Personally Identifiable Information (PII); Security a. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee must provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. Grantee shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof.
b. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee shall provide Florida Housing with insurance information for stand-alone cyber liability coverage, including the limits available and retention levels. If Grantee does not carry stand-alone cyber liability coverage, Grantee agrees to indemnify costs related to notification, legal fees, judgments, settlements, forensic experts, public relations efforts, and loss of any business income related to this Agreement.
c. Grantee agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines.
d. Grantee agrees at all times to maintain reasonable network security that, at a minimum, includes a network firewall.
e. Grantee agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up to date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) Grantee agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules.
f. Grantee agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES.
g. If Grantee reasonably suspects that a cybersecurity event or breach of security has occurred, they must notify Florida Housing’s Contract Administrator within 48 hours.
h. In the event of a breach of PII or other sensitive data, Grantee must abide by provisions set forth in Section 501.171, Fla. Stat. Additionally, Grantee must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; Grantee’s corrective action plan; and the timelines associated with the corrective action plan.
Personally Identifiable Information By submitting any of your personally identifiable information, such as your name, address, email address, phone number or fax number, to us, you consent to our privacy policy located at xxx.xxxxxxxx.xxx/xxxxx.
Collection of Personal Information 10.1 The Subscriber acknowledges and consents to the fact that the Issuer is collecting the Subscriber’s personal information for the purpose of fulfilling this Agreement and completing the Offering. The Subscriber acknowledges that its personal information (and, if applicable, the personal information of those on whose behalf the Subscriber is contracting hereunder) may be included in record books in connection with the Offering and may be disclosed by the Issuer to: (a) stock exchanges or securities regulatory authorities, (b) the Issuer's registrar and transfer agent, (c) tax authorities, (d) authorities pursuant to the PATRIOT Act (U.S.A.) and (e) any of the other parties involved in the Offering, including the Issuer’s Counsel. By executing this Agreement, the Subscriber is deemed to be consenting to the foregoing collection, use and disclosure of the Subscriber's personal information (and, if applicable, the personal information of those on whose behalf the Subscriber is contracting hereunder) for the foregoing purposes and to the retention of such personal information for as long as permitted or required by applicable laws. Notwithstanding that the Subscriber may be purchasing the Note as agent on behalf of an undisclosed principal, the Subscriber agrees to provide, on request, particulars as to the nature and identity of such undisclosed principal, and any interest that such undisclosed principal has in the Issuer, all as may be required by the Issuer in order to comply with the foregoing.
10.2 Furthermore, the Subscriber is hereby notified that the Issuer may deliver to any government authority having jurisdiction over the Issuer, the Subscriber or this Subscription, including the SEC and/or any state securities commissions, certain personal information pertaining to the Subscriber, including the Subscriber’s full name, residential address and telephone number, the number of Shares or other securities of the Issuer owned by the Subscriber, the principal amount of Note purchased by the Subscriber, the total Subscription Amount paid for the Note and the date of distribution of the Note.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
Limitation of Vendor Indemnification and Similar Clauses This is a requirement of the TIPS Contract and is non-negotiable TIPS, a department of Region 8 Education Service Center, a political subdivision, and local government entity of the State of Texas, is prohibited from indemnifying third-parties (pursuant to the Article 3, Section 52 of the Texas Constitution) except as otherwise specifically provided for by law or as ordered by a court of competent jurisdiction. Article 3, Section 52 of the Texas Constitution states that "no debt shall be created by or on behalf of the State … " and the Texas Attorney General has opined that a contractually imposed obligation of indemnity creates a "debt" in the constitutional sense. Tex. Att'y Gen. Op. No. MW-475 (1982). Thus, contract clauses which require TIPS to indemnify Vendor, pay liquidated damages, pay attorney's fees, waive Vendor's liability, or waive any applicable statute of limitations must be deleted or qualified with ''to the extent permitted by the Constitution and Laws of the State of Texas." Does Vendor agree? Yes, I Agree TIPS, a department of Region 8 Education Service Center, a political subdivision, and local government entity of the State of Texas, does not agree to binding arbitration as a remedy to dispute and no such provision shall be permitted in this Agreement with TIPS. Vendor agrees that any claim arising out of or related to this Agreement, except those specifically and expressly waived or negotiated within this Agreement, may be subject to non-binding mediation at the request of either party to be conducted by a mutually agreed upon mediator as prerequisite to the filing of any lawsuit arising out of or related to this Agreement. Mediation shall be held in either Camp or Titus County, Texas. Agreements reached in mediation will be subject to the approval by the Region 8 ESC's Board of Directors, authorized signature of the Parties if approved by the Board of Directors, and, once approved by the Board of Directors and properly signed, shall thereafter be enforceable as provided by the laws of the State of Texas. Does Vendor agree? Yes, Vendor agrees Does Vendor agree? Yes, Vendor agrees Vendor agrees that nothing in this Agreement shall be construed as a waiver of sovereign or government immunity; nor constitute or be construed as a waiver of any of the privileges, rights, defenses, remedies, or immunities available to Region 8 Education Service Center or its TIPS Department. The failure to enforce, or any delay in the enforcement, of any privileges, rights, defenses, remedies, or immunities available to Region 8 Education Service Center or its TIPS Department under this Agreement or under applicable law shall not constitute a waiver of such privileges, rights, defenses, remedies, or immunities or be considered as a basis for estoppel. Does Vendor agree? Yes, Vendor agrees Vendor agrees that TIPS and TIPS Members shall not be liable for interest or late-payment fees on past-due balances at a rate higher than permitted by the laws or regulations of the jurisdiction of the TIPS Member. Funding-Out Clause: Vendor agrees to abide by the applicable laws and regulations, including but not limited to Texas Local Government Code § 271.903, or any other statutory or regulatory limitation of the jurisdiction of any TIPS Member, which requires that contracts approved by TIPS or a TIPS Member are subject to the budgeting and appropriation of currently available funds by the entity or its governing body.
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised.
C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if:
1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or
2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.
Standard of Care; Reliance on Records and Instructions; Indemnification BISYS shall use its best efforts to ensure the accuracy of all services performed under this Agreement, but shall not be liable to the Trust for any action taken or omitted by BISYS in the absence of bad faith, willful misfeasance, negligence or from reckless disregard by it of its obligations and duties. The Trust agrees to indemnify and hold harmless BISYS, its employees, agents, directors, officers and nominees from and against any and all claims, demands, actions and suits, whether groundless or otherwise, and from and against any and all judgments, liabilities, losses, damages, costs, charges, counsel fees and other expenses of every nature and character arising out of or in any way relating to BISYS' actions taken or nonactions with respect to the performance of services under this Agreement or based, if applicable, upon reasonable reliance on information, records, instructions or requests given or made to BISYS by the Trust, the investment adviser and on any records provided by any fund accountant or custodian thereof; provided that this indemnification shall not apply to actions or omissions of BISYS in cases of its own bad faith, willful misfeasance, negligence or from reckless disregard by it of its obligations and duties; and further provided that prior to confessing any claim against it which may be the subject of this indemnification, BISYS shall give the Trust written notice of and reasonable opportunity to defend against said claim in its own name or in the name of BISYS.
Return of material containing or pertaining to the Confidential Information 7.1 The Disclosing Party may, at any time, and in its sole discretion request the Receiving Party to return any material and/or data in whatever form containing, pertaining to or relating to Confidential Information disclosed pursuant to the terms of this Agreement and may, in addition request the Receiving Party to furnish a written statement to the effect that, upon such return, the Receiving Party has not retained in its possession, or under its control, either directly or indirectly, any such material and/or data.
7.2 If it is not practically able to do so, the Receiving Party shall destroy or ensure the destruction of all material and/or data in whatever form relating to the Confidential Information disclosed pursuant to the terms of this Agreement and delete, remove or erase or use best efforts to ensure the deletion, erasure or removal from any computer or database or document retrieval system under its or the Representatives' possession or control, all Confidential Information and all documents or files containing or reflecting any Confidential Information, in a manner that makes the deleted, removed or erased data permanently irrecoverable.The Receiving Party shall furnish the Disclosing Party with a written statement signed by one of its directors or duly authorized senior officers to the effect that all such material has been destroyed.
7.3 The Receiving Party shall comply with any request by the Disclosing Party in terms of this clause, within 7 (seven) business days of receipt of any such request.
Amendment of Protected Health Information 8.1 To the extent Covered Entity determines that any Protected Health Information is maintained by Business Associate or its agents or Subcontractors in a Designated Record Set, Business Associate shall, within ten (10) business days after receipt of a written request from Covered Entity, make any amendments to such Protected Health Information that are requested by Covered Entity, in order for Covered Entity to meet the requirements of 45 C.F.R. § 164.526.
8.2 If any Individual requests an amendment to Protected Health Information directly from Business Associate or its agents or Subcontractors, Business Associate shall notify Covered Entity in writing within five (5) days of the receipt of the request. Whether an amendment shall be granted or denied shall be determined by Covered Entity.
Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.
