Security and Safeguarding Information Clause Samples
The Security and Safeguarding Information clause establishes the obligation of parties to protect sensitive or confidential information from unauthorized access, disclosure, or misuse. Typically, this clause outlines the specific types of information that must be safeguarded, such as personal data, trade secrets, or proprietary business details, and may require the implementation of certain security measures like encryption or restricted access. Its core practical function is to ensure that valuable or sensitive information remains protected throughout the course of the agreement, thereby reducing the risk of data breaches and maintaining trust between the parties.
Security and Safeguarding Information. (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the ▇▇▇▇▇-▇▇▇▇▇-▇▇▇▇▇▇ Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (“FTC”) (the “Safeguards Rule”). Additionally, state specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that:
(i) It will use commercially reasonable efforts to safeguard and protect the confidentiality of any Confidential Information and agrees, warrants, and represents that it has or will implement and maintain appropriate safeguards designed to safeguard and protect the confidentiality of any Confidential Information.
(ii) It will not disclose or use Confidential Information provided except for the purposes as set in the Agreement, including as permitted under the Act and its implementing regulations, or other applicable law.
(iii) It acknowledges that the providing party is required by the Safeguards Rule to take reasonable steps to assure itself that its service providers maintain sufficient procedures to detect and respond to security breaches, and maintain reasonable procedures to discover and respond to widely-known security failures by its service providers. It agrees to furnish to the providing party that appropriate documentation to provide such assurance.
(iv) It understands that the FTC may, from time to time, issue amendments to and interpretations of its regulations implementing the provisions of the Act, and that pursuant to its regulations, either or both of the parties hereto may be required to modify their policies and procedures regarding the collection, use, protection, and/or dissemination of Non-Public Personal Information. Additionally, states may issue amendments to and interpretations of existing regulations,...
Security and Safeguarding Information. (a) With respect to Confidential Information, each of the parties agrees that:
(i) It will use commercially reasonable efforts to safeguard and protect the confidentiality of any Confidential Information and agrees, warrants, and represents that it has or will implement and maintain appropriate safeguards designed to safeguard and protect the confidentiality of any Confidential Information.
(ii) It will not disclose or use Confidential Information provided except for the purposes as set in the Agreement, including as permitted under the Act and its implementing regulations, or other applicable law.
(iii) By the signing of this Agreement, each party certifies that it has a written, comprehensive information security program that is in compliance with federal and state laws that are applicable to its respective organization and the types of Confidential Information it receives.
(b) Asset Representations Reviewer will promptly notify the Depositor or the Trustee in the event it becomes aware of any unauthorized or suspected acquisition of data or Confidential Information that compromises the security, confidentiality or integrity of the Depositor’s or the Trustee’s Confidential Information, whether internal or external. The disclosure will include the date and time of the breach along with specific information compromised along with the monitoring logs, to the extent then known. The Asset Representations Reviewer will use commercially reasonable efforts to take remedial action to resolve such breach.
(c) The Asset Representations Reviewer will cooperate with and provide information to the Depositor and the Trustee regarding the Asset Representations Reviewer’s compliance with this Section 4.9.
Security and Safeguarding Information. The Company shall use security tools and technologies that meet or exceed industry standards in providing services under this Agreement. In the event that student data is no longer needed for the specific purpose for which it was provided, including any copies of the student data that may reside in system backups, temporary files, or other storage media, it shall be destroyed as per best practices for data destruction or returned to the Board using commercially reasonable care, security procedures and practices. The Company shall implement current commercially reasonable and acceptable security measures and technologies to prevent unauthorized access to, or use, disclosure, or loss of student data. Such measures shall in no event be less stringent than those used by other companies providing services similar to the services or possessing similar type information. Such measures shall include, where appropriate, use of updated firewalls, virus screening software, logon identification and passwords, encryption, intrusion detection systems, logging of incidents, periodic reporting, and prompt application of current security patches, virus definitions, and other updates.
(1) use technologies and methodologies that are consistent with the guidance issued pursuant to section 13402(h)(2) of Public Law 111-5 (the American Recovery and Reinvestment Act of 2009, which includes the HITECH Act), (2) maintain technical safeguards as it relates to the possession of student data in a manner consistent with the provisions of 45 CFR 164. 312 (the Health Insurance Portability and Accountability Act (HIPPA) “Technical Safeguards” section), and (3) otherwise meet or exceed industry standards. The security procedures and practices are detailed below and further detailed in The Company’s Statement of Security. The Contract shall restrict access to student data to only those employees that need to access the data in order for the Contractor to perform the agreed upon services. Information or student data collected and stored from and on behalf of the Board and its students shall be stored and maintained separately from the information of any other customers, school or user. The Board retains the right to audit the security and privacy of student data. The Contractor shall notify the Board in writing about any changes that will affect the availability, security, storage, usage or disposal of student data.