Common use of Privacy and Security Requirements Clause in Contracts

Privacy and Security Requirements. The parties to the Custodial Agreement are required to protect the Confidential Information in accordance with applicable direction and guidelines from the Treasury Board of Canada, or their equivalent in the case of the Custodian, with respect to the protection of "Protected B" data, including guidance from CSE (ITSG-33) which aligns with the ISO 27001 framework. Further as a federal government institution, the Custodian acknowledges that the Trust is subject to the Access to Information Act (Canada) and the Privacy Act (Canada) and therefore the Custodian agrees to submit to whatever reasonable measures are necessary in order to ensure that the Trust can comply with these laws and their related regulations, policies, and directives ("ATIP Legislation"). As such, the Custodian agrees: (i) to protect any Personal Information that it may access through the course of providing Custodial Services under this Custodial Agreement in a manner that is compatible with provisions of ATIP Legislation; and (ii) that it has in place appropriate privacy protection measures to safeguard all the Confidential Information that it has access to under this Custodial Agreement. More specifically, the Custodian shall, as required by the provisions of Section 11.10 of this Custodial Agreement, comply with the security requirements described below at all times.

Privacy and Security Requirements. The parties to the Custodial CPA Agreement are required to protect the Confidential Information in accordance with applicable direction and guidelines from the Treasury Board of Canada, or their equivalent in the case of the CustodianCPA, with respect to the protection of "“Protected B" ” data, including guidance from CSE (ITSG-33) which aligns with the ISO 27001 framework. Further as a federal government institution, the Custodian CPA acknowledges that the Trust is subject to the Access to Information Act (Canada) and the Privacy Act (Canada) and therefore the Custodian CPA agrees to submit to whatever reasonable measures are necessary in order to ensure that the Trust can comply with these laws and their related regulations, policies, and directives ("“ATIP Legislation"”). As such, the Custodian CPA agrees: (i) to protect any Personal Information that it may access through the course of providing Custodial CPA Services under this Custodial CPA Agreement in a manner that is compatible with provisions of ATIP Legislation; and (ii) that it has in place appropriate privacy protection measures to safeguard all the Confidential Information that it has access to under this Custodial CPA Agreement. More specifically, the Custodian CPA shall, as required by the provisions of Section 11.10 12.10 of this Custodial CPA Agreement, comply with the security requirements described below at all times.