Additional Statutory and Regulatory Obligations Sample Clauses
Additional Statutory and Regulatory Obligations. Vendor acknowledges that it has the following additional obligations under Section 2-d with respect to any Protected Data received from the District, and that any failure to fulfill one or more of these statutory or regulatory obligations will be deemed a breach of the Master Agreement and the terms of this Data Sharing and Confidentiality Agreement:
(a) To limit internal access to Protected Data to only those employees or subcontractors that are determined to have legitimate educational interests within the meaning of Section 2-d and the Family Educational Rights and Privacy Act (FERPA); i.e., they need access in order to assist Vendor in fulfilling one or more of its obligations to the District under the Master Agreement.
(b) To not use Protected Data for any purposes other than those explicitly authorized in this Data Sharing and Confidentiality Agreement and the Master Agreement to which this Exhibit is attached.
(c) To not disclose any Protected Data to any other party, except for authorized representatives of Vendor using the information to carry out Vendor’s obligations to the District and in compliance with state and federal law, regulations and the terms of the Master Agreement, unless:
(i) the parent or eligible student has provided prior written consent; or
(ii) the disclosure is required by statute or court order and notice of the disclosure is provided to the District no later than the time of disclosure, unless such notice is expressly prohibited by the statute or court order.
(d) To maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of Protected Data in its custody.
(e) To use encryption technology to protect Protected Data in its custody while in motion or at rest, using a technology or methodology specified by the Secretary of the U.S. Department of Health and Human Services in guidance issued under Section 13402(H)(2) of Public Law 111-5.
(f) To adopt technologies, safeguards and practices that align with the NIST Cybersecurity Framework.
(g) To comply with the District’s policy on data security and privacy, Section 2-d and Part 121.
(h) To not sell Protected Data nor use or disclose it for any marketing or commercial purpose or facilitate its use or disclosure by any other party for any marketing or commercial purpose or permit another party to do so.
(i) To notify the District, in accordance with the provisions of Section 5 of this Data Sharing and Confidentiali...
Additional Statutory and Regulatory Obligations. Vendor acknowledges that it has the following additional obligations with respect to any Protected Data received from Participating Educational Agencies, and that any failure to fulfill one or more of these statutory or regulatory obligations shall be a breach of the MLSA and the terms of this Data Sharing and Confidentiality Agreement:
(a) Limit internal access to education records to those individuals that are determined to have legitimate educational interests within the meaning of Section 2-d and the Family Educational Rights and Privacy Act (FERPA).
(b) Limit internal access to Protected Data to only those employees or subcontractors that need access in order to assist Vendor in fulfilling one or more of its obligations under the MLSA.
(c) Not use education records for any purposes other than those explicitly authorized in this Data Sharing and Confidentiality Agreement.
(d) Not disclose any personally identifiable information to any other party, except for authorized representatives of Vendor using the information to carry out Vendor’s obligations under the MLSA, unless:
(i) the parent or eligible student has provided prior written consent; or
(ii) the disclosure is required by statute or court order and notice of the disclosure is provided to Participating Educational Agency no later than the time of disclosure, unless such notice is expressly prohibited by the statute or court order.
(e) Maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of personally identifiable student information in its custody;
(f) Use encryption technology that complies with Section 2-d, as more fully set forth in Erie 1 BOCES’ “Supplemental Information about the MLSA,” below.
(g) Provide notification to Erie 1 BOCES (and Participating Educational Agencies, to the extent required by, and in accordance with, Section 6 of this Data Sharing and Confidentiality Agreement) of any breach of security resulting in an unauthorized release of Protected Data by Vendor or its assignees or subcontractors in violation of state or federal law or other obligations relating to data privacy and security contained herein.
(h) Promptly reimburse Erie 1 BOCES, another BOCES, or a Participating School District for the full cost of notification, in the event they are required under Section 2-d to notify affected parents, students, teachers or principals of a breach or unauthorized release of Protected Data attributed to Ven...
Additional Statutory and Regulatory Obligations. Vendor acknowledges that it has the following additional obligations with respect to any Protected Data received from Participating Educational Agencies, and that any failure to fulfill one or more of these statutory or regulatory obligations shall be a breach of the MLSA and the terms of this Data Sharing and Confidentiality Agreement:
(a) Limit internal access to education records to those individuals that are determined to have legitimate educational interests within the meaning of Section 2-d and the Family Educational Rights and Privacy Act (FERPA).
(b) Limit internal access to Protected Data to only those employees or subcontractors that need access in order to assist Vendor in fulfilling one or more of its obligations under the MLSA.
(c) Not use education records for any purposes other than those explicitly authorized in this Data Sharing and Confidentiality Agreement.
(d) Not disclose any personally identifiable information to any other party, except for authorized representatives of Vendor using the information to carry out Vendor’s obligations under the MLSA, unless:
i. the applicable Participating Education Agency has directed and/or authorized Vendor to do so in writing; or
Additional Statutory and Regulatory Obligations. Vendor acknowledges additional obligations under Section 2-d and that any failure to fulfill one or more of these statutory or regulatory obligations will be deemed a breach of the Master Agreement and these Terms and Conditions. Vendor acknowledges and agrees to the following:
i. To limit internal access to Protected Data to only those employees or subcontractors that need access to the Protected Data in order to assist Vendor in fulfilling one or more of its obligations to the District under the Master Agreement.
ii. To not use Protected Data for any purposes not explicitly authorized in the Master Agreement or these Terms and Conditions.
iii. To not disclose any Protected Data to any other party, except for authorized employees, subcontractors, or assignees of Vendor using the information to carry out Vendor’s obligations to the District and in compliance with state and federal law, regulations and the terms of the Master Agreement, unless:
a. the parent or eligible student provided prior written consent; or
b. the disclosure is required by statute or court order and notice of the disclosure is provided to the District no later than the time of disclosure, unless such notice is expressly prohibited by the statute or court order.
iv. To maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of Protected Data in its custody.
v. To use encryption to protect Protected Data in its custody while in motion or at rest, using a technology or methodology specified or permitted by the Secretary of the U.S. Department of Health and Human Services in guidance issued under Section 13402(H)(2) of Public Law 111-5.
vi. To adopt technologies, safeguards and practices that align with the U.S. Department of Commerce National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity, “NIST Cybersecurity Framework” (Version 1.1).
vii. To not sell Protected Data nor use or disclose it for any marketing or commercial purpose or facilitate its use or disclosure by any other party for any marketing or commercial purpose or permit another party to do so.
Additional Statutory and Regulatory Obligations. Vendor acknowledges that it has the following additional obligations under Section 2-d with respect to any Protected Data received from the District, and that any failure to fulfill one or more of these statutory or regulatory obligations will be deemed a breach of the Master Agreement and the terms of this Data Sharing and Confidentiality Agreement:
(a) To limit internal access to Protected Data to only those employees or subcontractors that are determined to have legitimate educational interests within the meaning of Section 2-d and the Family Educational Rights and Privacy Act (FERPA);
Additional Statutory and Regulatory Obligations. 1
(a) To limit internal access to Protected Data to only those employees or subcontractors that are determined to have legitimate educational interests within the meaning of Section 2-d and the Family Educational Rights and Privacy Act (FERPA); i.e., they need access in order to assist Vendor in fulfilling one or more of its obligations to the District under the Master Agreement.
(b) To not use Protected Data for any purposes other than those explicitly authorized in this Data Sharing and Confidentiality Agreement and the Master Agreement to which this Exhibit is attached. Vendor may use de-identified, aggregate play date for product improvement and development.
(c) To not disclose any Protected Data to any other party, except for authorized representatives of Vendor using the information to carry out Vendor’s obligations to the District and in compliance with state and federal law, regulations and the terms of the Master Agreement, unless:
(i) the parent or eligible student has provided prior written consent; or
1 Nothing in Education Law Section 2-d or Part 121 specifically requires an educational agency to include within its contracts with third-party contractors this list of obligations that are imposed on third-party contractors by the statute and/or its implementing regulations. However, many school districts and other educational agencies have considered it a best practice to include these statutory and regulatory obligations within their third-party contracts.
(ii) the disclosure is required by statute or court order and notice of the disclosure is provided to the District no later than the time of disclosure, unless such notice is expressly prohibited by the statute or court order.
(d) To maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of Protected Data in its custody.
(e) To use encryption technology to protect Protected Data in its custody while in motion or at rest, using a technology or methodology specified by the Secretary of the U.S. Department of Health and Human Services in guidance issued under Section 13402(H)(2) of Public Law 111-5.
(f) To adopt technologies, safeguards and practices that align with the NIST Cybersecurity Framework.
(g) To comply with the District’s policy on data security and privacy, Section 2- d and Part 121.
(h) To not sell Protected Data nor use or disclose it for any marketing or commercial purpose or facilitate its use or disclosure b...
Additional Statutory and Regulatory Obligations. Vendor acknowledges that it has the following additional obligations under Section 2-d with respect to any Protected Data received from the District, and that any failure to fulfill one or more of these statutory or regulatory obligations will be deemed a breach of the Master Agreement and the terms of this Data Sharing and Confidentiality Agreement:
(a) To limit internal access to Protected Data to only those employees or subcontractors that are determined to have legitimate educational interests within the meaning of Section 2-d and the Family Educational Rights and Privacy Act (FERPA); i.e., they need access in order to assist Vendor in fulfilling one or more of its obligations to the District under the Master Agreement.
(b) To not use Protected Data for any purposes other than those explicitly authorized in this Data Sharing and Confidentiality Agreement and the Master Agreement to which this Exhibit is attached.
(c) To not disclose any Protected Data to any other party, except for authorized ƌĞƉƌĞƐĞŶƚĂƚŝǀĞƐ ŽĨ sĞŶĚŽƌ ƵƐŝŶŐ ƚŚĞ ŝŶĨŽƌŵĂƚŝ and in compliance with state and federal law, regulations and the terms of the Master Agreement, unless:
(i) the parent or eligible student has provided prior written consent; or
Additional Statutory and Regulatory Obligations. Diffit acknowledges that it has the following additional obligations under Section 2-d with respect to any Protected Data received from the School or District, and that any failure to fulfill one or more of these statutory or regulatory obligations will be deemed a breach of the MSA and the terms of this Data Sharing and Confidentiality Agreement:
(a) To limit internal access to Protected Data to only those employees or subcontractors that are determined to have legitimate educational interests within the meaning of Section 2-d and the Family Educational Rights and Privacy Act (FERPA); i.