Data Handling. 32.1 You must ensure that your business fully complies with the Security Standards. You must maintain an Incident Response Plan for immediate reporting and handling of any exposure of Cardholder Data at your business. 32.2 If you know of or suspect a Data Breach at your company or that of any Agent, you must: (a) report the Data Breach immediately to Windcave; (b) take appropriate action, including withdrawal of internet shopping facilities if appropriate, to minimise the ongoing risk to Cardholder Information, until such time as investigation and rectification of the Data Breach is completed; (c) implement and follow the Incident Response Plan; (d) maintain a rigorous audit trail of all actions taken to isolate and rectify the event; (e) assist ▇▇▇▇▇▇▇▇ to the best of your abilities including providing detailed statements and schedules of Card accounts exposed by the Data Breach; (f) allow Windcave employees, contractors, or those of any Payment Scheme, acting reasonably, full access to your systems and databases for the purpose of Forensic Review, to ascertain the cause and impact of the exposure; (g) undergo a full PCI DSS accreditation to be allowed to continue processing Transactions. 32.3 You are liable for all costs, charges and/or fines imposed by the Payment Schemes, Applicable Law or regulators, due to any Data Breach, including but not restricted to: (a) any fines for Data Breach including for a failure to report the Data Breach in a timely fashion; (b) any costs levied by the Payment Schemes for monitoring and/or reissue of credit cards compromised by the Data Breach; (c) all costs for Forensic Review including following termination of this Agreement; and (d) costs for corrective action to address the cause of the Data Breach and for re-certification with PCI DSS. 32.4 You must not sell, purchase, provide or exchange any information or document relating to a Cardholder, a Cardholder’s account number or a Transaction to any person other than us, the Card Issuer or as required by law. 32.5 You must ensure that any full card-read data in respect of Cards accessed by you in connection with a Transaction (or otherwise in connection with the Agreement) is stored only on an electronic file in a secure environment with restricted access in compliance with the Security Standards and Windcave’s compliance requirements, for the sole purpose of providing documentation for exception processing. You must not record, store, replicate or otherwise use full card-read data for any other purpose.
Appears in 2 contracts
Sources: General Terms and Conditions, General Terms and Conditions