I have access to restricted use data through Secure Download. How do I change my approved remote location for accessing the restricted use data (e.g., I was working at my institution, but now I will be working from home)?

  • PRIOR to moving the restricted use data to a different remote location (i.e., not your originally approved location), you must log into your existing application to a) update your Data Security Plan and b) identify a single room in your remote location that meets the security requirements of the Data Security Plan. The updated Data Security Plan must also be submitted for the CFData team’s review and approval PRIOR to moving the restricted use data.
  • The computer and storage specifications of the new remote location must still meet the Data Security Plan requirements. These requirements, which can be found in your application, differ based on your Data Security Plan, but generally include:
    • The computer storing the data or the external storage device must never connect to the internet for as long as the data resides on the computer or when the external storage device is connected to a computer. The internet must be disabled even when the data are not in use until the project is terminated.
    • The monitor must never be visible to anyone else at the remote location during data analysis.
    • The storage location must not be accessible to anyone else at the remote location.
    • The storage device (e.g., the computer’s internal drive or separate attached external storage device) which currently holds the restricted use data must be encrypted before it is moved from the originally approved location specified in your existing application.  The entire storage device must be encrypted, not only the data files.
  • If you move the computer holding the restricted use data to your remote location, it must remain isolated from any network connection (wired or wireless) at all times during the transfer.
  • If the data are stored on a computer’s internal drive and that computer cannot be moved, you may transfer the data to a removable storage device such as an external USB hard drive or thumb drive. Any removable storage device to which restricted use data are transferred must be whole-disk encrypted before it is moved to a remote location.
  • If you transfer the restricted use data to your remote location on an encrypted removable storage device, you may connect it to a computer at the remote location only under the following conditions:
    • The computer at the remote location must be disconnected from all wired and wireless networks prior to connecting the remote storage device. Disabling the network interface(s) is the preferred method since this prevents the computer from automatically reconnecting to networks.
    • The computer must remain disconnected from all networks while the external storage device is connected to the computer.
    • Any software used to analyze the data should be configured to store temporary files and output to the encrypted device.
    • You are not permitted to copy restricted use data from the encrypted device to your personal computer (i.e., the local internal hard drive), to a cloud storage, or to any other storage medium.
    • When not in use, the device must be stored in a locked filing cabinet, drawer, or safe and the keys are accessible only to people approved to access the restricted use data.
    • Encryption passwords are stored securely and are not shared with others.