Business Practice Commitments. As further consideration for the settlement and releases provided herein, Shift Digital agrees to take reasonable measures to further secure personal information within its custody and control and to maintain such measures already taken. Specifically, Shift Digital agrees that it has or will implement the following: (1) ensure that the default setting for all Microsoft Azure data storage containers is private; (2) conduct frequent enterprise-wide automated scans across its cloud computing platform to confirm that the access settings of all data storage containers are correct; (3) conduct periodic manual reviews of all Microsoft Azure data storage containers to ensure they are set to the correct access settings; (4) maintain role-based security protocols that limit permission to create Microsoft Azure data storage containers to a small number of designated users; (5) encrypt all application data within its control in Microsoft Azure at-rest and in-transit; (6) use Microsoft Azure Security Center tools, such as constant vulnerability scans, to proactively monitor security threats; (7) conduct annual third-party penetration testing of its applications and address any vulnerabilities as appropriate; (8) commission annual third-party assessments of its security programs and practices and update its programs and practices to address threats and vulnerabilities; (9) engage an outside service provider for Virtual Chief Information Security Officer Services and work to build a dedicated data security team; and (10) further develop and formalize its data classification protocols, risk management operations, and incident response procedures.
Business Practice Commitments. Metromile endeavors to take reasonable steps to secure personal information within its platform, including its online car insurance application process (“Online Quote Flow”). As part of those efforts, Metromile agrees that it has taken or will take the following measures (or measures that are better protective of customer data security). Metromile is responsible for all costs associated with implementing and maintaining these Business Practice Commitments, which costs are separate and apart from the Settlement Fund.
Business Practice Commitments. Qualified Staffing shall take or continue the implementation of reasonable steps to secure personal information within its network. As part of those efforts, Qualified Staffing agrees that it has taken or will take the following measures. The costs associated with implementing and/or maintaining these Business Practice Commitments are separate and apart from the Settlement Fund:
Business Practice Commitments. Xxxxxx agrees to adopt, implement, and/or continue the following business practices set forth below (“Business Practice Commitments”) for a period of three (3) years following the Effective Date:
Business Practice Commitments. Artech, having engaged a third-party cybersecurity consultant, agrees to adopt, implement, and/or continue certain business practices set forth below (“Business Practice Commitments”) for a period of at least three (3) years following the Effective Date. These Business Practice Commitments are designed to maintain Artech’s security posture, and to provide protection against threats now and in the future, specifically with respect to current and former employee and job applicant Personal Information, and include the following:
Business Practice Commitments. Ethos shall take or continue the implementation of reasonable steps to secure personal information within its platform, including its online insurance application process (“Online Application Flow”). As part of those efforts, Xxxxx agrees that it has taken or will take the following measures (or measures that are better protective of consumer data security). Ethos is responsible for all costs associated with implementing and/or maintaining these Business Practice Commitments, which costs are separate and apart from the Settlement Fund:
Business Practice Commitments. Xxxxx-Xxxxxx agrees to adopt and implement certain business practice commitments and remedial measures set forth in the declaration described below in Paragraph 29(ii) (“Business Practice Commitments”) for a period of at least three (3) years following the Effective Date, subject to Paragraph 29(i)
Business Practice Commitments. CPK, having engaged a third-party cybersecurity consultant that provided forensics, recovery, and remediation following the Data Security Incident, agrees to maintain certain recently implemented business practices and remedial measures as set forth below (“Business Practice Commitments”) for a period of three (3) years following the Effective Date. These Business Practice Commitments are specific commitments and remedial measures designed to include continuous threat assessment processes to maintain CPK’s security posture, and to provide protection against threats now and in the future, specifically with respect to the personally identifiable information of current and former employees, and include the following:
Business Practice Commitments. Xxxxxx, having engaged a third-party cybersecurity consultant, agrees to adopt, implement, and/or continue certain business practices set forth below (“Business Practice Commitments”) for a period of at least three (3) years following the Effective Date. These Business Practice Commitments are designed to maintain Xxxxxx’s security posture, and to provide protection against threats now and in the future, specifically with respect to current and former employee and job applicant Personal Information, and include the following:
Business Practice Commitments. Mediant has verified that the security-system and practices enhancements described in Exhibit A, filed under seal, relating to Mediant’s information security are presently in place and/or will be put in place.
