If your research involves sharing data with an entity outside Cornell, you may be asked engage in a Data Use Agreement with that entity. This agreement will likely require a Data Security Plan that will be reviewed through the Office of Sponsored Programs and/or Institutional Review Board.
The PI (or their designated proxy) will be the individual custodians of the data (as per Cornell policy 4.12, Data Stewardship and Custodianship) and will be responsible for controlling access to the data.
If you have need of a Data Security Plan and haven’t developed one before, please contact the ITSG and we can assist you in creating one.