Common use of Return/Destruction of Information Clause in Contracts

Return/Destruction of Information. Within thirty (30) days after Utility’s written demand, ESE shall (and shall cause its Third Party Representatives to) cease to access and Process Confidential Utility Information and shall at the Utility’s option: (A) return such Confidential Utility Information to Utility in such manner, format, and timeframe as reasonably requested by Utility or, if not so directed by Utility, (B) Destroy all copies of all Confidential Utility Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Information) that has come into ESE’s or its Third Party Representatives’ possession, including destroying Confidential Utility Information from all systems, records, archives, and backups of ESE and its Third Party Representatives, and all subsequent access, use, and Processing of the Confidential Utility Information by ESE and its Third Party Representatives shall cease. Notwithstanding the foregoing, ESE and its Third Party Representatives shall not be obligated to erase Confidential Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that ESE and its Third Party Representatives shall (1) not have experienced a Data Security Incident, (2) not permit access to or recovery of Confidential Utility Information from such computer backup system and (3) keep all such Confidential Utility Information confidential in accordance with this Addendum. ESE shall, upon request, certify to Utility that the destruction by ESE and its Third Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE complete, execute, and deliver to Utility a certification and (B) obtaining substantially similar certifications from its Third Party Representatives and maintaining them on file. Compliance with this Section 8 shall not relieve ESE from compliance with the other provisions of this Addendum. The written demand to destroy or return Confidential Utility Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or DER UBP, the Utility has been notified of a potential or actual Data Security Incident or the Confidential Utility Information has been held for a period in excess of its retention period. The obligations under this Section shall survive any expiration of termination of this Addendum.

Return/Destruction of Information. Within thirty (30) days after Utility’s written demand, ESE shall (and shall cause its Third Third-Party Representatives to) cease to access and Process Confidential Utility Information and shall at the Utility’s option: (A) return such Confidential Utility Information to Utility in such manner, format, and timeframe as reasonably requested by Utility or, if not so directed by Utility, (B) Destroy shred, permanently erase and delete, degauss or otherwise modify so as to make unreadable, unreconstructible and indecipherable (“Destroy”) all copies of all Confidential Utility Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Information) that has come into ESE’s or its Third Third-Party Representatives’ possession, including destroying Destroying Confidential Utility Information from all systems, records, archives, and backups of ESE and its Third Third-Party Representatives, and all subsequent access, use, and Processing of the Confidential Utility Information by ESE and its Third Third-Party Representatives shall ceasecease provided any items required to be maintained by governmental administrative rule or law or necessary for legitimate business or legal needs will not be destroyed until permitted and will remain subject to confidentiality during the retention period. ESE agrees that upon a customer revocation of consent, ESE warrants that it will no longer access through Utility Confidential Utility Information and that it will Destroy any Confidential Utility Information in its or its Third-Party Representative’s possession. Notwithstanding the foregoing, ESE and its Third Third-Party Representatives shall not be obligated to erase Confidential Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that ESE and its Third Third-Party Representatives shall shall: (1) not have experienced a an actual Data Security Incident, (2) not permit access to or recovery of Confidential Utility Information from such computer backup system and (3) keep all such Confidential Utility Information confidential in accordance with this Addendum. ESE shall, upon request, certify to Utility that the destruction by ESE and its Third Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE complete, execute, and deliver to Utility a certification and (B) obtaining substantially similar certifications from its Third Party Representatives and maintaining them on file. Compliance with this Section 8 shall not relieve ESE from compliance with the other provisions of this Addendum. The written demand to destroy or return Confidential Utility Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or DER UBP, the Utility has been notified of a potential or actual Data Security Incident or the Confidential Utility Information has been held for a period in excess of its retention period. The obligations under this Section shall survive any expiration of termination of this Addendum.;

Return/Destruction of Information. Within ten thirty (301030[PAC29]) days after Utility’s written demand, ESE ESCOESE shall (and shall cause its Third Party Representatives to) cease to access and Process Confidential Utility Information and shall at the Utility’s option: : (A) return such Confidential Utility Information to Utility in such manner, format, and timeframe as reasonably requested by Utility or, if not so directed by Utility, , (B) Destroy all copies of all Confidential Utility Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Information) that has come into ESEESCOESE’s or its Third Party Representatives’ possession, including destroying Confidential Utility Information from all systems, records, archives, and backups of ESE ESCOESE and its Third Party Representatives, and all subsequent access, use, and Processing of the Confidential Utility Information by ESE ESCOESE and its Third Party Representatives shall cease. Notwithstanding the foregoing, ESE ESCOESE and its Third Party Representatives shall not be obligated to erase Confidential Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that ESE ESCOESE and its Third Party Representatives shall (1) not have experienced a Data Security Incident, (2) not permit access to or recovery of Confidential Utility Information from such computer backup system and (3) keep all such Confidential Utility Information confidential in accordance with this Addendum. ESE ESCOESE shall, upon request, certify to Utility that the destruction by ESE ESCOESE and its Third Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE ESCOESE complete, execute, and deliver to Utility a certification and (B) obtaining substantially similar certifications from its Third Party Representatives and maintaining them on file. Compliance with this Section 8 shall not relieve ESE ESCOESE from compliance with the other provisions of this Addendum. The written demand to destroy or return Confidential Utility Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or DER UBP, the Utility has been notified of ofr a potential or actual Data Security Incident or the Confidential Utility Information has been held for a period in excess of its retention periodperiod[PAC30]. The obligations under this Section shall survive any expiration of termination of this Addendum.

Return/Destruction of Information. Within thirty ten (3010) days after Utility’s written demand, ESE Third Party shall (and shall cause its Third Party Representatives to) cease to access and Process Confidential Utility Information and shall at the Utility’s option: : (A) return such Confidential Utility Information to Utility in such manner, format, and timeframe as reasonably requested by Utility or, if not so directed by Utility, , (B) Destroy all copies of all Confidential Utility Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Information) that has come into ESEThird Party’s or its Third Party Representatives’ possession, including destroying Confidential Utility Information from all systems, records, archives, and backups of ESE Third Party and its Third Party Representatives, and all subsequent access, use, and Processing of the Confidential Utility Information by ESE Third Party and its Third Party Representatives shall cease. Notwithstanding the foregoing, ESE Third Party and its Third Party Representatives shall not be obligated to erase Confidential Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that ESE Third Party and its Third Party Representatives shall (1) not have experienced a Data Security Incident, (2) not permit access to or recovery of Confidential Utility Information from such computer backup system and (3) keep all such Confidential Utility Information confidential in accordance with this AddendumAgreement. ESE Third Party shall, upon request, certify to Utility that the destruction by ESE Third Party and its Third Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE Third Party complete, execute, and deliver to Utility a certification and (B) obtaining substantially similar certifications from its Third Party Representatives and maintaining them on file. Compliance with this Section 8 shall not relieve ESE from compliance with the other provisions of this Addendum. The written demand to destroy or return Confidential Utility Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or DER UBP, the Utility has been notified of a potential or actual Data Security Incident or the Confidential Utility Information has been held for a period in excess of its retention period. The obligations under this Section shall survive any expiration of termination of this Addendum.and

Return/Destruction of Information. Within thirty ten (3010) days after Utility’s Utility’sthe Parties’ written demand, ESE the Parties shall (and Third Party shall (and shall cause its Third Party Representatives to) cease to access and Process Processing of Confidential Utility Information or Confidential Third Party Information, and shall at the Utility’s demanding Party’s option: : (A) return such Confidential Utility Information to Utility Utilityor Confidential Third Party Information in such manner, format, and timeframe as reasonably requested by Utility Utility, or, if not so directed by Utility, Utilitytechnically feasible, (B) Destroy Destroymake reasonable efforts to destroy all copies of all Confidential Utility Information or Confidential Third Party Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Information or Confidential Third Party Information, unless the Party is legally required to keep such information, which in that event, the Party may keep one copy for legal purposes) that has come into ESEthe Parties’ possession (or the possession of Third Party’s or its Third Party Representatives’ possession,), including making reasonable efforts to destroying Confidential Utility Information or Confidential Third Party Information from all systems, records, archives, and backups (including backups of ESE Third Party and its Third Party Party’s Representatives,), and all subsequent access, use, and Processing of the Confidential Utility Information by ESE and its Third Party Representatives and itsor Confidential Third Party Information (including by Third Party’s Representatives) shall cease. Notwithstanding the foregoing, ESE and its Third Party Representatives and itsif such destruction is not technically feasible, or the Party is legally required to maintain one copy, such Party (including Third Party’s Representatives) shall not be obligated to erase Confidential Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, ,or Confidential Third Party Information provided that ESE the Parties, and its Third Party and itsParty’s Representatives shall (1) not have experienced a Data Security Incident, (2) not permit access to or recovery of Confidential Utility Information from such computer backup system and (3) ), agree to keep all such Confidential Utility Information and Confidential Third Party Information confidential in accordance with this AddendumAgreement. ESE Third Party for as long as such information is maintained. The Parties shall, upon request, certify to Utility Utilitythe other that the destruction by ESE Third Party and its Third Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE Thirdsuch Party complete, execute, and deliver to Utility Utilitythe other Party a certification and (B) obtaining obtaining. Third Party agrees to obtain substantially similar certifications from its Third Party Representatives 8. and maintaining maintainingmaintain them on file. Compliance with this Section 8 87 shall not relieve ESE Third Partythe Parties from compliance with the other provisions of this Addendum. The written demand to destroy or return Confidential Utility Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or DER UBP, the Utility has been notified of a potential or actual Data Security Incident or the Confidential Utility Information has been held for a period in excess of its retention periodAgreement. The obligations under this Section shall survive any expiration of termination of this AddendumAgreement.

Return/Destruction of Information. Within thirty (30) days after UtilityE-Source’s written demand, ESE shall (and shall cause its Third Third-Party Representatives to) cease to access and Process Confidential Utility Customer Information and shall at the Utility’s E-Source's option: : (A) return such Confidential Utility Customer Information to Utility E-Source in such manner, format, and timeframe as reasonably requested by Utility E-Source or, if not so directed by Utility, E- Source, (B) Destroy shred, permanently erase and delete, degauss or otherwise modify so as to make unreadable, unreconstructible and indecipherable (“Destroy”) all copies of all Confidential Utility Customer Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Customer Information) that has come into ESE’s 's or its Third Third-Party Representatives’ possession, including destroying Destroying Confidential Utility Customer Information from all systems, records, archives, and backups of ESE and its Third Third-Party Representatives, and all subsequent access, use, and Processing of the Confidential Utility Customer Information by ESE and its Third Third-Party Representatives shall cease, provided any items required to be maintained to meet reporting requirements as set forth by federal, state, and/or local laws, regulations, rules, NY state policies, or executive directives, by governmental administrative rule or law or necessary for legitimate legal needs will not be destroyed until permitted and will remain subject to confidentiality during the retention period. If E-Source requires the return or destruction of Confidential Customer Information, E-Source will specify the reason for the demand. ESE agrees that upon a Customer revocation of consent, ESE warrants that it will no longer access Confidential Customer Information and that it will Destroy any Confidential Customer Information of that Customer in its or its Third-Party Representative’s possession. Notwithstanding the foregoing, ESE and its Third Third-Party Representatives shall not be obligated to erase Confidential Utility Customer Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that ESE and its Third Third-Party Representatives shall shall: (1) not have experienced a an actual Data Security Incident, ; (2) not permit maintain Cybersecurity and Data Privacy Protections and Data Protection Requirements to limit access to or recovery of Confidential Utility Customer Information from such computer backup system and (3) keep all such Confidential Utility Information confidential in accordance with this Addendum. ESE shall, upon request, certify to Utility that the destruction by ESE and its Third Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE complete, execute, and deliver to Utility a certification and (B) obtaining substantially similar certifications from its Third Party Representatives and maintaining them on file. Compliance with this Section 8 shall not relieve ESE from compliance with the other provisions of this Addendum. The written demand to destroy or return Confidential Utility Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or DER UBP, the Utility has been notified of a potential or actual Data Security Incident or the Confidential Utility Information has been held for a period in excess of its retention period. The obligations under this Section shall survive any expiration of termination of this Addendum.and;

Return/Destruction of Information. Within thirty (30) days after UtilityCompany’s written demanddemand in accordance with this Section 8, ESE shall (and shall cause its Third Third-Party Representatives to) ), subject to applicable federal, state and local laws, rules, regulations and orders, cease to access and Process Confidential Utility Company Information and shall at the UtilityCompany’s option: : (A) return such Confidential Utility Company Information to Utility Company in such manner, format, and timeframe as reasonably requested by Utility Company or, if not so directed by Utility, Company, (B) Destroy shred, permanently erase and delete, degauss or otherwise modify so as to make unreadable, unreconstructible and indecipherable (“Destroy”) all copies of all Confidential Utility Company Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Company Information) that has come into ESE’s or its Third Third-Party Representatives’ possession, including destroying Destroying Confidential Utility Company Information from all systems, records, archives, and backups of ESE and its Third Third-Party Representatives, and all subsequent access, use, and Processing of the Confidential Utility Company Information by ESE and its Third Third-Party Representatives shall ceasecease provided any items, including Confidential Company Information required to be maintained by governmental administrative rule or law or necessary for legitimate business or legal needs will not be destroyed until permitted and will remain subject to confidentiality during the retention period. Company, when making a written demand of ESE for the return or destruction of Confidential Company Information will specify the reason for the demand. ESE agrees that upon a customer revocation of consent, ESE warrants that it will no longer access through Company such Customer’s Confidential Company Information. Notwithstanding the foregoing, ESE and its Third Third-Party Representatives shall not be obligated to erase Confidential Utility Company Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that ESE and its Third Third-Party Representatives shall shall: (1) not have experienced a an actual Data Security Incident, ; (2) not permit maintain data security protections to limit access to or recovery of Confidential Utility Company Information from such computer backup system and and; (3) keep all such Confidential Utility Company Information confidential in accordance with this AddendumAgreement. ESE shall, upon request, certify to Utility Company that the destruction by ESE and its Third Third-Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE complete, execute, and deliver to Utility Company a certification and (B) obtaining substantially similar certifications from its Third Third-Party Representatives and maintaining them on file. Compliance with this Section 8 shall not relieve ESE from compliance with the other provisions of this AddendumAgreement. The written demand to destroy Destroy or return Confidential Utility Company Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or DER UBPGoverning Documents, the Utility Company has been notified of a potential suspected or actual Data Security Incident and Company has a reasonable belief of potential ongoing harm to Company’s IT Systems, or the Confidential Utility Company Information has been held for a period in excess of its retention periodperiod as required by any applicable law, rule, regulation or order. Notwithstanding the foregoing, an ESE will not be obligated to return or Destroy Confidential Company Information due to a suspected or actual Data Security Incident if ESE provides a written verification to the Company within 30 day period set forth above that i) a suspected Data Security Incident was not confirmed and did not result in an actual Data Security Incident, or ii) that the actual Data Security Incident has been resolved and appropriate controls have been implemented by the ESE to protect Company’s IT Systems and Company Confidential Information; provided that ESE’s actions and written verifications thereof are satisfactory to the Company and are subject to review and approval by Company, which approval shall not be unreasonably withheld or delayed. The obligations under this Section shall survive any expiration of termination of this AddendumAgreement. Subject to applicable federal, state and local laws, rules, regulations and orders, at ESE’s written demand and termination of electronic exchange of data with Company, Company will Destroy or return, at ESE’s option, Confidential ESE Information.

Return/Destruction of Information. Within thirty ten (3010) days after Utility’s the Parties’ written demand, ESE the Parties and Data Service Providers) shall (and shall cause its Third Party Representatives to) cease to access and Process Processing of Confidential Utility Information or Confidential Third Party Information, and shall at the Utilitydemanding Party’s option: (A) return such Confidential Utility Information to Utility or Confidential Third Party Information in such manner, format, and timeframe as reasonably requested by Utility requested, or, if not so directed by Utility, Utility technically feasible, (B) Destroy make reasonable efforts to destroy all copies of all Confidential Utility Information or Confidential Third Party Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Information or Confidential Third Party Information, unless the Party is legally required to keep such information, which in that event, the Party may keep one copy for legal purposes) that has come into ESEthe Parties’ possession (or the possession of Third Party’s or its Third Party RepresentativesData Service Providers’ possession), including making reasonable efforts to destroying Confidential Utility Information or Confidential Third Party Information from all systems, records, archives, and backups (including backups of ESE and its Third Party RepresentativesParty’s Data Service Providers), and all subsequent access, use, and Processing of the Confidential Utility Information by ESE and its confidential Third Party Representatives Information (including by Third Party’s Data Service Providers) shall cease. Notwithstanding the foregoing, ESE Third Party and its if such destruction is not technically feasible, or the Party is legally required to maintain one copy, such Party (including Third Party Representatives Party’s Data Service Providers) shall not be obligated to erase Confidential Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, or Confidential Third Party Information provided that ESE the Parties, and its Third Party Representatives Party’s Data Service Providers shall (1) not have experienced a Data Security Incident, (2) not permit access to or recovery of Confidential Utility Information from such computer backup system and (3) agree to keep all such Confidential Utility Information and Confidential Third Party Information confidential in accordance with this AddendumAgreement for as long as such information is maintained. ESE The Parties shall, upon request, certify to Utility the other that the destruction by ESE Third Party and its Third Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE such Party complete, execute, and deliver to Utility the other Party a certification and (B) obtaining obtaining. Third Party agrees to obtain substantially similar certifications from its Third Party Representatives Data Service Providers and maintaining maintain them on file. Compliance with this Section 8 7 shall not relieve ESE the Parties from compliance with the other provisions of this Addendum. The written demand to destroy or return Confidential Utility Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or DER UBP, the Utility has been notified of a potential or actual Data Security Incident or the Confidential Utility Information has been held for a period in excess of its retention periodAgreement. The obligations under this Section shall survive any expiration of termination of this AddendumAgreement.

Return/Destruction of Information. Within thirty ten (3010) days after Utility’s written demand, ESE Third Party shall (and shall cause its Third Party Representatives to) cease to access and Process Confidential Utility Information and shall at the Utility’s option: : (A) return such Confidential Utility Information to Utility in such manner, format, and timeframe as reasonably requested by Utility or, if not so directed by Utility, , (B) Destroy all copies of all Confidential Utility Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Information) that has come into ESEThird Party’s or its Third Party Representatives’ possession, including destroying Confidential Utility Information from all systems, records, archives, and backups of ESE Third Party and its Third Party Representatives, and all subsequent access, use, and Processing of the Confidential Utility Information by ESE Third Party and its Third Party Representatives shall cease. Notwithstanding the foregoing, ESE Third Party and its Third Party Representatives shall not be obligated to erase Confidential Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that ESE Third Party and its Third Party Representatives shall (1) not have experienced a Data Security Incident, (2) not permit access to or recovery of Confidential Utility Information from such computer backup system and (3) keep all such Confidential Utility Information confidential in accordance with this AddendumAgreement. ESE Third Party shall, upon request, certify to Utility that the destruction by ESE Third Party and its Third Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE Third Party complete, execute, and deliver to Utility a certification and (B) obtaining substantially similar certifications from its Third Party Representatives and maintaining them on file. Compliance with this Section 8 shall not relieve ESE from compliance with the other provisions of this Addendum. The written demand to destroy or return Confidential Utility Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or DER UBP, the Utility has been notified of a potential or actual Data Security Incident or the Confidential Utility Information has been held for a period in excess of its retention period. The obligations under this Section shall survive any expiration of termination of this Addendum.a