.
• Direct identifiers: The CISER Data & Reproduction Archive will not accept data that contains personal identifiers, except in such cases where these data are part of the public record. Datasets held in the archive are primarily public-use versions. Our consultants can assist in de-identifying datasets for public use. For restricted access and limited use data products CRADC provides secure access.
• Copyright: CCSS only accepts data in which we have the right to curate, disseminate and preserve a copy of the data.
• The CISER Data & Reproduction Archive reserves the right to reject datasets that are deemed to be inadequately documented, potentially disclosive, acquired or generated illegally, or suspected or known to contain inaccuracies.

Data Curation

Process: New additions to the CISER Data & Reproduction archive follow an internally modified version of the Data Curation Network CURATED Workflow, which involves the following steps: Check files/code, Understand the data, Request missing information, Augment metadata, Transform file formats for reuse, Evaluate for FAIRness, and Document curation activities. [ 1 ]

Documentation: Where possible data studies are accompanied by comprehensive documentation: codebooks, file layout maps, technical notes, questionnaires, reports, and errata in open and accessible formats. Non-digital documentation is often available when machine-readable documentation is not. In cases where documentation is insufficient, CCSS works with data producers to ensure that data files are usable and understandable by generating additional contextual information.

File formats: CCSS prefers file formats in the LoC list of recommended formats. The formats are commonly used within the social science and economics domain, have open specifications, and are independent of specific software, developers or suppliers. CCSS will however accept data
regardless of physical format as long as they are convertible to supported and accessible file formats suited for long-time preservation for use by the entire Cornell community.

[ 1 ] Data Curation Network. “The DCN Curation Workflow.”
https://datacurationnetwork.org/resources/workflows/. Accessed 27 AUG 2020.

Purchasing Data

Data acquisition is primarily demand-driven. The CISER Data & Reproduction Archive will attempt to acquire any set of data required by faculty members in accordance with organizational policies regarding cost, quality, restrictions, and expected future use by a broad constituency of social science and economics users. Using the same criteria, data are also acquired for students of those faculty who are engaged in substantive social science or economic research. Pro-active collection development is undertaken in anticipation of demand.

CCSS makes efforts to confirm that data were collected in accordance with legal and ethical criteria in place at the time and place of its collection, especially review by Ethical or Institutional Review Boards (IRB). Where this information is unavailable, the professional judgment of the Data Librarian and the Director will be used to decide on the inclusion of such data, taking into account the relative risk (usually low) associated with the data.

Due to Contractual agreements between Cornell University and the Inter-university Consortium for Political and Social Research (ICPSR), the Qualitative Data Repository (QDR), and the Roper Center for Public Opinion Research, members of the Cornell Community are entitled to obtain any of the data offerings of the Consortium, Repository, and the Center. The CISER Data & Reproduction Archive serves any and all members of the Cornell community in terms of data acquisitions from the Consortium, regardless of subject area.

When a data request is initiated by an individual, the requester will be asked to provide the staff with a description of the data, a written justification for the purchase of the file, and a cost estimate for data acquisition. Criteria are based on the likely usage, how well the purchase fits with our mission and scope, and price. It may be recommended that the requester go directly to another funding source, such as his own department, the library, another agency, or cooperate in pooling resources.

The CISER Data & Reproduction Archive works with Library Collection Development staff, faculty, and departments to secure full or matching funding, especially in cases where a dataset has a potential audience representing more than one academic department. CCSS also collaborates with Cornell libraries and other information services at Cornell to assure that collection content and access are not duplicated, so long as CCSS clients can use data and material from those units with reasonable effort. When acquiring material, the archive must consider not only content but format and delivery criteria to fulfill its mission and meet the needs of its clientele.

Policy to Review Process

CCSS will review these policies every three years in conjunction with the CoreTrustSeal certification process or any future certification process.

Contacts

If you have questions about specific issues regarding this policy, contact the following CCSS Research Support Staff:

• Jonathan Bohan socialsciences@cornell.edu, Data Archive Specialist

Policy Volume: DA
Responsible Executive: Senior Data Librarian
Responsible Office: Cornell Center for Social Sciences
Revised: 2014-03-21, 2020-10-30 

The Data Security policy describes physical and information technology measures undertaken to protect CCSS Research Support’s digital data collections from unauthorized access.

All CCSS Research Support file servers, which house the CISER Data & Reproduction Archive, have Windows Antivirus virus protection software installed, and data files are scanned for viruses prior to being added to the environment. Security on the CCSS file servers is monitored by the collection and review of system log files generated on all the systems and the Cisco ASA and Cisco Firepower.

Data Center: The CCSS Research Support servers are located in an environmentally controlled secure University data center, as part of CCSS’s commitment to take all necessary precautions to ensure the physical safety and security of the CISER Data & Reproduction Archive. The data center maintains uninterrupted power supplies (UPS), fire prevention and protection system, physical intruder prevention and detection systems and environmental control systems.

Access to the data center is granted by an authorized proximity card (Cornell University ID card) issued only to Cornell staff with the required credentials according to Cornell University Policy 8.4 — Management of Keys and Other Access Control Systems. Entrance and exits to the data center are automatically logged and monitored by Cornell Information Technology staff within the data center, and the CCSS Research Support file servers are housed in racks with locked doors, to which only authorized system administrators have keys.

Authentication:

• Public Access: Authentication is not required for access to public-use datasets, if accessing via the archive online catalog. Unauthenticated guests must pass a reCAPTCHA test prior to download.
• Managed Access: Where the Data Provider obligates, the user would be required to authenticate with CUWebLogin (Cornell NetID required) via the archive online catalog.

Terms of Use: Terms of Use for CCSS Research Support resources and the CISER Data & Reproduction Archive are maintained on the CCSS web site.

Authorization: Access to the CISER Data & Reproduction Archive digital collection is managed by the archive’s restriction levels. Access to non-public, restricted resources is granted by archive personnel through the archive management system. Access terms are granted based on the provider’s data use agreement. Authorization is linked to Cornell NetID authentication.

Receipt of original media: CCSS will employ the highest standard of ingest processing to ensure the quality, integrity, and secure storage of datasets. Refer to the CCSS Data & Reproduction Archive Collection Policy (review in the tab above) for ingest details.

Storage of original Media and electronic copies: Any original media/electronic data that is retained, will be stored in compliance with the CCSS Data & Reproduction Archive Preservation and Storage Policy (review in the tab below). 

Disposal/Decommissioning of data: CCSS reserves the right to decommission data and/or dispose of physical media. The data will be decommissioned/disposed of in line with the directives of the Data Provider.

Backup: Data is backed up by Cornell Information Technology EZ-Backup service.

Security Incidents: Reporting security incidents is mandated by Cornell University Policy 5.4.2, Reporting Electronic Security Incidents.

Policy Review Process: CCSS will review these policies every three years in conjunction with the CoreTrustSeal certification process or any future certification process.

Related Documents

• Cornell University Policy 8.4 — Management of Keys and Other Access Control Systems: https://www.dfa.cornell.edu/policy/policies/management-keys-and-other-access-control-systems
• Cornell University Policy 5.4.2, Reporting Electronic Security Incidents: https://policy.cornell.edu/policy-library/reporting-electronic-security-incidents 

Policy Volume: AC
Responsible Executive: Senior Data Librarian
Responsible Office: Cornell Center for Social Sciences
Revised: 2014-04-03, 2020-11-05

REASON FOR POLICY

To ensure that data versioning criteria are consistently applied to changes in data files and data documentation in the CISER Data & Reproduction Archive.

POLICY GUIDELINES

For reasons detailed below a significant percentage of data studies are altered within the first year of being published. These changes may be initiated by the data producer, the CISER Data & Reproduction Archive, or data user. CCSS Research Support has adopted a set of criteria which distinguish between significant and minor changes to a data study to determine whether a new dataset version is merited.

These guidelines ensure that data versioning criteria are consistently applied to changes in data files and data documentation (including, but not limited to, correction for error, amendments, additional variables, changes in access conditions, format changes) for inclusion in the CISER Data & Reproduction Archive. This will often involve working closely with the data producer.

Significant changes are those that will have a high impact on the use or interpretation of the data, whereby minor changes are those that will have a low impact in relation to interpretation or use for research purposes. CCSS assigns a new version to a data study with significant changes such as: addition of new variables; revision of incorrect data; revision of miscoded data; formatting changes; substantial documentation changes; changes in access conditions; withdrawal of data elements or documentation files. Minor changes such as small changes in variable labels, spelling corrections in metadata, minor changes in documentation will be made to relevant content and recorded in ancillary and accompanying documentation, but no new version assigned. Any and all changes are recorded in an internal notes field in our database.

Where possible CCSS will clearly label and make available earlier versions of data and documentation through the data catalog. Version record numbers are captured in metadata held in CCSS relational databases. CCSS retains the right to withdraw an older version of a data study where significant change may be misrepresentative or a copy is held in another major data archive (such as ICPSR).

In some cases data studies are issued as completely new study editions (this may be as part of a series) if there are changes to data/variables, major changes to documentation, new waves have been added to a series, or there have been methodological changes.

Policy Review Process: CCSS will review these policies every three years in conjunction with the CoreTrustSeal certification process or any future certification process.

Policy Volume: DA
Responsible Executive: CISER Senior Data Librarian
Responsible Office: Cornell Institute for Social and Economic Research
Revised: 2014-04-03; 2020-11-05

POLICY STATEMENT

The data preservation function is integrated into the operations and planning of CCSS Research Support and throughout the management stages of the research data lifecycle in order to support Social Science and Economic research at Cornell University.

REASON FOR POLICY

The fundamental purpose of the CISER Data & Reproduction Archive is to select, preserve and make available for use primary and secondary data, documentation and metadata, in discipline recognized digital formats that remain suitable for research in perpetuity. The data preservation and storage policy is guided by a variety of community-driven standards, (e.g. Open Archival Information Systems (OAIS) reference model, Trusted Repositories Audit and Certification (TRAC), CoreTrustSeal (CTS), Data Documentation Initiative (DDI), and FAIR Data Principles), that represent an international body of knowledge and expertise pertaining to various issues within digital preservation.

POLICY GUIDELINES

These guidelines address the effective implementation of procedures for the preservation of CCSS’s digital collections within the context of the CISER Data & Reproduction Archive Collection Policy. CCSS reserves the right to review the scholarly and historical value of and user accessibility into the data preservation characteristics.

Data Integrity:

Upon receipt of new digital content, the Archive staff process the data and documentation, assess that confidentiality concerns are addressed, in collaboration with the data producer fix errors if necessary, convert data formats, and run a checksum. The metadata pertaining to each data file is stored in a SQL database. (A backup of the SQL database is taken every evening and is retained for a finite period.) Provenance notes are maintained, which relate back to the original deposited version, as part of the metadata for any alterations made in the preservation and dissemination versions.

Management of Storage Infrastructure:

The preservation of the CISER Data & Reproduction Archive is dependent upon CCSS’s storage infrastructure. Thus, management of the storage infrastructure is designed to accommodate scalability, reliability, and sustainability, in accordance with quality control specifications and security regulations. In light of increasing user demand and changing technologies, CCSS staff routinely monitors technical developments and evaluates potential archival solutions that will both streamline and enhance CCSS data preservation practices.

Policy Volume: RD
Responsible Executive: CCSS Secure Data Services Manager
Responsible Office: Cornell Center for Social Sciences
Issued: 2020-10-01, revised 2023-02-28

NOTE: This policy replaces these previous policies:

• CRADC Data Security Policy [issued 2020-10-01]
• CRADC Data Security Policy [issued 2015-07-13, revised 2016-09-30]
• Secure Standalone Desktop Data Security Policy [issued 2017-10-17]

POLICY STATEMENT

The core obligation of the Cornell Restricted Access Data Center (CRADC) is to protect confidential, restricted‐access research data that are confidential due to applicable laws and regulations, employing contracts or agreements and Cornell University policies.

This policy applies to all research data regardless of the storage medium (e.g., disk drive, electronic tape, CD, DVD, external drive, paper, fiche, etc.) and regardless of form (e.g., text, graphic, video, audio, etc.), physically housed within the Cornell Center for Social Sciences (CCSS) auspices.

The Research IT Director is a Security Liaison for the Cornell Restricted Access Data Center (CRADC).

POLICY REQUIREMENTS

CRADC researchers and support staff must understand and carry out data security responsibilities to comply with the Data Provider Agreement(s) (including referenced laws and regulations), Cornell University Institutional Review Board for Human Subjects, Cornell University Office of Sponsored Programs, and Cornell University Policies. 

This policy applies regardless of the source of funding for the research.

The Process to Identify and Assess Security Risks:

Policy Volume: RD
Chapter: AC‐1
Responsible Executive: CCSS Secure Data Services Manager
Responsible Office: Cornell Center for Social Sciences
Originally Issued: 2015-12-01
Revised: 2016-09-30, 2018-12-18, 2020-10-06

POLICY STATEMENT

In order to comply with the terms set forth in Data Use Agreements, Cornell Restricted Access Data Center (CRADC) must limit system and network access only to authorized users.

This policy covers all stages in the life‐cycle of user access, including authorizing access, granting initial access, updating access as user roles change, and removing users who no longer require access.

REASON FOR POLICY

CRADC recognizes that protecting information technology and data requires authorized users to act responsibly when using these resources. CRADC researchers, system administrators, and data custodians must strictly control access to information resources under their direction or ownership.

POLICY REQUIREMENTS

These guidelines address the establishment of procedures prior to account provisioning and the effective implementation of authorization of access, account provisioning, change in status, unsuccessful logon attempts, session lockout, account expiration, account re‐enabling, record keeping, and account de‐provisioning.

Prior to Account Provisioning:

Policy Volume: RD
Responsible Executive: CCSS Secure Data Services Manager
Responsible Office: Cornell Center for Social Sciences
Issued: 2020-10-01

NOTE: This policy replaces these previous policies:

• Sharing, Transmission and Distribution of Restricted Data [issued 2015-05-11, revised 2016-09-30, 2017-11-09, 2019-04-18]
• Secure Standalone Desktop – Sharing, Transmission and Distribution of RestrictedData [issued 2017-09-17]

POLICY STATEMENT

This policy is to establish secure standards for the sharing, transmission and distribution of restricted data.

POLICY REQUIREMENTS

For the purpose of this document, restricted data relates to any nonpublic data that is protected by regulation, law or policy and/or is subject to contractual access restrictions as defined by a Data Use Agreement (DUA). Cornell Restricted Access Data Center (CRADC), as the Data Custodian of these data, along with the authorized research team (Researcher), are obligated to adhere to the conditions set forth by the Data Provider in a signed DUA and this policy.

Sharing:

Policy Volume: RD
Responsible Executive: CCSS Secure Data Services Manager
Responsible Office: Cornell Center for Social Sciences
Issued: 2020-10-06

NOTE: This policy replaces these previous policies:

• CRADC Restricted Data Security Breach Reporting and Response Policy [issued 2015-07-15, revised 2016-09-30, 2019-04-18]
• Secure Standalone Desktop – Restricted Data Security Breach Reporting and Response Policy [issued 2017-09-17]

POLICY STATEMENT

This policy establishes measures that must be taken to report and respond to a possible breach or compromise of restricted data, including the determination of the systems affected, whether any restricted data have in fact been compromised, what specific data were compromised and what actions are required for forensic investigation and legal compliance.

POLICY REQUIREMENTS

Cornell Restricted Access Data Center (CRADC) is committed to compliance of restricted data. For the purpose of this document, restricted data relates to any nonpublic data that is protected by regulation, law or policy and/or is subject to contractual access restrictions as defined by a Data Use Agreement (DUA). CRADC, as the Data Custodian of these data,along with the authorized research team (Researcher),are obligated to adhere to the conditions set forth by the Data Provider in a signed DUA and this policy.

Reporting:

It is the responsibility of the Researcher to contact the CRADC Security Liaison or the CCSS Secure Data Services staff in a timely manner, in accordance with Cornell University Policy 5.4.2, Reporting Electronic Security Incident, if the Researcher suspects or is aware of a compromise creating risk of unauthorized access to restricted data.

Response:

Upon receipt of such report, the CCSS Secure Data Services Manager, and the System Administrator will convene to review the report. Upon initial review, the Cornell University Security Office will be notified to assist, according to Cornell University Policy 5.4.2, Reporting Electronic Security Incident.

Process Steps:

1. Identify:

1. Nature of incident to best of knowledge
2. Identify data involved
3. Establish Data Provider contact information
4. Identify systems involved, remove from network if applicable
5. Review applicable policies, regulations and/or laws involved

2.　Recovery and Response 

1. Contact Cornell University IT Security Office for assistance in forensics
2. Secure the system and preserve it without change
3. If deemed necessary, the Security Office will alert Cornell University Data‐Loss Incident Response Team
4. Resolve situation

3. Communicate

1. Contact Office of Sponsored Programs (OSP)
2. OSP will contact Data Provider to inform of current situation
3. If required, notify individuals of data theft

4. Document

1. Create an incident report
2. Document lessons learned
3. Update necessary documentation

Policy Volume: RD

Responsible Executive: CCSS Secure Data Services Manager

Responsible Office: Cornell Center for Social Sciences

Issued: 2020-10-07 Revised 2023-02-28.