Data Security and Privacy Plan Clause Samples

Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this Data Sharing and Confidentiality Agreement, consistent with Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the MLSA: [▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇/blocksi-edu-agreement.php] (c) Vendor will comply with all obligations set forth in Erie 1 BOCES’ “Supplemental Information about the MLSA” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) Vendor [check one] will [X] will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the MLSA. In the event that Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the MLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in Erie 1 BOCES’ “Supplemental Information about the ML...

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows: (a) Vendor will implement all applicable state, federal, and local data security and privacy requirements including those contained within the Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Master Agreement between EAST ROCHESTER SCHOOL DISTRICT and Heartland Payment Systems, LLC (d/b/a Heartland School Solutions).” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities within its control to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to...

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [▇▇▇▇▇-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unau...

Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Vendor and is set forth below. Additional elements of Vendor’ Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES data security _ ] and privacy policy, Vendor will: [ at a minimum, require that any subcontractors or other authorized person who may hav to Protected Data execute written agreements acknowledging the data protection obligations imposed on Vendor by state and federal law and this DPA; follow certain procedures for the deletion and/or destruction of Protected Data upon termination of this DPA; provide training on the federal and state laws governing confidentiality of Protected Data; and manage any security incidents in accordance with laws (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Vendor AGREEMENT, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Vendor AGREEMENT: [ Limitation of internal acces to those individuals/subcontractors that need access to provide the services; use of the Protected Data for only the purposes permitted hereunder; use of encryption technology to protect Protected Data in motion]or at rest from unauthorized disclosures in accordance with best practices; and use of firewalls and username/password and other access control requirements, among other recommended best practices. (c) Vendor will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Prior to 2021, Vendor provided in-person training sessions to employees with access on a regular basis, and no less than annually. Beginning in 2021, Vendor engaged a third-party to provide employee privacy training modules that _] (e) Vendor [c...

Data Security and Privacy Plan a. Vendor agrees to have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from Hinsdale Central School District b. Vendor understands and agrees that it is responsible for submitting a Data Security and Privacy Plan to Hinsdale Central School prior to the start of the term of the Agreement, and it shall: 1. Outline how all state, federal and local data security and privacy contract requirements will be implemented over the life of the contract consistent with Hinsdale Central School District’s policy on data security and privacy, as adopted. 2. Outline specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from Hinsdale Central School District under the Contract. 3. Outline the training requirement established by the Vendor for all employees who will receive personally identifiable information from student records (hereinafter referred to as “student data”).

Data Security and Privacy Plan a. Vendor agrees to have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from CRCS. b. Vendor understands and agrees that it is responsible for submitting a Data Security and Privacy Plan to CRCS prior to the start of the term of the Agreement, and it shall: 1. Outline how all state, federal and local data security and privacy contract requirements will be implemented over the life of the contract consistent with CRCS’s policy on data security and privacy, as adopted. 2. Outline specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from CRCS under the Contract. 3. Outline the training requirement established by the Vendor for all employees who will receive personally identifiable information from student records (hereinafter referred to as “student data”).

Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security. To this end, Vendor attaches its privacy policy. Additional elements of Vendor’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this Data Sharing and Confidentiality Agreement, consistent with Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance withall applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) As required by the NIST Cybersecurity Framework, in order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, a. Vendor will make its best efforts in deploying reasonable administrative, technical, operational,and physical safeguards and practices in place throughout the term of the MLSA: i. Data Security: 1. Data-at-rest & data-in-transit is encrypted 2. Data leak protections are implemented ii. Information Protection Processes and Procedures: 1. Data destruction is performed according to contract and agreements 2. A plan for vulnerability management is developed and implemented iii. Protective Technology: 1. Log/audit records are ascertained, implemented, documented, and reviewed according to policy 2. Network communications are protected iv. Identity Management, Authentication and Access Control: 1. Credentials and identities are issued, verified, managed, audited, and revoked, as applicable, for authorized dev (c) Vendor will comply with all obligations set forth in Erie 1 BOCES’ “Supplemental Information about the MLSA” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees (or officers or employees of any of its subcont...

Data Security and Privacy Plan a. Vendor agrees to have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from The Enlarged City School District of Middletown. b. Vendor understands and agrees that it is responsible for submitting a Data Security and Privacy Plan to The Enlarged City School District of Middletown prior to the start of the term of the Agreement, and it shall: 1. Outline how all state, federal and local data security and privacy contract requirements will be implemented over the life of the contract consistent with The Enlarged City School District of Middletown’s policy on data security and privacy, as adopted. 2. Outline specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from The Enlarged City School District of Middletown under the Contract. 3. Outline the training requirement established by the Vendor for all employees who will receive personally identifiable information from student records (hereinafter referred to as “student data”).

Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this Data Sharing and Confidentiality Agreement, consistent with Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the MLSA: Learning A-Z products are on servers and equipment owned and operated by its parent company Cambium Learning. Our servers and all user-specific data are hosted in a secure Tier 4 enterprise data center located in Texas with a failover data center in Michigan. All of our administrative controls are behind firewalls and also require username/password access, which is limited to Cambium Learning operational staff. (c) Vendor will comply with all obligations set forth in Erie 1 BOCES’ “Supplemental Information about the MLSA” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: Annually, Vendor will require that all of its employees who have access to Protected Data (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training to ensure that these individuals are aware of and familiar with all applicable data security and privacy laws. (e) The Learning A-Z, LLC subscriptions and services are Sa...