Compliance with Illinois Privacy Laws In performing its obligations under the Agreement, the Provider shall comply with all Illinois laws and regulations pertaining to student data privacy, confidentiality, and maintenance, including but not limited to the Illinois School Student Records Act ("ISSRA"), 105 ILCS 10/, Mental Health and Developmental Disabilities Confidentiality Act ("MHDDCA"), 740 ILCS 110/, Student Online Personal Protection Act ("SOPPA"), 105 ILCS 85/, Identity Protection Act ("IPA"), 5 ILCS 179/, and Personal Information Protection Act ("PIPA"), 815 ILCS 530/, and Local Records Act (“LRA”), 50 ILCS 205/.
EDD Independent Subrecipient Reporting Requirements Effective January 1, 2001, the County of Orange is required to file in accordance with subdivision (a) of Section 6041A of the Internal Revenue Code for services received from a “service provider” to whom the County pays $600 or more or with whom the County enters into a contract for $600 or more within a single calendar year. The purpose of this reporting requirement is to increase child support collection by helping to locate parents who are delinquent in their child support obligations. The term “service provider” is defined in California Unemployment Insurance Code Section 1088.8, Subparagraph B.2 as “an individual who is not an employee of the service recipient for California purposes and who received compensation or executes a contract for services performed for that service recipient within or without the State.” The term is further defined by the California Employment Development Department to refer specifically to independent Subrecipients. An independent Subrecipient is defined as “an individual who is not an employee of the ... government entity for California purposes and who receives compensation or executes a contract for services performed for that ... government entity either in or outside of California.” The reporting requirement does not apply to corporations, general partnerships, limited liability partnerships, and limited liability companies. Additional information on this reporting requirement can be found at the California Employment Development Department web site located at xxxx://xxx.xxx.xx.xxx/Employer_Services.htm
Compliance with Texas Privacy Laws and Regulations In performing their respective obligations under the Agreement, the LEA and the Provider shall comply with all Texas laws and regulations pertaining to LEA data privacy and confidentiality, including but not limited to the Texas Education Code Chapter 32, and Texas Government Code Chapter 560.
Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions (a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of protected health information.
Compliance with Privacy Laws NCPS represents and warrants that its collection, access, use, storage, disposal and disclosure of Personal Data does and will comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations. Without limiting the foregoing, NCPS shall implement administrative, physical and technical safeguards to protect Personal Data that are no less rigorous than accepted industry, and shall ensure that all such safeguards, including the manner in which Personal Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Escrow Agreement. NCPS shall use and disclose Personal Data solely and exclusively for the purposes for which the Personal Data, or access to it, is provided pursuant to the terms and conditions of this Escrow Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Data for NCPS’s own purposes or for the benefit of any party other than Issuer. For purposes of this section, “Personal Data” shall mean information provided to NCPS by or at the direction of the Issuer, or to which access was provided to NCPS by or at the direction of the Issuer, in the course of NCPS’s performance under this Escrow Agreement that: (i) identifies or can be used to identify an individual (also known as a “data subject”) (including, without limitation, names, signatures, addresses, telephone numbers, e-mail addresses and other unique identifiers); or (ii) can be used to authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, financial account numbers, credit report information, biometric or health data, answers to security questions and other personal identifiers), including the identifying information on individuals described in Section 12.
Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”) except in each case, where such would not, either individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.
ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (“Agreement”) is entered into by and between the State of Vermont Agency of Human Services, operating by and through its Department of Vermont Health Access (“Covered Entity”) and OptumInsight, Inc. (“Business Associate”) as of June 6, 2014 (“Effective Date”). This Agreement supplements and is made a part of the contract/grant to which it is attached. Covered Entity and Business Associate enter into this Agreement to comply with standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:
Compliance with Executive Orders Concerning Ethics The Contractor warrants that he and his firm have complied in all respects with the Governor’s Executive Orders concerning ethics matters, including, but not limited to, Executive Order dated January 13, 2003 (establishing Code of Ethics for Executive Branch Officers and Employees, including provisions governing former officers and employees); Executive Order dated October 1, 2003 (governing vendors to state agencies and disclosure and registration of lobbyists); and O.C.G.A. Sections 21-5-70(5), 21-5-71 and 21-5-73, all as amended effective January 9, 2006 (requiring registration and disclosure filings by state agency vendor lobbyists). In this regard, the Contractor certifies that any lobbyist employed or retained by the Contractor or his firm has both registered and made the required disclosures required by the Executive Orders, as amended.
PCI-DSS Compliance Merchant shall be in full compliance with rules, regulations, guidelines and procedures adopted by any Card Association or Payment Network relating to the privacy and security of Cardholder and Card transaction data, including without limitation the most up-to-date version of the Payment Card Industry Data Security Standard (PCI-DSS), as amended from time to time by the Payment Card Industry Security Standards Council. Detailed information pertaining to aforementioned requirements may be found at xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx. Additional information regarding security requirements may be found on the Card Association’s respective web sites.
Business Associate Contract A. GENERAL PROVISIONS AND RECITALS
