Information and Data Security. (a) Susquehanna and each of the Susquehanna Subsidiaries (i) has collected Personal Information in compliance with all applicable Privacy Laws; (ii) has the requisite consent or other authority under all applicable laws regarding the collection, use, storage, disclosure, or other processing of Personal Information to use, disclose, store, and otherwise process Personal Information, which consent or other authority is sufficient for the business as currently conducted; and (iii) has taken commercially reasonable steps to secure the business data related to Susquehanna’s and the Susquehanna Subsidiaries’ business from unauthorized access or unauthorized use by any Person. No communication from any Governmental Entity with respect to or alleging non-compliance with any law regarding the collection, use, storage, disclosure or other processing of Personal Information has been received by Susquehanna or any of the Susquehanna Subsidiaries. A copy of all internally or externally prepared reports or audits that describe or evaluate the information security procedures of Susquehanna or the Susquehanna Subsidiaries, all material policies related thereto and any failures to comply therewith have been provided to C&N. Except as set forth on Schedule 3.18, to the Knowledge of Susquehanna, there has been no unauthorized access gained by any Person to Personal Information held or collected by Susquehanna or any Susquehanna Subsidiary, their employees, or third party contractors in the course of conducting Susquehanna’s and the Susquehanna Subsidiaries’ business.
Appears in 2 contracts
Sources: Merger Agreement (Citizens & Northern Corp), Merger Agreement (Citizens & Northern Corp)