Common use of Data Destruction Clause in Contracts

Data Destruction. Contractor(s) and Vendor(s) that have maintained, processed, or stored the County of Los Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. Available at: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/PubsDrafts.html#SP-800-88 Rev.%201 The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive within 20 business days, a signed document from Contractor(s) and Vendor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Vendor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Vendor shall provide County with written certification, within ten (10) business days of removal of any electronic storage equipment and devices that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. Contractor(s) and Vendor(s) that have maintained, processed, or stored the County of Los Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. Available at: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/PubsDrafts.html#SP-800-88 Rev.%201 The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive within 20 ten (10) business days, a signed document from Contractor(s) and Vendor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Vendor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Vendor shall provide County with written certification, within ten (10) business days of removal of any electronic storage equipment and devices that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. Contractor(s) and Vendor(s) that have maintained, processed, or stored the County of Los Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. (Available at: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/PubsDrafts.html#SP-800-PubsDrafts.html#SP-800- 88 Rev.%201 Rev.%201) The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive within 20 ten (10) business days, a signed document from Contractor(s) and Vendor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Vendor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Vendor shall provide County with written certification, within ten (10) business days of removal of any electronic storage equipment and devices that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. Contractor(s) and Vendor(s) that have maintained, processed, or stored the County of Los Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. (Available at: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/PubsDrafts.html#SP-800-88 Rev.%201 Rev.%201) The data and/or information may shall be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive within 20 ten (10) business days, a signed document from Contractor(s) and Vendor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Vendor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Vendor shall must provide County with written certification, within ten (10) business days of removal of any electronic storage equipment and devices that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. Contractor(s) and Vendor(s) that have maintained, processed, or stored the County of Los Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. (Available at: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/PubsDrafts.html#SP-800-88 Rev.%201 Rev.%201) The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive within 20 ten (10) business days, a signed document from Contractor(s) and Vendor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Vendor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Vendor shall provide County with written certification, within ten (10) business days of removal of any electronic storage equipment and devices that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. Contractor(s) and Vendor(s) that have maintained, processed, or stored the County of Los Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. (Available at: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/PubsDrafts.html#SP-800-88 Rev.%201 88-Rev.%201) The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive within 20 ten (10) business days, a signed document from Contractor(s) and Vendor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Vendor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Vendor shall provide County with written certification, within ten (10) business days of removal of any electronic storage equipment and devices devices, that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. Contractor(s) and Vendor(s) that have maintained, processed, or stored the County of Los Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. (Available at: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/PubsDrafts.html#SP-800-88 Rev.%201 88-Rev.%201) The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive within 20 ten (10) business days, a signed document from Contractor(s) and Vendor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. Vendor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800SP- 800-88, Guidelines for Media Sanitization. Vendor shall provide County with written certification, within ten (10) business days of removal of any electronic storage equipment and devices devices, that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable.

Data Destruction. 9.2.1 Contractor(s) and Vendor(s) that have maintained, processed, or stored the County of Los Angeles’ (“County”) data and/or information, implied or expressed, have the sole responsibility to certify that the data and information have been appropriately destroyed consistent with the National Institute of Standards and Technology (NIST) Special Publication SP 800-88 titled Guidelines for Media Sanitization. Available at: ▇▇▇▇://▇▇▇▇.▇▇▇▇.▇▇▇/publications/PubsDrafts.html#SP-800-88 Rev.%201 Rev.%201 9.2.2 The data and/or information may be stored on purchased, leased, or rented electronic storage equipment (e.g., printers, hard drives) and electronic devices (e.g., servers, workstations) that are geographically located within the County, or external to the County’s boundaries. The County must receive within 20 ten (10) business days, a signed document from Contractor(s) and Vendor(s) that certifies and validates the data and information containing PHI and PII were placed in one or more of the following stored states: unusable, unreadable, and indecipherable. . 9.2.3 Vendor shall certify that any County data stored on purchased, leased, or rented electronic storage equipment and electronic devices, including, but not limited to printers, hard drives, servers, and/or workstations are destroyed consistent with the current National Institute of Standard and Technology (NIST) Special Publication SP-800-88, Guidelines for Media Sanitization. Vendor shall provide County with written certification, within ten (10) business days of removal of any electronic storage equipment and devices devices, that validates that any and all County data was destroyed and is unusable, unreadable, and/or undecipherable. 9.2.4 This Subsection 9.2 does not limit or supersede Contractor’s obligations under this Contract, Subsection 8.38, Record Retention and Inspection/Audit Settlement.