CONSUMER INFORMATION AND PRIVACY. If, in connection with the Purchase Order, Provider receives, stores or accesses any NPI, PHI, Personal Data Payment Card Data, or other information or materials that are subject to the Privacy Regulations and Guidelines, Provider will comply with the applicable requirements of the Privacy Regulations and Guidelines. Provider acknowledges that the Guidelines include provisions regarding the safeguarding of consumer information, response programs and notice in the event of unauthorized access to consumer information, that FIS provides information processing services to Clients subject to the Guidelines, and that FIS may be required to notify Clients, their customers or other third parties of security incidents that result, or are likely to result, in misuse or unauthorized possession or disclosure of NPI, PHI, Personal Data, Payment Card Data or other Confidential Information. Without limiting the foregoing, and in addition to its confidentiality and security obligations as otherwise set forth in the Purchase Order, Provider will (i) ensure the security and confidentiality of such information or materials, (ii) protect against any anticipated threats or hazards to the security or integrity of such records, (iii) detect unauthorized access to or use of such records or information, and (iv) protect against unauthorized access to or use of such records or information that would result in harm or inconvenience to any Client or any customer of a Client. Provider represents and warrants that it has and will maintain in place commercially reasonable precautions to safeguard the confidentiality, security and integrity of FIS Confidential Information in a manner designed to meet the requirements of this Section. These precautions will include but will not be limited to (i) contractual restrictions on access to the information by Contractors and Provider’s other vendors, (ii) intrusion detection systems on all information systems of FIS maintained or controlled by Provider, and (iii) notification procedures for notifying FIS promptly if a security breach is detected or suspected, as well as other response programs when there is a suspected or detected Breach involving NPI, PHI, Personal Data or Payment Card Data. These precautions will also include, as appropriate, (A) access controls to FIS information systems, including controls to identify and permit access only to authorized individuals and controls to prevent access to FIS Confidential Information through improper means, (B) Provider Personnel controls and training, (C) physical access restrictions at locations where FIS Confidential Information is located, (D) encryption of electronic FIS Confidential Information when appropriate or legally required, and (E) a disaster recovery plan as appropriate to protect against loss or damage to FIS Confidential Information due to potential hazards such as fire or water damage or technological failures. Provider will (1) monitor the foregoing measures with periodic audits or testing and (2) provide copies of the same sufficient to assure FIS or its regulatory authorities that Provider is implementing these precautions, and (3) notify FIS immediately if there is any suspected or actual unauthorized access, use, disclosure or alteration to FIS Confidential Information. Provider will indemnify FIS from, defend FIS against, and pay any final judgments awarded against FIS, resulting from any claim brought by a third party, including but not limited to a customer of FIS, against FIS based on any breach of such privacy Laws, rules or regulations by Provider, including Provider Personnel.
Appears in 2 contracts