Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and its respective Subsidiaries may presently have and, after the Effective Time, may gain access to or possession of confidential or proprietary Information of, or personal Information relating to, Third Parties: (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or the other Party’s Subsidiaries, on the other hand, prior to the Effective Time or (ii) that, as between the two parties, was originally collected by the other Party or the other Party’s Subsidiaries and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause its Subsidiaries and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary Information of, or personal Information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or the other Party’s Subsidiaries, on the one hand, and such Third Parties, on the other hand.
Personally Identifiable Information (PII); Security a. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee must provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. Grantee shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof.
b. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee shall provide Florida Housing with insurance information for stand-alone cyber liability coverage, including the limits available and retention levels. If Grantee does not carry stand-alone cyber liability coverage, Grantee agrees to indemnify costs related to notification, legal fees, judgments, settlements, forensic experts, public relations efforts, and loss of any business income related to this Agreement.
c. Grantee agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines.
d. Grantee agrees at all times to maintain reasonable network security that, at a minimum, includes a network firewall.
e. Grantee agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up to date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) Grantee agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules.
f. Grantee agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES.
g. If Grantee reasonably suspects that a cybersecurity event or breach of security has occurred, they must notify Florida Housing’s Contract Administrator within 48 hours.
h. In the event of a breach of PII or other sensitive data, Grantee must abide by provisions set forth in Section 501.171, Fla. Stat. Additionally, Grantee must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; Grantee’s corrective action plan; and the timelines associated with the corrective action plan.
Safeguarding Personally Identifiable Information (a) Definition. Personally Identifiable Information, or PII, means information in any format about an identifiable individual, including, name, address, phone number, e-mail address, account number(s), identification number(s), any other actual or assigned attribute associated with or identifiable to an individual and any information that when used separately or in combination with other information could identify an individual, as further described in § 501(b) of the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act and the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (12 C.F.R. Section 208, Appendix D-2), that is provided or made available to the Asset Representations Reviewer in accordance with the terms of this Agreement.
Use and Disclosure of Protected Health Information The Business Associate must not use or further disclose protected health information other than as permitted or required by the Contract or as required by law. The Business Associate must not use or further disclose protected health information in a manner that would violate the requirements of HIPAA Regulations.
Protected Health Information “Protected Health Information” shall have the same meaning as the term “protected health information” in Section 160.103 and is limited to the information created or received by Contractor from or on behalf of County.