Sensitive data Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter ‘sensitive data’), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
Sensitive Information Information that requires special precautions to protect from unauthorized use, access, disclosure, modification, loss, or deletion. Sensitive Information may be either Public Information or Confidential Information. It is information that requires a higher than normal assurance of accuracy and completeness. Thus, the key factor for Sensitive Information is that of integrity. Typically, Sensitive Information includes records of agency financial transactions and regulatory actions.
Certain Information The Company agrees to provide Holder at any time and from time to time with such information as Holder may reasonably request for purposes of Holder’s compliance with regulatory, accounting and reporting requirements applicable to Holder.
Treatment of Proprietary and Confidential Information A. Both parties agree that it may be necessary to provide each other during the term of this Agreement with certain confidential information, including trade secret information, including but not limited to, technical and business plans, technical information, proposals, specifications, drawings, procedures, customer account data and like information (hereinafter collectively referred to as “Information”). Both parties agree that all Information shall either be in writing or other tangible format and clearly marked with a confidential, private or proprietary legend, or, when the Information is communicated orally, it shall also be communicated that the Information is confidential, private or proprietary. The Information will be returned to the owner within a reasonable time. Both parties agree that the Information shall not be copied or reproduced in any form. Both parties agree to receive such Information and not disclose such Information. Both parties agree to protect the Information received from distribution, disclosure or dissemination to anyone except employees of the parties with a need to know such Information and which employees agree to be bound by the terms of this Section. Both parties will use the same standard of care to protect Information received as they would use to protect their own confidential and proprietary Information.
B. Notwithstanding the foregoing, both parties agree that there will be no obligation to protect any portion of the Information that is either: 1) made publicly available by the owner of the Information or lawfully disclosed by a nonparty to this Agreement; 2) lawfully obtained from any source other than the owner of the Information; or 3) previously known to the receiving party without an obligation to keep it confidential.