Access to the Sensitive Cardholder Data Clause Samples

The 'Access to the Sensitive Cardholder Data' clause defines the rules and limitations regarding who may view, use, or handle sensitive cardholder information within an organization or between contractual parties. Typically, this clause restricts access to only authorized personnel who require such data to perform their job functions, and may require specific security measures such as encryption, secure storage, or audit trails. Its core practical function is to protect sensitive payment information from unauthorized access or breaches, thereby reducing the risk of data theft and ensuring compliance with industry standards like PCI DSS.
Access to the Sensitive Cardholder Data. All Access to sensitive cardholder should be controlled and authorised. Any job functions that require access to cardholder data should be clearly defined. • Any display of the card holder should be restricted at a minimum to the first 6 and the last 4 digits of the cardholder data. • Access to sensitive cardholder information such as PAN’s, personal information and business data is restricted to employees that have a legitimate need to view such information. • No other employees should have access to this confidential data unless they have a genuine business need. • If cardholder data is shared with a Service Provider (3rd party) then a list of such Service Providers will be maintained as detailed in Appendix C. • Dorset Chamber will ensure a written agreement that includes an acknowledgement is in place that the Service Provider will be responsible for the for the cardholder data that the Service Provider possess. • Dorset Chamber will ensure that a there is an established process, including proper due diligence is in place, before engaging with a Service provider. • Dorset Chamber will have a process in place to monitor the PCI DSS compliance status of the Service provider.
View SourceView Similar (5)
Access to the Sensitive Cardholder Data. All Access to sensitive cardholder should be controlled and authorised. Any job functions that require access to cardholder data should be clearly defined. • Any display of the card holder should be restricted at a minimum to the first 6 and the last 4 digits of the cardholder data. • Access to sensitive cardholder information such as PAN’s, personal information and business data is restricted to employees that have a legitimate need to view such information. • No other employees should have access to this confidential data unless they have a genuine business need. • If cardholder data is shared with a Service Provider (3rd party) then a list of such Service Providers will be maintained as detailed in Appendix C. • Stockport School will ensure a written agreement that includes an acknowledgement is in place that the Service Provider will be responsible for the for the cardholder data that the Service Provider possess. • Stockport School will ensure that a there is an established process, including proper due diligence is in place, before engaging with a Service provider. • Stockport School will have a process in place to monitor the PCI DSS compliance status of the Service provider.
View SourceView Similar (4)
Access to the Sensitive Cardholder Data. All access to sensitive cardholder should be controlled and authorised. Any job functions that require access to cardholder data should be clearly defined.  Any display of the card holder should be restricted at a minimum to the first 6 and the last 4 digits of the cardholder data.  Access to sensitive cardholder information such as PAN’s, personal information and business data is restricted to employees that have a legitimate need to view such information.  No other employees should have access to this confidential data unless they have a genuine business need.  If cardholder data is shared with a Service Provider (3rd party) then a list of such Service Providers will be maintained as detailed in Appendix C.  NYCDOT will ensure a written agreement that includes an acknowledgement is in place that the Service Provider will be responsible for the for the cardholder data that the Service Provider possess.  NYCDOT will ensure that a there is an established process, including proper due diligence is in place, before engaging with a Service provider.  NYCDOT will have a process in place to monitor the PCI DSS compliance status of the Service provider.
View Source

Related to Access to the Sensitive Cardholder Data

  • Processing of Customer Personal Data 3.1 UKG will: 3.1.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and 3.1.2 not Process Customer Personal Data other than for the purpose, and in accordance with, the relevant Customer’s instructions as documented in the Agreement and this DPA, unless Processing is required by the Data Protection Laws to which the relevant UKG Processor is subject, in which case UKG to the extent permitted by the Data Protection Laws, will inform Customer of that legal requirement before the Processing of that Customer Personal Data. 3.2 Customer hereby: 3.2.1 instructs UKG (and authorizes UKG to instruct each Subprocessor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory subject to the provisions of this DPA, in each case as reasonably necessary for the provision of the Services and consistent with the Agreement. 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instructions set out in Section 3.2.1 on behalf of each relevant Customer Affiliate; and 3.2.3 warrants and represents that it has all necessary rights in relation to the Customer Personal Data and/or has collected all necessary consents from Data Subjects to Process Customer Personal Data to the extent required by Applicable Law. 3.3 Schedule 1 to this DPA sets out certain information regarding UKG’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR (and equivalent requirements of other Data Protection Laws).

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Access to the Site 22.1 The Contractor shall allow the Engineer and any person authorized by the Engineer access to the Site, to any place where work in connection with the Contract is being carried out or is intended to be carried out and to any place where materials or plant are being manufactured / fabricated / assembled for the works.

  • Links to Third Party Websites In your use of the Service and/or the Company’s website, you may encounter various types of links that enable you to visit websites operated or owned by third parties (“Third Party Site”). These links are provided to you as a convenience and are not under the control or ownership of the Company. The inclusion of any link to a Third Party Site is not (i) an endorsement by the Company of the Third Party Site, (ii) an acknowledgement of any affiliation with its operators or owners, or (iii) a warranty of any type regarding any information or offer on the Third Party Site. Your use of any Third Party Site is governed by the various legal agreements and policies posted at that website.

  • Access to the Service Subject to Subscriber’s compliance with the terms of this Agreement, Inriver hereby grants to Subscriber the right to access and use the Service and the Documentation for the internal business purposes for such Business Units as specified in an Order Form on a limited, revocable, non-exclusive, non-transferable basis in accordance with the scope identified in an Order Form. Inriver will provide Subscriber with a primary administrator Account for managing and granting access to its Authorized Users and Subscriber is responsible for activating them. Subscriber hereby instructs Inriver to grant the Subscriber’s implementing partner access to Subscriber’s environment for the Service. If an implementing partner no longer shall have access to the Service, Subscriber shall notify Inriver of this and Inriver will remove such access.