Data Confidentiality and Data Security Sample Clauses

POPULAR SAMPLE Copied 1 times
Data Confidentiality and Data Security. As used in the Agreement, "data" means all information, whether written or verbal, including plans, photographs, studies, investigations, audits, analyses, samples, reports, calculations, internal memos, meeting minutes, data field notes, work product, proposals, correspondence and any other similar documents or information prepared by, obtained by, or transmitted to Consultant or its subconsultants in the performance of this Agreement. The Parties agree that all data, regardless of form, including originals, images, and reproductions, prepared by, obtained by, or transmitted to Consultant or its subconsultants in connection with Consultant’s or its subconsultant’s performance of this Agreement is confidential and proprietary information belonging to City. Except as specifically provided in this Agreement, Consultant or its subconsultants must not divulge data to any third party without City’s prior written consent. Consultant or its subconsultants must not use the data for any purposes except to perform the services required under this Agreement. These prohibitions do not apply to the following data provided to Consultant or its subconsultants have first given the required notice to City: (a) data which was known to Consultant or its subconsultants prior to its performance under this Consultant or its subconsultants by a third party, who to the best of Consultant’s or its subconsultants’ knowledge and belief, had the legal right to make such disclosure and Consultant or its subconsultants are not otherwise required to hold such data in confidence; or (c) data which is required to be disclosed by virtue of law, regulation, or court order, to which Consultant or its subconsultants are subject. In the event Consultant or its subconsultants are required or requested to disclose data to a third party, or any other information to which Consultant or its subconsultants became privy as a result of any other contract with City, Consultant must first notify City as set forth in this Section of the request or demand for the data. Consultant or its subconsultants must give City sufficient facts so that City can be given an opportunity to first give its consent or take such action that City may deem appropriate to protect such data or other information from disclosure. All data must continue to be subject to the confidentiality agreements of this Agreement. Consultant or its subconsultants assume all liability to maintain the confidentiality of the data in its possess...
View SourceView Similar (25)
Data Confidentiality and Data Security. Services Provider agrees to the following confidentiality and data security statements: 1. Services Provider acknowledges that the data is confidential data and proprietary to JCPS, and agrees to protect the data from unauthorized disclosures and to comply with all applicable Local, State and Federal confidentiality laws and regulations including but not limited to FERPA; the Kentucky Family Educational Rights and Privacy Act, KRS 160.700 et seq.; the ▇▇▇▇▇▇▇ ▇. ▇▇▇▇▇▇▇ National School Lunch Act, 42 U.S.C. 1751 et seq.; the Child Nutrition Act of 1966, 42 U.S.C. 1771 et seq.; 7 C.F.R. 245.6 et seq.; the Personal Information Security and Breach Investigation Procedures and Practices Act, KRS 61.931 et seq.; and the Kentucky Open Records Act, KRS 61.820 et seq. 2. If the performance of this Agreement involves the transfer by JCPS to Services Provider of any data regarding any JCPS student that is subject to FERPA, Services Provider agrees to: a. In all respects comply with the provisions of FERPA. b. Use any such data for no purpose other than to fulfill the purposes of the services contract described in Paragraph B.1 above, and not share any such data with any person or entity other than Services Provider and its employees, contractors and agents, without the prior written approval of JCPS. c. Require all employees, contractors and agents of Services Provider to comply with all applicable provisions of FERPA with respect to any such data. d. Maintain any such data in a secure computer environment, and not copy, reproduce or transmit any such data expect as necessary to fulfill the purposes of the services contract described in Paragraph B.1 above. e. Provide the services under the services contract described in Paragraph B.1 above in a manner that does not permit the identification of an individual student by anyone other than employees, contractors or agents of Services Provider having a legitimate interest in knowing such personal identification. f. Destroy or return to JCPS any such data obtained under this Agreement within thirty days (30) after the date within it is no longer needed by Services Provider for the purposes of the services contract described in Paragraph B.1 above. 3. Services Provider shall not release or otherwise reveal, directly or indirectly, the data to any individual, agency, entity, or third party not included in this Agreement, unless such disclosure is required by law or court order. If Services Provider becomes legally compelled...
View SourceView Similar (16)
Data Confidentiality and Data Security. Research Organization agrees to the following confidentiality and data security statements: 1. Research Organization acknowledges that the data is confidential data and proprietary to Data Provider, and agrees to protect the data from unauthorized disclosures and to comply with all applicable Data Provider, Local, State and Federal confidentiality laws and regulations including but not limited to FERPA; the Privacy Act of 1974, 5 U.S.C. 552a; the Kentucky Family Educational Rights and Privacy Act, KRS 160.700 et seq.; the ▇▇▇▇▇▇▇ ▇. ▇▇▇▇▇▇▇ National School Lunch Act, 42 U.S.C. 1751 et seq.; the Child Nutrition Act of 1966, 42 U.S.C. 1771 et seq.; the Personal Information Security and Breach Investigation Procedures and Practices Act, KRS 61.931 et seq.; the Kentucky Open Records Act, KRS 61.820 et seq.; and the California Education Code. 2. If the performance of this Agreement involves the transfer by Data Provider to Research Organization of any data regarding any Data Provider student that is subject to FERPA, Research Organization agrees to: a. In all respects comply with the provisions of FERPA. b. Use any such data for no purpose other than to fulfill the purposes of the Project, and not share any such data with any person or entity other than Research Organization and its employees, contractors and agents, without the approval of Data Provider. c. Require all employees, contractors and agents of Research Organization to comply with all applicable provisions of FERPA with respect to any such data. d. Maintain any such data in a secure computer environment, and not copy, reproduce or transmit any such data expect as necessary to fulfill the purposes of the Project. e. Conduct the Project in a manner that does not permit the identification of an individual student by anyone other than employees, contractors or agent of Research Organization having a legitimate interest in knowing such personal identification, and not disclose any such data in a manner that would permit the identification of an individual student in any published results of studies. f. Destroy or return to Data Provider any such data obtained under this Agreement within thirty days (30) after the date within it is no longer needed by Research Organization for the purposes of the Project. 3. Research Organization shall not release or otherwise reveal, directly or indirectly, the data to any individual, agency, entity, or third party not included in this Agreement, unless such disclosure i...
View Source
Data Confidentiality and Data Security. 6.4.1 Data Confidentiality: information, whether written or verbal, including plans, photographs, studies, investigations, audits, analyses, samples, reports, calculations, internal memos, meeting minutes, data field notes, work product, proposals, correspondence and any other similar documents or information prepared by, obtained by, or transmitted to the CMARE or its subcontractors in the performance of this Contract. 6.4.1.1 The Parties agree that all data, regardless of form, including originals, images, and reproductions, prepared by, obtained by, or transmitted to the CMARE or its subcontractors in connection with the CMARE confidential and proprietary information belonging to the County. 6.4.1.2 Except as specifically provided in this Contract, the CMARE or its subcontractors shall not divulge data to any third party without prior written consent of the County. The CMARE or its subcontractors shall not use the data for any purposes except to perform the services required under this Contract. These prohibitions shall not apply to the following data provided the CMARE or its subcontractors have first given the required notice to the County: 6.4.1.2.1 Data which was known to the CMARE or its subcontractors prior to its performance under this Contract unless such data was acquired in connection with work performed for the County; 6.4.1.2.2 Data which was acquired by the CMARE or its subcontractors in its performance under this Contract and which was disclosed to the CMARE or its subcontractors by a third party, who to the best of the CMARE right to make such disclosure and the CMARE or its subcontractors are not otherwise required to hold such data in confidence; or 6.4.1.2.3 Data which is required to be disclosed by virtue of law, regulation, or court order, to which the CMARE or its subcontractors are subject. 6.4.1.3 In the event the CMARE or its subcontractors are required or requested to disclose data to a third party, or any other information to which the CMARE or its subcontractors became privy as a result of any other Contract with the County, the CMARE shall first notify the County as set forth in this Article of the request or demand for the data. The CMARE or its subcontractors shall give the County sufficient facts so that the County can be given an opportunity to first give its consent or take such action that the County may deem appropriate to protect such data or other information from disclosure. 6.4.1.4 The CMARE, unless prohibited by l...
View Source
Data Confidentiality and Data Security 
View SourceView Similar (14)

Related to Data Confidentiality and Data Security

  • Confidentiality and Data Security (a) The Custodian agrees to keep confidential, and to cause its employees and agents to keep confidential, all records of the Funds and information relating to the Funds, including without limitation information as to their respective shareholders and their respective portfolio holdings, unless the release of such records or information is made (i) in connection with the services provided under this Agreement, (ii) at the written direction of the applicable Fund or otherwise consented to, in writing, by the respective Funds, (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian has determined, on the advice of counsel, that the failure to release such information would expose the Custodian to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian provides the applicable Fund written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Section 10(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d), (1) the Custodian may use information regarding the Funds in connection with certain functions performed on a centralized basis by the Custodian, its affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information, but only for the purpose of servicing the Funds in connection with the relationship contemplated by this Agreement or providing additional services to the Funds, and (2) the Custodian may aggregate Fund or Portfolio data with similar data of other customers of the Custodian (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that no Fund or Portfolio data can be identified either directly or by inference or implication. (b) Each Fund agrees to keep confidential all information obtained hereunder relating to the Custodian’s business (it being understood, however, that the existence and the terms of this Agreement are required to be publicly disclosed by the Funds), unless the release of such records or information is (i) necessary to facilitate the receipt of services provided under this Agreement, (ii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Fund has determined, on the advice of counsel, that it is required to comply, or (iii) where the Fund has determined, on the advice of counsel, that the failure to release such information would expose the Fund to civil or criminal contempt proceedings; provided in the case of clause (ii) or (iii) the Fund provides the Custodian written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. (c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or as otherwise permitted by Regulation S-P or the GLB Act. (d) Without limiting the generality of Section 10(a) hereof, the Custodian acknowledges and agrees that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and all such information to the Custodian hereunder is made strictly under the conditions of confidentiality set forth in Section 10(a) hereof and solely for the purposes of the performance of custodial services hereunder, that any unauthorized disclosure or misuse of such information (including by the Custodian or any of its employees or agents, or any trading on the basis of such information by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securities, that access to any and all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunder, and that the Custodian shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential information. (e) The parties acknowledge and agree that any breach of Section 10(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a) hereof, the non-breaching party shall (in addition to all other rights and remedies it may have pursuant to this Agreement, including without limitation Section 8(g) hereof, and at law and in equity) be entitled to an injunction, without the necessity of posting any bond or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a) hereof. (f) The Custodian will implement and maintain a written information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutes, laws, rules and regulations, and definitive and binding guidance or interpretations by applicable authorities of any of the foregoing from time to time, including without limitation the personal information of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the Custodian. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public. (g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designed: (i) to maintain the security and confidentiality of records and information of the Funds; (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; and (iii) to protect against unauthorized access to or use of such records and information. The Custodian shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls framework. Such safeguards will include, but shall not be limited to, virus protection, password protection and encryption of data in transmission at a minimum standard of AES 256. The Custodian will provide the Fund, at least annually, with the most recent SOC reports of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (in the form generally provided by the Custodian to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the Custodian. The Custodian shall maintain books and records sufficient to demonstrate its compliance with the terms of this Section 10(g). (h) Upon reasonable notice to the Custodian, the Custodian will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds once annually and at such other times as the Funds may reasonably request to review the Custodian’s security controls and any deficiencies identified in the SSAE-18 audit reports, and for the Custodian to review with the Funds the penetration testing results and provide such additional information concerning the penetration tests as the Custodian determines to be prudent. At such meeting, the Funds may view the Custodian’s security-related policies and procedures; however, no documentation may be copied, shared, transmitted or removed from the Custodian’s premises, except as mutually agreed. In the event that the Funds identify any control deficiencies, the Custodian will discuss such findings with the Funds and will use reasonable efforts to develop a mutually agreeable remediation plan. All nonpublic documentation and information disclosed to the Funds in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the Custodian. The Funds shall not disclose such documentation or information to any third party (except to the extent permitted, necessary or required pursuant to Section 10(b)) or use it for any purpose other than evaluating the Custodian’s security controls, except that the Funds may disclose the Custodian’s SSAE-18 summary to the Funds’ external auditors provided that such external auditors are required to maintain the confidentiality of the summary and any related information. (i) In the event of any actual or reasonably suspected, based on Custodian’s experience, breach of security of its systems resulting in the actual, probable or reasonably suspected unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any of the confidential records or information of a Fund (each, a “Security Breach”), upon learning of the Security Breach, the Custodian shall notify such Fund as promptly as reasonably possible of the relevant facts related to such Security Breach then known to the Custodian, and of additional relevant facts promptly after they become known to the Custodian, in the manner provided in Section 12 hereof and also by sending notice to ▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇.▇▇▇ and/or such other electronic mail address or addresses as a Fund may specify by written notice to the Custodian. The Custodian shall at its sole cost: (i) promptly investigate such Security Breach; (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; (iii) restore any lost or damaged data using generally accepted data restoration techniques; and (iv) conduct a root cause analysis to provide the Fund with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information in the possession or under the control of the Custodian or any of its affiliates, subsidiaries, agents or employees the Custodian shall be responsible for each Fund’s reasonable costs associated with responding to such Security Breach, including, but not limited to, the costs of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian reasonably deems necessary (with due regard for industry standards, if any). (j) If the Custodian uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian by this Agreement, such subsidiary, affiliate or agent shall have appropriate controls in place to meet the objectives of this Section 10, and the Custodian shall exercise oversight over each such subsidiary, affiliate or agent to ensure ongoing compliance with the objectives of this Section 10. The Custodian will require each Foreign Sub-Custodian that it engages to provide services under this Agreement to establish and maintain reasonably designed safeguards and controls against the unauthorized access to and use of Fund data and information.

  • Confidentiality and Data Protection We are a data controller for the information you provide to us including individual, identification and financial details, policy history and special category data (such as medical or criminal history). Details of our legal basis for processing your information, along with details of any third party recipient whom it may be necessary to share your personal data with in order to fulfil the contract, retention period for data held, security of your data, your rights under the UK General Data Protection Regulations (UK GDPR) including the right to complain can be found in our full ‘Privacy Notice’ attached to these terms of business and/or on our website at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇.▇▇.

  • Confidentiality and Security Section 1: Service Provider agrees that all of its employees, contractors, subcontractors, or associates will comply with all state and federal law and with TJJD policies regarding maintaining the confidentiality of TJJD youth, including, but not limited to, maintaining confidentiality of student records and identifying information. Section 2: Service Provider agrees that all information regarding TJJD and/or its youth that is gathered, produced, or otherwise derived from this contract shall remain confidential and subject to release only by permission of TJJD. Section 3: Service Provider’s employees, contractors, subcontractors, or associates who visit any TJJD facility will comply with that facility's security regulations. Section 4: Identifying pictures, appearances, films, or reports of TJJD youth may not be disclosed by Service Provider without the written consent of TJJD, of the youth and, if under age 18, of the youth’s parent, guardian, or managing conservator.

  • Privacy and Data Security (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole. (b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data. (c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments. (d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data. (e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.