Common use of PRIVACY AND SECURITY OBLIGATIONS Clause in Contracts

PRIVACY AND SECURITY OBLIGATIONS. 7.1 Personal information collected or maintained by the Recipient within Canada is subject to the provisions of the applicable federal, provincial or territorial privacy and access to information legislation or the Personal Information Protection and Electronic Documents Act (PIPEDA). Recipients delivering a Project overseas will: A) comply with the current national or domestic laws of the countries where services are being provided, including any laws that may be enacted after the beginning of the Agreement; and B) acknowledge that nothing in the applicable laws derogates from, prevents compliance with or conflicts with the requirements of this Agreement. The Recipient must notify the Department immediately, and where possible in advance, of a change to applicable laws that derogates from, prevent compliance or conflict with the requirements of this Agreement. 7.2 Recipients will limit their collection of personal information to only that which is necessary for them to carry out their programming, and must be proportional to the benefit to be derived from the expected outcomes of the Project. 7.3 Personal information shall be treated as confidential and not disclosed to any person, other than the client, except in accordance with applicable law. When requested, the Recipient shall provide clients with reasonable access to view their information that was collected for purposes of programming funded by the Department. 7.4 The Recipient shall take all security measures reasonably necessary to protect any such personal information using methods that are generally used by prudent public and private sector organizations. These measures must meet the requirements, standards or guidelines found in applicable policy, directives or protocols of the Government of Canada, including those set out in any instructions issued by the Department for the protection of personal information against unauthorized use or disclosure. Recipients delivering a Project outside Canada will ensure cross-border transmission of personal information between its offices in countries where the Recipient is delivering the Project and fulfilling its obligations pursuant to this Agreement must only be done when necessary or required for the performance of the Project and shall be in compliance with all sections of this Agreement. If requested by the Department, the Recipient shall provide a description of cross-border transmission of information that is necessary for the Project. 7.5 Where the Recipient has reasonable grounds to believe that there has been loss, theft, unauthorized access, disclosure, copying, use, modification or destruction of personal information, or any incident that may jeopardize the security or integrity of personal information, it will immediately notify the Department of the privacy breach. The Recipient will also immediately take all reasonable steps to stop and contain the impact of the breach, assess and resolve the problem, and prevent its recurrence. The Department may direct the Recipient to take specified steps to resolve and prevent a recurrence. 7.6 Despite the provisions of this Agreement, in the event that the Recipient is compelled to produce any personal information pursuant to any applicable legislation, regulation, or any order of any court, tribunal, administrative body or other authority with jurisdiction, whether in or outside of Canada, the Recipient shall notify the Department and the affected client immediately, and where possible, in advance. 7.7 In addition to the above as it relates to clause 6.6 specifically, the Recipient agrees: A) i) to make available the "Gathering Information" pamphlet that explains the purpose and privacy implications of collecting a client's information; ii) if the client is illiterate, to verbally transmit the contents of the pamphlet; and iii) to comply with the systems' related privacy and security manual and other departmental policies and instructions governing security matters.

PRIVACY AND SECURITY OBLIGATIONS. 7.1 Personal information collected or maintained by the The Recipient within Canada is subject will ensure that it conforms with any obligations applicable to the provisions of the applicable federal, provincial or territorial privacy and access to information legislation or the it under Personal Information Protection and Electronic Documents Act (PIPEDA)Act, S.C. 2000, c. 5, or similar legislation in effect from time to time in any province or territory of Canada, where it collects personal information in the course of carrying out the Project. If the Recipient believes that any obligations in the Agreement prevent it from meeting its obligations under any of these laws, the Recipient must immediately notify the Department of the specific provision of the Agreement and the specific obligation under the law with which the Recipient believes it conflicts. Recipients delivering a Project overseas will: A) comply with the current national or domestic laws of the countries where services are being provided, including any laws that may be enacted after the beginning of the Agreement; and B) acknowledge that nothing in the applicable laws derogates from, prevents compliance with or conflicts with the requirements of this Agreement. The Recipient must notify the Department immediately, and where possible in advance, of a change to applicable laws that derogates from, prevent compliance or conflict with the requirements of this Agreement. 7.2 Recipients Where the Recipient provides direct services to Eligible Clients under the Project, it will provide information to the Department on the use of these services by Eligible Clients through the data collection system provided by the Department. This information will be used by the Department in support of evaluation and planning for the Resettlement Assistance Program and the Settlement Program and select information may also be disclosed to other funding recipients providing direct services to the same Eligible Clients as the Recipient to facilitate service delivery to these Eligible Clients. The Recipient acknowledges that the Department is required to handle personal information in accordance with the Privacy Act, R.S. 1985, c. P-21 and agrees to comply with any additional requirement established by the Department that is reasonably required to ensure that the Department meets its obligations under this Act. 7.3 In carrying out the Project, the Recipient will limit their collection of personal information to only that which is necessary for them to carry out their programming, and must be proportional to perform the benefit to be derived from the expected outcomes of the Projectservices or activities described in Schedule 1. 7.3 Personal 7.4 The Recipient must: A) treat all personal information shall be treated collected in carrying out the Project as confidential and not disclosed disclose it to any person, other than the clientEligible Client to whom it relates, except in accordance with applicable law. The Recipient may share client personal information with third parties for the purposes of delivering the Project under this Agreement only with the client's prior consent provided in writing, where a formal information sharing agreement is in place, and in accordance with relevant privacy legislation. When requested, the Recipient shall must provide clients Eligible Clients with reasonable access to view their information that was collected for purposes of programming funded by the Department. 7.4 B) safeguard appropriately for its level of classification or designation, collected protected information. Protected information must be retained only for as long as the Eligible Client continues to receive services, after which all copies of the record must be immediately destroyed. The manner of destruction must be appropriate to the level of classification or designation and the storage media in which it has been retained. If the Recipient is required to maintain the record for uses outside of the Agreement, all identifying information specific to the Department must be removed. 7.5 The Recipient shall must take all security measures reasonably necessary to protect any such personal information collected in carrying out the Project using methods that are generally used by prudent public and private sector organizations. These measures must meet the requirements, standards or guidelines found in applicable policy, directives or protocols of the Government of Canada, including those set out in any instructions issued by the Department for the protection of personal information against unauthorized use or disclosure. Recipients delivering a Project outside Canada will ensure cross-border transmission of personal information between its offices in countries where the Recipient is delivering the Project and fulfilling its obligations pursuant to this Agreement must only be done when necessary or required for the performance of the Project and shall must be in compliance with all sections of this Agreement. If requested by the Department, the Recipient shall must provide a description of cross-border transmission of information that is necessary for the Project. 7.5 7.6 Where the Recipient has reasonable grounds to believe that there has been loss, theft, unauthorized access, disclosure, copying, use, modification modification, disposal, or destruction of personal information, or any incident that may jeopardize the security or integrity of personal information, it will immediately notify the Department of the full details of the privacy breach. The Recipient will also immediately take all reasonable steps to stop and contain the impact of the breach, assess and resolve the problem, and prevent its recurrence. The Department may direct the Recipient to take specified steps to resolve and prevent a recurrence. 7.6 7.7 Despite the provisions of this Agreement, in the event that the Recipient is compelled to produce any personal information collected in carrying out the Project pursuant to any applicable legislation, regulation, or any order of any court, tribunal, administrative body or other authority with jurisdiction, whether in or outside of Canada, the Recipient shall must notify the Department and the affected client Eligible Client immediately, and where possible, in advance. 7.7 In addition 7.8 Where the Recipient collects personal information that is required to provide to the above as it relates to Department under clause 6.6 specifically7.2, the Recipient agrees: : A) ) i) to make available provide to Eligible Clients the "Gathering Information" pamphlet that explains the purpose and privacy implications of collecting a clientan Eligible Client's information; ii) if information for the client is illiterate, to verbally transmit the contents purposes of the pamphlet; and iii) to comply with the systems' related privacy and security manual and other departmental policies and instructions governing security matters.Project;

PRIVACY AND SECURITY OBLIGATIONS. 7.1 Personal information collected or maintained by the The Recipient within Canada is subject will ensure that it conforms with any obligations applicable to the provisions of the applicable federal, provincial or territorial privacy and access to information legislation or the it under Personal Information Protection and Electronic Documents Act (PIPEDA)Act, S.C. 2000, c. 5, or similar legislation in effect from time to time in any province or territory of Canada, where it collects personal information in the course of carrying out the Project. If the Recipient believes that any obligations in the Agreement prevent it from meeting its obligations under any of these laws, the Recipient must immediately notify the Department of the specific provision of the Agreement and the specific obligation under the law with which the Recipient believes it conflicts. Recipients delivering a Project overseas will: A) comply with the current national or domestic laws of the countries where services are being provided, including any laws that may be enacted after the beginning of the Agreement; and B) acknowledge that nothing in the applicable laws derogates from, prevents compliance with or conflicts with the requirements of this Agreement. The Recipient must notify the Department immediately, and where possible in advance, of a change to applicable laws that derogates from, prevent compliance or conflict with the requirements of this Agreement. 7.2 Recipients Where the Recipient provides direct services to Eligible Clients under the Project, it will provide information to the Department on the use of these services by Eligible Clients through the data collection system provided by the Department. This information will be used by the Department in support of evaluation and planning for the Resettlement Assistance Program and the Settlement Program and select information may also be disclosed to other funding recipients providing direct services to the same Eligible Clients as the Recipient to facilitate service delivery to these Eligible Clients. The Recipient acknowledges that the Department is required to handle personal information in accordance with the Privacy Act, R.S. 1985, c. P-21 and agrees to comply with any additional requirement established by the Department that is reasonably required to ensure that the Department meets its obligations under this Act. 7.3 In carrying out the Project, the Recipient will limit their collection of personal information to only that which is necessary for them to carry out their programming, and must be proportional to perform the benefit to be derived from the expected outcomes of the Projectservices or activities described in Schedule 1. 7.3 Personal 7.4 The Recipient must: A) treat all personal information shall be treated collected in carrying out the Project as confidential and not disclosed disclose it to any person, other than the clientEligible Client to whom it relates, except in accordance with applicable law. The Recipient may share client personal information with third parties for the purposes of delivering the Project under this Agreement only with the client's prior consent provided in writing, where a formal information sharing agreement is in place, and in accordance with relevant privacy legislation. When requested, the Recipient shall must provide clients Eligible Clients with reasonable access to view their information that was collected for purposes of programming funded by the Department. 7.4 B) safeguard appropriately for its level of classification or designation, collected protected information. Protected information must be retained only for as long as the Eligible Client continues to receive services, after which all copies of the record must be immediately destroyed. The manner of destruction must be appropriate to the level of classification or designation and the storage media in which it has been retained. If the Recipient is required to maintain the record for uses outside of the Agreement, all identifying information specific to the Department must be removed. 7.5 The Recipient shall must take all security measures reasonably necessary to protect any such personal information collected in carrying out the Project using methods that are generally used by prudent public and private sector organizations. These measures must meet the requirements, standards or guidelines found in applicable policy, directives or protocols of the Government of Canada, including those set out in any instructions issued by the Department for the protection of personal information against unauthorized use or disclosure. Recipients delivering a Project outside Canada will ensure cross-border transmission of personal information between its offices in countries where the Recipient is delivering the Project and fulfilling its obligations pursuant to this Agreement must only be done when necessary or required for the performance of the Project and shall must be in compliance with all sections of this Agreement. If requested by the Department, the Recipient shall must provide a description of cross-border transmission of information that is necessary for the Project. 7.5 7.6 Where the Recipient has reasonable grounds to believe that there has been loss, theft, unauthorized access, disclosure, copying, use, modification modification, disposal, or destruction of personal information, or any incident that may jeopardize the security or integrity of personal information, it will immediately notify the Department of the full details of the privacy breach. The Recipient will also immediately take all reasonable steps to stop and contain the impact of the breach, assess and resolve the problem, and prevent its recurrence. The Department may direct the Recipient to take specified steps to resolve and prevent a recurrence. 7.6 7.7 Despite the provisions of this Agreement, in the event that the Recipient is compelled to produce any personal information collected in carrying out the Project pursuant to any applicable legislation, regulation, or any order of any court, tribunal, administrative body or other authority with jurisdiction, whether in or outside of Canada, the Recipient shall must notify the Department and the affected client Eligible Client immediately, and where possible, in advance. 7.7 In addition 7.8 Where the Recipient collects personal information that is required to provide to the above as it relates to Department under clause 6.6 specifically7.2, the Recipient agrees: : A) ) i) to make available provide to Eligible Clients the "Gathering Information" pamphlet that explains the purpose and privacy implications of collecting a clientan Eligible Client's information; information for the purposes of the Project; ii) if the client Eligible Client is illiterate, to verbally transmit the contents of the pamphlet; and and iii) to comply with the data collection systems' related privacy and security manual and other departmental policies and instructions governing security mattersmanual.