Protection of PII Clause Samples

The Protection of PII clause establishes requirements for safeguarding personally identifiable information (PII) handled by the parties to an agreement. It typically mandates that all PII be collected, stored, and processed in accordance with applicable privacy laws and industry standards, and may require specific security measures such as encryption or restricted access. This clause serves to minimize the risk of data breaches and unauthorized disclosures, ensuring that sensitive personal data is handled responsibly and in compliance with legal obligations.
POPULAR SAMPLE Copied 77 times
Protection of PII. Personally identifiable information (“PII”) shall be defined as information that identifies a Cardholder or identifies a Card, which is disclosed to MasterCard pursuant to this Agreement, along with the Transaction information directly associated with such Cardholder. PII includes, but is not limited to, Cardholder Card information or information that can identify an individual or be used to authenticate an individual. MasterCard will keep and maintain all PII in strict confidence, using such degree of care as is appropriate to avoid unauthorized access, use, or disclosure. MasterCard acknowledges and agrees that its access, use, storage, disposal, or disclosure of PII complies with federal and state privacy and data security laws. MasterCard is responsible for any unauthorized collection, access, use, storage, disposal, or disclosure of PII by its employees, agents, Affiliates or subcontractors.
View SourceView Similar (2)
Protection of PII. The parties agree - PII compiled for purposes of this Data Sharing Agreement will be stored on one or more of the following media and protected as described: 1) Workstation Hard disk drives may have PII stored on local workstation hard disks. Access to the PII will be restricted to authorized users by requiring logon to the local workstation using a unique user ID and complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. The hard drive must be encrypted to protect LCCC PII; 2) Network server disks may have PII stored on hard disks mounted on third party network servers and made available through shared folders. Access to the PII will be restricted to authorized users through the use of access control lists which will grant access only after the authorized user has authenticated to the network using a unique user ID and complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. PII will be hosted in National Institute of Standards and Technology (“NIST”) NIST 800-53 ▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇▇.▇▇▇/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf moderate compliant datacenters. Data is backed up daily to a primary datacenter and mirrored daily to an offsite storage location. All PII at rest will be encrypted using AES 256-bit encryption. PII transmissions are secured using either Transport Layer Security (TLS) or a Secure Sockets Layer (SSL) with up to 128-bit encryption. Designated OSU employees with access to PII have a unique login and password and/or; 3) PII storage on portable devices or media. a) LCCC PII shall not be stored on portable devices or media unless specifically, explicitly authorized in writing by LCCC Agreement Administrator or Technical Administrator. If so authorized, the PII shall be given the following protections: i. Encrypt the PII with a key length of at least 128 bits, ii. Control access to devices with a unique user ID and complex password or stronger authentication method such as a physical token or biometrics, iii. Manually lock devices whenever they are left unattended and set devices to lock automatically after a period of inactivity, if this feature is available. Maximum period of inactivity is 20 minutes and; iv. Physically protect the portable device(s) and/or media by: • Keeping them in locked storage when not in use; • Using check-in/check-out procedures when they are shared; and • Taking...
View Source
Protection of PII. We employ the following data security tools to protect Personally Identifiable Information: secure server with Secure Socket Layer (SSL). Unfortunately, even with these measures, we cannot guarantee the security of PII. By using our Website, you acknowledge and agree that we make no such guarantee, and that you use our Website at your own risk.
View Source
Protection of PII. The parties agree that PII compiled for purposes of this Data Sharing Agreement will be stored on one or more of the following media and protected as described: Workstation Hard disk drives may have PII stored on local workstation hard disks. Access to the PII will be restricted to authorized users by requiring logon to the local workstation using a unique user ID and complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. The hard drive must be encrypted to protect PARTNER PII in the event the device is lost or stolen. Network server disks may have PII stored on hard disks mounted on third party network servers and made available through shared folders. Access to the PII will be restricted to authorized users through the use of access control lists which will grant access only after the authorized user has authenticated to the network using a unique user ID and complex password or other authentication mechanisms which provide equal or greater security, such as biometrics or smart cards. PII will be hosted in SSAE 16 accredited datacenters. Data is backed up daily to a primary datacenter and mirrored in real time to multiple storage locations. All PII at rest will be encrypted using AES 256-bit encryption. PII transmissions are secured using either Transport Layer Security (TLS) or a Secure Sockets Layer (SSL) with up to 128-bit encryption. Designated LCCC employees with access to PII have a unique login and password. PII storage on portable devices or media. PARTNER PII shall not be stored on portable devices or media unless specifically, explicitly authorized in writing by THE PARTNER Agreement Administrator or Technical Administrator. If so authorized, the PII shall be given the following protections: Encrypt the PII with a key length of at least 128 bits. Control access to devices with a unique user ID and complex password or stronger authentication method such as a physical token or biometrics. Manually lock devices whenever they are left unattended and set devices to lock automatically after a period of inactivity, if this feature is available. Maximum period of inactivity is 20 minutes. Physically protect the portable device(s) and/or media by: Keeping them in locked storage when not in use; Using check-in/check-out procedures when they are shared; and Taking frequent inventories. When being transported outside of a secure area, portable devices and media with confidential PII m...
View Source
Protection of PII. Handbook 755.1 shall state (such as in Section 1-5) that all personally identifiable information (PII) will be protected as required under law, government-wide regulations, and government-wide policies.
View Source

Related to Protection of PII

  • Protection of PFPC PFPC shall be indemnified by the Fund and without liability for any action PFPC takes or does not take in reliance upon directions or advice or Oral Instructions or Written Instructions PFPC receives from or on behalf of the Fund or from counsel and which PFPC believes, in good faith, to be consistent with those directions or advice and Oral Instructions or Written Instructions. Nothing in this section shall be construed so as to impose an obligation upon PFPC (i) to seek such directions or advice or Oral Instructions or Written Instructions, or (ii) to act in accordance with such directions or advice or Oral Instructions or Written Instructions.

  • Protection of PFPC Trust PFPC Trust shall be indemnified by the Fund and without liability for any action PFPC Trust takes or does not take in reliance upon directions or advice or Oral Instructions or Written Instructions PFPC Trust receives from or on behalf of the Fund or from counsel and which PFPC Trust believes, in good faith, to be consistent with those directions or advice or Oral Instructions or Written Instructions. Nothing in this section shall be construed so as to impose an obligation upon PFPC Trust (i) to seek such directions or advice or Oral Instructions or Written Instructions, or (ii) to act in accordance with such directions or advice or Oral Instructions or Written Instructions.

  • Protection of Personal Data 25.1 The Parties agree that they may obtain and have access to personal data for the duration of the Agreement for the fulfilment of the rights and obligations contained herein. In performing the obligations as set out in this Agreement, the Parties shall at all times ensure that: a) they process data only for the express purpose for which it was obtained; b) once processed for the purposes for which it was obtained, all data will be destroyed to an extent that it cannot be reconstructed to its original form; c) data is provided only to authorised personnel who strictly require the personal data to carry out the Parties’ respective obligations under this Agreement; d) they do not disclose personal data of the other Party, other than in terms of this Agreement; e) they have all reasonable technical and organisational measures in place to protect all personal data from unauthorised access and/or use; f) they have appropriate technical and organisational measures in place to safeguard the security, integrity and authenticity of all data in its possession or under its control in terms of this Agreement; g) such personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access. 25.2 The Parties agree that if personal data will be processed for additional purposes beyond the original purpose for which it was obtained, explicit consent must be obtained beforehand from those persons whose information will be subject to further processing. 25.3 Should it be necessary for either Party to disclose or otherwise make available the personal data to any third party (including sub-contractors and employees), it may do so only with the prior written permission of the other Party. The Party requiring such permission shall require of all such third parties, appropriate written undertakings to be provided, containing similar terms to that set forth in this clause 25, and dealing with that third party's obligations in respect of its processing of the personal data. Following approval by the other Party, the Party requiring permission agrees that the provisions of this clause 25 shall mutatis mutandis apply to all authorised third parties who process personal data. 25.4 The Parties shall ensure that any persons authorized to process data on their behalf (including employees and third parties) will safeguard the security, integrity and authenticity of all data. Where necessary to meet this requirement, the Parties shall keep all personal data and any analyses, profiles, or documents derived therefrom logically separated from all other data and documentation held by it. 25.5 The Parties shall carry out regular assessments to identify all reasonably foreseeable internal and external risks to the personal data in its possession or under its control. The Parties shall implement and maintain appropriate safeguards against the risks which it identifies and shall also regularly verify that the safeguards which it has in place has been effectively implemented. 25.6 The Parties agree that they will promptly return or destroy any personal data in their possession or control which belongs to the other Party once it no longer serves the purpose for which it was collected in relation to this Agreement, subject to any legal retention requirements. This may be at the request of the other Party and includes circumstances where a person has requested the Parties to delete all instances of their personal data. The information will be destroyed in such a manner that it cannot be reconstructed to its original form, linking it to any particular individual or organisation.

  • Protection of Private Information If this Agreement requires City to disclose “Private Information” to Contractor within the meaning of San Francisco Administrative Code Chapter 12M, Contractor and subcontractor shall use such information only in accordance with the restrictions stated in Chapter 12M and in this Agreement and only as necessary in performing the Services. Contractor is subject to the enforcement and penalty provisions in Chapter 12M.

  • PROTECTION OF TEACHERS A. Any case of assault upon a teacher by a student or parent shall be promptly reported to the Board or its designated representative. The Board shall promptly render all reasonable assistance to the teacher in connection with handling of the incident by law enforcement and judicial authorities. Time lost by a teacher in connection with such an incident shall not be charged against the teacher. B. The Board recognizes its responsibility to give reasonable support and assistance to teachers with respect to the maintenance of control and discipline in the classroom. Whenever a teacher determines that a particular student requires the attention of special counselors, social workers, law enforcement personnel, physicians, or other professional persons, such determination shall be promptly called to the attention of the administration. C. Reasonable support and assistance to teachers shall also include protection from liability from students and/or parents in cases of student misuse of the district’s electronic resources. The Association shall notify the Board of any intentional written, verbal, or physical act communicated through the district’s electronic resources in order for the Board to take appropriate action. D. The Board, with the advice of the Association Executive Committee, shall promulgate rules and regulations setting forth the procedures to be used in disciplining, suspending, and expelling students for misbehavior and other infractions of school rules and policies. Such rules and regulations shall define and classify such infractions. Such rules and regulations shall be distributed to students, teachers and parents at the beginning of each school year. The Association shall annually be encouraged to review such rules and regulations and propose policy changes for the improvement of the Code of Conduct. E. A teacher will have the right to review the contents of all records of the district pertaining to said teacher, excluding original references, originating after initial employment and to have a representative of the Association accompany him to such review. No material originating after initial employment will be placed in his personnel file unless the teacher has had an opportunity to review the material and has been furnished with a copy thereof. The teacher may submit a written notation regarding any material and the same shall be attached to the file copy of the material in question. If the teacher believes the material to be placed in his file is in error, he may receive adjustment provided cause is shown through the grievance procedure, whereupon the material will be corrected or expunged from the file. If the teacher is asked to sign material placed in his file, such signature shall be expressly understood as indicating his awareness of the material, but in no instance shall said signature be interpreted to mean agreement with the content of the material. Any disagreement shall be noted. All recommendations, written or oral, shall be based solely upon the contents of the teacher's personnel file. Master personnel files for all teachers will be maintained in the office of the Superintendent. Duplicate files may be maintained by supervisory personnel as an administrative convenience. However, it is expressly agreed that such duplicate files shall be maintained in all respects in strict conformity with the provisions of this Section of this Agreement.