▇▇▇▇ of Rights for Data Privacy and Security Clause Samples

▇▇▇▇ of Rights for Data Privacy and Security. As required by Education Law Section 2-d, the Parents ▇▇▇▇ of Rights for Data Privacy and Security and the supplemental information for the Service Agreement are included as Exhibit A and Exhibit B, respectively, and incorporated into this DPA. Contractor shall complete and sign Exhibit B and append it to this DPA. Pursuant to Education Law Section 2-d, the EA is required to post the completed Exhibit B on its website.
View SourceView Similar (40)
▇▇▇▇ of Rights for Data Privacy and Security. The ▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇ Central School District seeks to use current technology, including electronic storage, retrieval, and analysis of information about students’ education experience in the district, to enhance the opportunities for learning and to increase the efficiency of our district and school operations. The ▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇ Central School District seeks to insure that parents have information about how the District stores, retrieves, and uses information about students, and to meet all legal requirements for maintaining the privacy and security of protected student data and protected principal and teacher data, including Section 2-d of the New York State Education Law. To further these goals, the ▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇ Central School District has posted this Parents’ ▇▇▇▇ of Rights for Data Privacy and Security.
View SourceView Similar (2)
▇▇▇▇ of Rights for Data Privacy and Security. CRCS is committed to protecting the privacy and security of student data and teacher and principal data. In accordance with New York Education Law Section 2-d and its implementing regulations, CRCS informs the school community of the following:
View Source
▇▇▇▇ of Rights for Data Privacy and Security. BELFAST CENTRAL SCHOOL DISTRICT is committed to protecting the privacy and security of student data and teacher and principal data. In accordance with New York Education Law Section 2-d and its implementing regulations, BELFAST CENTRAL SCHOOL DISTRICT informs the school community of the following: • A student's personally identifiable information cannot be sold or released for any commercial purposes. • Parents have the right to inspect and review the complete contents of their child's education record. • State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to encryption, firewalls, and password protection, must be in place when data is stored or transferred. • A complete list of all student data elements collected by New York State is available for public review at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data- privacy-security/student-data-inventory or by writing to the Office of Information and Reporting Services, New York State Education Department, Room 865 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. • Parents have the right to submit complaints about possible breaches of student data addressed. Complaints should be directed in writing to BELFAST CENTRAL SCHOOL DISTRICT Data Privacy Officer, ▇▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇▇▇, ▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇ or by using the form available at the following website: ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇/resources/new-york-state-education-law-2d/report-an-improper- disclosure/. Complaints may also be directed in writing to Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇ or by using the form available at the following website: ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy- security/report-improper-disclosure
View Source
▇▇▇▇ of Rights for Data Privacy and Security. The Enlarged City School District of Middletown is committed to protecting the privacy and security of student data and teacher and principal data. In accordance with New York Education Law Section 2-d and its implementing regulations, The Enlarged City School District of Middletown informs the school community of the following:
View Source
▇▇▇▇ of Rights for Data Privacy and Security. The AuSable Valley Central School is committed to protecting the privacy and security of student data and teacher and principal data. In accordance with New York Education Law Section 2-d and its implementing regulations, the District informs the school community of the following:
View Source
▇▇▇▇ of Rights for Data Privacy and Security. Client has provided to Tyler, and Tyler has reviewed, Client’s Parents ▇▇▇▇ of Rights for data privacy and security (“▇▇▇▇ of Rights”) in effect as of the Effective Date of the Agreement, and agrees to incorporate the ▇▇▇▇ of Rights by reference in its entirety, as if fully set forth herein. Any changes made by Client to its ▇▇▇▇ of Rights after the Effective Date shall not be incorporated into the Agreement unless agreed to by Tyler in writing. Client and Tyler agree to cooperate in good faith to address each party’s respective obligations under applicable data privacy and security requirements. Additionally, the following information is provided to assist Client with developing the supplemental information required by Part 121.3(c) of the NY Education Privacy Laws:
View Source
▇▇▇▇ of Rights for Data Privacy and Security. The Hamburg Central School District is committed to protecting the privacy and security of student data and teacher and principal data. In accordance with New York Education Law Section 2-d and its implementing regulations, the District informs the school community of the following:
View Source

Related to ▇▇▇▇ of Rights for Data Privacy and Security

  • Bill of Rights for Data Privacy and Security As required by Education Law Section 2-d, the Parents Bill of Rights for Data Privacy and Security and the supplemental information for the Service Agreement are included as Exhibit A and Exhibit B, respectively, and incorporated into this DPA. Contractor shall complete and sign Exhibit B and append it to this DPA. Pursuant to Education Law Section 2-d, the EA is required to post the completed Exhibit B on its website.

  • Data Privacy and Security Bank will implement and maintain a written information security program, in compliance with all federal, state and local laws and regulations (including any similar international laws) applicable to Bank, that contains reasonable and appropriate security measures designed to safeguard the personal information of the Funds’ shareholders, employees, trustees and/or officers that Bank or any Subcustodian receives, stores, maintains, processes, transmits or otherwise accesses in connection with the provision of services hereunder. In this regard, Bank will establish and maintain policies, procedures, and technical, physical, and administrative safeguards, designed to (i) ensure the security and confidentiality of all personal information and any other confidential information that Bank receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder, (ii) protect against any reasonably foreseeable threats or hazards to the security or integrity of personal information or other confidential information, (iii) protect against unauthorized access to or use of personal information or other confidential information, (iv) maintain reasonable procedures to detect and respond to any internal or external security breaches, and (v) ensure appropriate disposal of personal information or other confidential information. Bank will monitor and review its information security program and revise it, as necessary and in its sole discretion, to ensure it appropriately addresses any applicable legal and regulatory requirements. Bank shall periodically test and review its information security program. Bank shall respond to Customer’s reasonable requests for information concerning Bank’s information security program and, upon request, Bank will provide a copy of its applicable policies and procedures, or in Bank’s discretion, summaries thereof, to Customer, to the extent Bank is able to do so without divulging information Bank reasonably believes to be proprietary or Bank confidential information. Upon reasonable request, Bank shall discuss with Customer the information security program of Bank. Bank also agrees, upon reasonable request, to complete any security questionnaire provided by Customer to the extent Bank is able to do so without divulging sensitive, proprietary, or Bank confidential information and return it in a commercially reasonable period of time (or provide an alternative response that reasonably addresses the points included in the questionnaire). Customer acknowledges that certain information provided by Bank, including internal policies and procedures, may be proprietary to Bank, and agrees to protect the confidentiality of all such materials it receives from Bank. Bank agrees to resolve promptly any applicable control deficiencies that come to its attention that do not meet the standards established by federal and state privacy and data security laws, rules, regulations, and/or generally accepted industry standards related to Bank’s information security program. Bank shall: (i) promptly notify Customer of any confirmed unauthorized access to personal information or other confidential information of Customer (“Breach of Security”); (ii) promptly furnish to Customer appropriate details of such Breach of Security and assist Customer in assessing the Breach of Security to the extent it is not privileged information or part of an investigation; (iii) reasonably cooperate with Customer in any litigation and investigation of third parties reasonably deemed necessary by Customer to protect its proprietary and other rights; (iv) use reasonable precautions to prevent a recurrence of a Breach of Security; and (v) take all reasonable and appropriate action to mitigate any potential harm related to a Breach of Security, including any reasonable steps requested by Customer that are practicable for Bank to implement. Nothing in the immediately preceding sentence shall obligate Bank to provide Customer with information regarding any of Bank’s other customers or clients that are affected by a Breach of Security, nor shall the immediately preceding sentence limit Bank’s ability to take any actions that Bank believes are appropriate to remediate any Breach of Security unless such actions would prejudice or otherwise limit Customer’s ability to bring its own claims or actions against third parties related to the Breach of Security. If Bank discovers or becomes aware of a suspected data or security breach that may involve an improper access, use, disclosure, or alteration of personal information or other confidential information of Customer, Bank shall, except to the extent prohibited by Applicable Law or directed otherwise by a governmental authority not to do so, promptly notify Customer that it is investigating a potential breach and keep Customer informed as reasonably practicable of material developments relating to the investigation until Bank either confirms that such a breach has occurred (in which case the first sentence of this paragraph will apply) or confirms that no data or security breach involving personal information or other confidential information of Customer has occurred. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number, (f) passport number, or (g) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account. This provision will survive termination or expiration of the Agreement for so long as Bank or any Subcustodian continues to possess or have access to personal information related to Customer. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

  • Data Privacy and Security Laws The Company is, and at all prior times was, in material compliance with all applicable state and federal data privacy and security laws and regulations in the United States, including, without limitation, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health Act, and all applicable provincial and federal data privacy and security laws and regulations in Canada, including without limitation the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5) (“PIPEDA”); and the Company has taken commercially reasonable actions to prepare to comply with, and have been and currently are in compliance with, the European Union General Data Protection Regulation (“GDPR”) (EU 2016/679) (collectively, the “Privacy Laws”). To ensure compliance with the Privacy Laws, the Company has in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) Protected Health Information as defined by HIPAA; (iv) “personal information”, “personal health information”. and “business contact information” as defined by PIPEDA; (v) “personal data” as defined by GDPR; and (vi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. The Company has at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies: (i) it has not received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

  • Privacy and Security (a) Each of the Company and its Subsidiaries complies (and requires and monitors the compliance of applicable third parties) in all material respects with all applicable Laws relating to privacy or data security, and reputable industry practice, standards, self-governing rules and policies and their own published, posted and internal agreements and policies (which are in conformance with reputable industry practice) (all of the foregoing collectively, “Privacy Laws”) with respect to: (i) personally identifiable information (including name, address, telephone number, electronic mail address, social security number, bank account number or credit card number), sensitive personal information and any special categories of personal information regulated thereunder or covered thereby (“Personal Information”), whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners; and (ii) non-personally identifiable information, whether any of same is accessed or used by the Company or any of its Subsidiaries or any of their respective business partners. (b) Neither the Company nor any of its Subsidiaries uses, collects, or receives any Personal Information or sensitive non-personally identifiable information and does not become aware of the identity or location of, or identify or locate, any particular Person as a result of any receipt of such Personal Information, in a manner which would materially breach or violate any Privacy Laws and materially and adversely impact the business of the Company and its Subsidiaries, taken as a whole. (c) To the Company’s knowledge, Persons with which the Company or any of its Subsidiaries have contractual relationships have not breached any agreements or any Privacy Laws pertaining to Personal Information and to non-personally identifiable information. (d) To the Company’s knowledge, the Company and its Subsidiaries take all commercially reasonable steps to protect the operation, confidentiality, integrity and security of their respective business systems and websites and all information and transactions stored or contained therein or transmitted thereby against any unauthorized or improper use, access, transmittal, interruption, modification or corruption, and there have been no material breaches of same. Without limiting the generality of the foregoing, each of the Company and its Subsidiaries (i) uses industry standard encryption technology and (ii) has implemented a comprehensive security plan that (1) identifies internal and external risks to the security of the Company’s or its Subsidiaries’ confidential information and Personal Information and (2) implements, monitors and improves adequate and effective safeguards to control those risks.

  • Privacy and Data Security (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole. (b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data. (c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments. (d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data. (e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.