DATA SECURITY AND SAFEGUARDS Sample Clauses

The Data Security and Safeguards clause establishes the obligations of parties to protect sensitive information from unauthorized access, disclosure, or misuse. It typically requires the implementation of technical, administrative, and physical measures such as encryption, access controls, and regular security assessments to ensure data integrity and confidentiality. This clause is essential for mitigating the risk of data breaches and ensuring compliance with applicable privacy laws, thereby protecting both parties from potential legal and reputational harm.
POPULAR SAMPLE Copied 1 times
DATA SECURITY AND SAFEGUARDS. Supplier shall implement and maintain at all times appropriate organisational, operational, managerial, physical and technical measures to protect the Personal Data and Purchaser’s any other data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access, so that all processing is in compliance with the Laws and Purchaser’s reasonable written instructions, especially where the processing involves the transmission of data over a network. These measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation. Technical safeguards shall include all technical security controls defined by Supplier, following the recommendations as laid out in ISO/IEC 27000 series (or equivalent, such as SSAE-16(2)) or other recommendations adapted to a level which is suitable, taking into consideration the degree of sensitivity of the personal data, the particular risks which exist, existing technical possibilities, and the costs for carrying out the measures. Supplier shall limit access to the Personal Data to authorised and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations. Supplier shall also ensure by technical and organisational means that Purchaser’s Personal Data is not processed for different purposes (e.g. for different Supplier customers) and that the Personal Data is processed separately from the data of other Supplier customers. Supplier warrants that in performing the Services under the Agreement all necessary precautions are taken by Supplier to prevent loss and alteration of any data, to prevent unauthorised access to Purchaser’s IT environment, to prevent introduction of viruses to Purchaser’s systems, and to prevent improper access to Purchaser’s IT environment and confidential information of Purchaser.
View SourceView Similar (7)
DATA SECURITY AND SAFEGUARDS. The Data Applicant and Data Recipient agree to establish, comply with, and update appropriate administrative, technical, and physical safeguards to protect the confidentiality of MHDO Data and to prevent unauthorized use, access to, or disclosure of the MHDO Data other than as provided for by this Agreement. MHDO Data shall be stored and accessed only in areas that are physically safe from access by unauthorized persons at all times. The MHDO Data shall be protected electronically to prevent unauthorized access by computer, remote access, or any other means. The Data Applicant and Data Recipient agree that all MHDO Data and work product derived therefrom that has not been approved by MHDO for publication will be encrypted at rest and in transit. Block level encryption of all media is required where MHDO data are stored. The strength of data encryption must be a certified algorithm which is 256 bit or higher. Any encryption keys protecting the storage or transmission of MHDO Data, including the MHDO encryption key, shall only be used by individual persons specified on this MHDO DUA. Such keys shall be stored and transmitted separately from the information they protect. The Data Applicant and Data Recipient expressly agree that MHDO Data will not be accessed, tested, maintained, backed-up, transmitted, or stored outside of the United States. The Data Applicant and Data Recipient may not sell, re-package or in any way make MHDO Data available at the individual element level, unless the ultimate viewers of that data have applied to MHDO for this data, been approved for such access and signed an MHDO DUA. The Data Applicant and Data Recipient shall immediately inform the MHDO of any legal process by which third parties try to obtain access to MHDO data held by the Data Applicant or Data Recipient or any subcontractor and shall not turn over any data except as permitted by MHDO. The Data Applicant and Data Recipient agree to report to the MHDO: all security incidents including attempted or successful unauthorized access, use, disclosure, modification or destruction of MHDO Data; interference with system operation in an information system that contains MHDO Data; and specifically, any potential or actual breach of Protected Health Information (PHI) from the MHDO Data. Data Applicant and Data Recipient shall report any such actual or suspected security incident to the MHDO Executive Director within 24 hours after it is discovered. The Data Applicant and Data Recip...
View SourceView Similar (4)
DATA SECURITY AND SAFEGUARDS. The Supplier shall (i) implement and maintain appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other Sanoma’s data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access, especially where the Processing involves the transmission of data over a network; (ii) assess the measures necessary to ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; (iii) ensure that technical measures comply with industry standards and best practices such as ISO 27001/27002 (or equivalent, such as SSAE-16(2)); (iv) limit access to the Personal Data to authorized and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations; (v) ensure by technical and organizational means that Personal Data is not Processed for different purposes (e.g. for the Supplier’s other customers’ purposes); (vi) ensure that the Personal Data is Processed separately from the data of other Supplier’s customers; and (vii) take all necessary precautions in performing the Services to prevent: loss and alteration of any data, unauthorized access to Sanoma’s IT environment, introduction of viruses to Sanoma’s systems, improper access to Sanoma’s IT environment and confidential information of Sanoma.
View SourceView Similar (3)
DATA SECURITY AND SAFEGUARDS. 4.1. Talshir shall use appropriate safeguards and data security measures and comply with Subpart C of 45 C.F.R. Part 164 of HIPAA with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by this BAA. 4.2. Talshir shall employ appropriate administrative, technical and physical safeguards, consistent with the size and complexity of Subcontractor’s operations, comply with applicable requirements of this BAA, the Privacy Rule, the Security Rule and the Breach Notification Rule to protect the confidentiality of PHI and to prevent the use or disclosure of PHI in any manner inconsistent with the terms of this Agreement. 4.3. Those measures shall include (as a minimum): a) Implementation of security-related policies and procedures, standards and practices designated for the protection of PHI; b) Minimalization of PHI processing; c) Use of encryption and pseudonymization where needed and possible; d) Implementation of data protection measures by default and by design; e) The use of proper firewalls and antivirus systems; f) Managing organizational passwords policy which enforces complexity requirements; g) Managing strict access authorization policy which ensures that any access to PHI by Talshir employees shall be strictly limited to employees which are in need for that data, for the provision of the Services; h) Keeping backup and recovery capabilities; i) The use of other state of the art technological and organizational controls mitigating data protection risks or any data breach or loss.
View Source
DATA SECURITY AND SAFEGUARDS. EPG and/or its Data Processors shall implement and maintain, at all times, appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other data against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access so that all processing is in compliance with Laws and written instructions, especially where the processing involves the transmission of data over a network. These measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation. Technical safeguards shall include all technical security controls defined or indicated by EPG, following the recommendations as laid out in ISO/IEC 27000 series (‘Information Security Management Systems (ISMS) standards’, or equivalent). Access to Personal Data shall be limited to authorised and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations. EPG and/or its Data Processors shall also ensure, by technical and organizational means, that Personal Data is not processed for different purposes and that the Data is processed separately from the Data of other third-party entities. In terms of the main Agreement, this present Policy document and any applicable Descriptions of Services or other Appendices, all necessary precautions are taken to prevent loss and alteration of any data, to prevent unauthorised access to EPG’s I.T. environment, to prevent introduction of viruses to EPG’s systems, and to prevent improper access to EPG’s I.T. environment and Confidential Information.
View Source
DATA SECURITY AND SAFEGUARDS. The [Universities] shall (i) implement and maintain appropriate organizational, operational, managerial, physical and technical measures to protect the Personal Data and any other Publisher’s data against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure or access, especially where the Processing involves the transmission of data over a network; (ii) assess the measures necessary to ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; (iii) ensure that technical measures comply with industry standards and best practices such as ISO 27001/27002 (or equivalent); (iv) limit access to the Personal Data to authorized and properly trained personnel with a well-defined “need-to-know” basis, and who are bound by appropriate confidentiality obligations; and (v) ensure by technical and organizational means that Personal Data is not Processed for different purposes.
View Source
DATA SECURITY AND SAFEGUARDS 
View Source

Related to DATA SECURITY AND SAFEGUARDS

  • Data Security and Privacy Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries (i) is in compliance with all Data Security Requirements and (ii) has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with all Data Security Requirements to protect (A) the confidentiality, integrity, availability and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by or on behalf of the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft and modification. Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, (i) there are, and since January 1, 2022, have been, no pending complaints, investigations, inquiries, notices, enforcement proceedings, or Actions by or before any Governmental Authority and (ii) since January 1, 2022, no fines or other penalties have been imposed on or written claims, notice, complaints or other communications have been received by the Company or any Subsidiary, relating to any Specified Data Breach or alleging non-compliance with any Data Security Requirement. The Company and each of its Subsidiaries have not, since January 1, 2022, (1) experienced any Specified Data Breaches, or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole. The consummation of the transactions contemplated by this Agreement will not cause the Company Group to breach any Data Security Requirement, except as would not reasonably be expected to be material to the business of the Company Group, taken as a whole.

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Master Agreement between Chazy Central Rural School District and [Name of Vendor].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

  • Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § ▇▇-▇▇-▇▇▇ et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.

  • Safety and Security Procedures Contractor shall maintain and enforce, at the Contractor Work Locations, industry-standard safety and physical security policies and procedures. While at each JBE Work Location, Contractor shall comply with the safety and security policies and procedures in effect at such JBE Work Location.

  • Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.