Personal Identifiable Information Security Clause Samples

The Personal Identifiable Information Security clause establishes requirements for protecting sensitive personal data collected, processed, or stored under the agreement. It typically mandates that parties implement appropriate technical and organizational measures to safeguard information such as names, addresses, identification numbers, or other data that can identify individuals. By setting these standards, the clause helps prevent unauthorized access, data breaches, and misuse of personal information, thereby ensuring compliance with privacy laws and protecting the interests of individuals whose data is involved.
Personal Identifiable Information Security. Provider shall protect and secure data in electronic form containing such PII. At a minimum, Provider’s safeguards for the protection of PII shall include: 1. Encrypting, securing or modifying such PII by any method or technology that removes elements that personally identify an individual or that otherwise renders the information unusable. 2. Limiting access of PII to Authorized Persons. 3. Securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability. 4. Implementing network, device application, database, and platform security. 5. Securing information transmission, storage, and disposal; and implementing authentication and access controls within media, applications, operating systems and equipment. 6. Encrypting PII stored on any mobile media. 7. Encrypting PII transmitted over public or wireless networks. 8. Implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks consistent with applicable law, as required by The Children’s Trust from time to time. 9. Providing written copies of appropriate privacy and information security training to Provider’s employees, as required by and to The Children’s Trust. 10. Purchasing and maintaining cyber insurance coverage, in accordance with Section K. 7. 11. Provider shall dispose, or arrange for the disposal, of customer records that contain PII within its custody or control when the records are no longer required to be retained pursuant to Sections H and O. Such disposal shall involve shredding, erasing or otherwise modifying PII in its control or possession to make it unreadable or undecipherable. 12. During the term of each Authorized Person’s employment by Provider, Provider shall at all times cause such Authorized Persons to abide strictly by Provider’s obligations under this Contract. Provider further agrees that it shall maintain a disciplinary process to address any unauthorized access, use or disclosure of PII by any of Provider’s officers, directors, partners, principals, employees, agents or contractors. Upon The Children’s Trust’s request, Provider shall promptly identify all Authorized Persons as of the date of such request to The Children’s Trust in writing. 13. Upon The Children’s Trust’s written request, Provider shall provide The Children’s Trust with a network diagra...
View SourceView Similar (5)

Related to Personal Identifiable Information Security

  • Personally Identifiable Information (PII); Security a. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee must provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. Grantee shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof. b. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee shall provide Florida Housing with insurance information for stand-alone cyber liability coverage, including the limits available and retention levels. If Grantee does not carry stand-alone cyber liability coverage, Grantee agrees to indemnify costs related to notification, legal fees, judgments, settlements, forensic experts, public relations efforts, and loss of any business income related to this Agreement. c. Grantee agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines. d. Grantee agrees at all times to maintain reasonable network security that, at a minimum, includes a network firewall. e. Grantee agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up to date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) Grantee agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules. f. Grantee agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES. g. If Grantee reasonably suspects that a cybersecurity event or breach of security has occurred, they must notify Florida Housing’s Contract Administrator within 48 hours. h. In the event of a breach of PII or other sensitive data, Grantee must abide by provisions set forth in Section 501.171, Fla. Stat. Additionally, Grantee must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; Grantee’s corrective action plan; and the timelines associated with the corrective action plan.

  • Safeguarding Personally Identifiable Information (a) Definition. Personally Identifiable Information, or PII, means information in any format about an identifiable individual, including, name, address, phone number, e-mail address, account number(s), identification number(s), any other actual or assigned attribute associated with or identifiable to an individual and any information that when used separately or in combination with other information could identify an individual, as further described in § 501(b) of the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act and the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (12 C.F.R. Section 208, Appendix D-2), that is provided or made available to the Asset Representations Reviewer in accordance with the terms of this Agreement.

  • Personally Identifiable Information By submitting any of your personally identifiable information, such as your name, address, email address, phone number or fax number, to us, you consent to our privacy policy located at ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇.

  • Personal Information security breach a) Each Party shall notify the other party in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal information and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal information and to restore the integrity of the affected personal information as quickly as is possible. The Parties shall also be required to provide each other with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal information. b) The Parties shall provide on-going updates on the progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Parties must notify the South African Police Service; and/or the State Security Agency and the Information Regulator and the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Parties undertake to co‑operate in any investigations relating to security which is carried out by or on behalf of the other including providing any information or material in its possession or control and implementing new security measures.

  • PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended. 13 A. DEFINITIONS