Encryption Requirements. The Service Provider shall establish, maintain, and enforce (and Service Provider shall ensure its affiliates and Subcontractors establish, maintain, and enforce) a policy that prohibits the sending of any SOF Production Data that is customarily considered to be sensitive or confidential in nature (e.g., social security number) by electronic mail. The Service Provider agrees to encrypt the transmission of all SOF Production Data that is customarily considered to be sensitive or confidential in nature (e.g., social security number), whether or not it is sent through the HRIS or through other electronic means. The Service Provider shall obtain the Department’s approval for the encryption software and procedures used by Service Provider. The foregoing encryption requirement under this Section shall not apply to messages sent over secure, dedicated lines (i) from Service Provider employees and Independent Contractors to other Service Provider employees or Independent Contractors, or (ii) from the Service Provider to the Department, a Covered Entity or a member of the Covered Population. Further, notwithstanding any provision in this Contract to the contrary, Service Provider shall be permitted to receive emails or other electronic transmissions from the Department, a Covered Entity or a member of the Covered Population containing any SOF Production Data; further, in the event of such transmission, Service Provider shall protect the confidentiality of such data. Service Provider shall ensure that all laptop computers, tablets and other portable computer or data storage devices used to access SOF Production Data shall have “full disc” encryption. Service Provider shall require its Subcontractors to comply with the requirements to the extent applicable to Subcontractor’s Services.
Appears in 2 contracts
Sources: Human Resource Outsourcing Agreement, Human Resource Outsourcing Agreement