Common use of Data Destruction Clause in Contracts

Data Destruction. Contractor(s) that have maintained, processed, or stored County of Los Angeles data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. Available at: xxxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublications/NIST.SP.800- 88r1.pdf The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive, within 20 business days of data destruction, a signed document from Contractor that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Contractor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Contractor shall provide County with written certification, within ten

Data Destruction. SAMPLE Contractor(s) that have maintained, processed, or stored County of Los Angeles data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. Available at: xxxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublications/NIST.SP.800- 88r1.pdf The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive, within 20 business days of data destruction, a signed document from Contractor that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Contractor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Contractor shall provide County with written certification, within ten

Data Destruction. Contractor(s) that have ‌ If Contractor has maintained, processed, or stored County of Los Angeles data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. Available at: xxxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublications/NIST.SP.800- 88r1.pdf xxxxx://xxxx.xxxx.xxx/publications/PubsDrafts.html#SP-800-88 Rev.%201. The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive, receive within 20 business days of data destructionten Business Days, a signed document from Contractor Contractor(s) and Vendor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Contractor shall must certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Contractor shall Vendor must provide the County with written certification, within tenten Business Days of removal of any electronic storage equipment and devices that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. Contractor(s) that have If Contractor has maintained, processed, or stored County of Los Angeles data and/or information, implied or expressed, have Contractor has the sole responsibility to certify that the data and information have has been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. Available at: xxxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublications/NIST.SP.800- 88r1.pdf xxxxx://xxxx.xxxx.xxx/publications/PubsDrafts.html#SP-800-88 Rev.%201. The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive, receive within 20 business days of data destructionten Business Days, a signed document from Contractor Contractor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and and/or indecipherable. Contractor shall must certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Contractor shall must provide the County with written certification, within tenten Business Days of removal of any electronic storage equipment and devices that validates that all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. Contractor(s) that have maintained, processed, or stored the County of Los Angeles Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. (Available at: xxxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublications/NIST.SP.800- 88r1.pdf xxxx://xxxx.xxxx.xxx/publications/PubsDrafts.html#SP-800-88 Rev.%201) The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive, receive within 20 ten (10) business days of data destructiondays, a signed document from Contractor Contractor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Contractor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Contractor shall provide County with written certification, within tenten (10) business days of removal of any electronic storage equipment and devices that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. Contractor(s) that have maintained, processed, or stored the County of Los Angeles Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. (Available at: xxxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublications/NIST.SP.800- 88r1.pdf xxxx://xxxx.xxxx.xxx/publications/PubsDrafts.html#SP-800-88 Rev.%201) The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive, receive within 20 ten (10) business days of data destructiondays, a signed document from Contractor Contractor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Contractor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800SP- 800-88, Guidelines for Media Sanitization. Contractor shall provide County with written certification, within tenten (10) business days of removal of any electronic storage equipment and devices that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.