Personally Identifiable Data Not Otherwise Covered by Ferpa Clause Samples

Personally Identifiable Data Not Otherwise Covered by Ferpa a) The data available to Contractor in the course of providing technical support to or on behalf of the University shall be considered Confidential Information, unless the University indicates otherwise in writing. Such Confidential Information may contain data associated with students, faculty, staff, customers, clients, members of the public, or other individuals affiliated with the [BOR/College/ University]. Information related to such individuals may be protected by federal and/or state laws and regulations, and/or established industry standards. In particular, the contents of such data or information stored and maintained by Contractor may be protected by the Health Insurance Portability and Accountability Act (“HIPAA”), ▇▇▇▇▇-▇▇▇▇▇ ▇▇▇▇▇▇ Act (“GLBA”), Electronic Communications Privacy Act (ECPA), federal Red Flags Rule regulations, Federal Trade Commission regulations, Internal Revenue Service regulations and/or other state or federal laws as amended from time to time, and/or by the Payment Card Industry Data Security Standards (PCIDSS), as amended or updated from time to time. b) Data or information to which Contractor may become privy in conducting its work for or on behalf of the University shall not be disclosed or shared with any third party by Contractor, except as permitted by the terms of this Agreement or to subcontractors whose services are necessary for Contractor to carry out its services and only then to subcontractors who have agreed to maintain the confidentiality of the data to the same extent required of Contractor under this Agreement. c) In the event any person(s) seek to access protected and confidential data or information, such access shall be through the University, and Contractor shall only retrieve such data or information as identified by the University or as otherwise required by federal and/or state law. Contractor shall not provide direct access to such data or information or respond to individual requests. d) Should Contractor receive a court order or lawfully issued subpoena seeking the release of such data or information, Contractor shall promptly inform the University of its receipt of such court order or lawfully issued subpoena prior to releasing the requested data or information.
View SourceView Similar (2)
Personally Identifiable Data Not Otherwise Covered by Ferpa 
View SourceView Similar (11)

Related to Personally Identifiable Data Not Otherwise Covered by Ferpa

  • Safeguarding Personally Identifiable Information (a) Definition. Personally Identifiable Information, or PII, means information in any format about an identifiable individual, including, name, address, phone number, e-mail address, account number(s), identification number(s), any other actual or assigned attribute associated with or identifiable to an individual and any information that when used separately or in combination with other information could identify an individual, as further described in § 501(b) of the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act and the Interagency Guidelines Establishing Standards for Safeguarding Customer Information (12 C.F.R. Section 208, Appendix D-2), that is provided or made available to the Asset Representations Reviewer in accordance with the terms of this Agreement.

  • Personally Identifiable Information By submitting any of your personally identifiable information, such as your name, address, email address, phone number or fax number, to us, you consent to our privacy policy located at ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇.

  • Personally Identifiable Information (PII); Security a. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee must provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. Grantee shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof. b. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee shall provide Florida Housing with insurance information for stand-alone cyber liability coverage, including the limits available and retention levels. If Grantee does not carry stand-alone cyber liability coverage, Grantee agrees to indemnify costs related to notification, legal fees, judgments, settlements, forensic experts, public relations efforts, and loss of any business income related to this Agreement. c. Grantee agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines. d. Grantee agrees at all times to maintain reasonable network security that, at a minimum, includes a network firewall. e. Grantee agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up to date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) Grantee agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules. f. Grantee agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES. g. If Grantee reasonably suspects that a cybersecurity event or breach of security has occurred, they must notify Florida Housing’s Contract Administrator within 48 hours. h. In the event of a breach of PII or other sensitive data, Grantee must abide by provisions set forth in Section 501.171, Fla. Stat. Additionally, Grantee must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; Grantee’s corrective action plan; and the timelines associated with the corrective action plan.

  • Privacy of Customer Information The Seller’s Customer Information in the possession of the Administrative Agent or the Buyers, other than information independently obtained by the Administrative Agent or the Buyers and not derived in any manner from or using information obtained under or in connection with this Agreement, is and shall remain confidential and proprietary information of the Seller. Except in accordance with this Section 16.9, the Administrative Agent and the Buyers shall not use any Seller’s Customer Information for any purpose, including the marketing of products or services to, or the solicitation of business from, Customers, or disclose any Seller’s Customer Information to any Person, including any of the Administrative Agent’s or the Buyers’ employees, agents or contractors or any third party not affiliated with the Administrative Agent or a Buyer. The Administrative Agent and the Buyers may use or disclose Seller’s Customer Information only to the extent necessary (i) for examination and audit of the Administrative Agent’s or the Buyers’ respective activities, books and records by their regulatory authorities, (ii) to market or sell Purchased Mortgage Loans or to enforce or exercise their rights under any Repurchase Document, (iii) to carry out the Administrative Agent’s, the Buyers’ and the Custodian’s express rights and obligations under this Agreement and the other Repurchase Documents (including providing Seller’s Customer Information to Approved Investors), or (iv) in connection with an assignment or participation as authorized by Section 22 or in connection with any hedging transaction related to the Purchased Loans and for no other purpose; provided that the Administrative Agent and the Buyers may also use and disclose the Seller’s Customer Information as expressly permitted by the Seller in writing, to the extent that such express permission is in accordance with the Privacy Requirements. The Administrative Agent and the Buyers shall ensure that each Person to which the Administrative Agent or a Buyer intends to disclose Seller’s Customer Information, before any such disclosure of information, agrees to keep confidential any such Seller’s Customer Information and to use or disclose such Seller’s Customer Information only to the extent necessary to protect or exercise the Administrative Agents, the Buyers’ or the Custodian’s rights and privileges, or to carry out the Administrative Agent’s, the Buyers’ and the Custodian’s express obligations, under this Agreement and the other Repurchase Documents (including providing Seller’s Customer Information to Approved Investors). The Administrative Agent agrees to maintain an Information Security Program and to assess, manage and control risks relating to the security and confidentiality of Seller’s Customer Information pursuant to such program in the same manner as the Administrative Agent does in respect of its own customers’ information, and shall implement the standards relating to such risks in the manner set forth in the Interagency Guidelines Establishing Standards for Safeguarding Company Customer Information set forth in 12 C.F.R. Parts 30, 208, 211, 225, 263, 308, 364, 568 and 570. Without limiting the scope of the foregoing sentence, the Administrative Agent and the Buyers shall use at least the same physical and other security measures to protect all of the Seller’s Customer Information in their possession or control as each of them uses for its own customers’ confidential and proprietary information.

  • Customer Data 5.1 The Customer shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. The customer being a contractor of DSA Airport, the customer shall not own the rights, title and interest in and to the Data which belongs to DSA Airport. 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.