Confidentiality and Data Security. (a) The Custodian agrees to keep confidential, and to cause its employees and agents to keep confidential, all records of the Funds and information relating to the Funds, including without limitation information as to their respective shareholders and their respective portfolio holdings, unless the release of such records or information is made (i) in connection with the services provided under this Agreement, (ii) at the written direction of the applicable Fund or otherwise consented to, in writing, by the respective Funds, (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian has determined, on the advice of counsel, that the failure to release such information would expose the Custodian to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian provides the applicable Fund written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Section 10(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d), (1) the Custodian may use information regarding the Funds in connection with certain functions performed on a centralized basis by the Custodian, its affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information, but only for the purpose of servicing the Funds in connection with the relationship contemplated by this Agreement or providing additional services to the Funds, and (2) the Custodian may aggregate Fund or Portfolio data with similar data of other customers of the Custodian (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that no Fund or Portfolio data can be identified either directly or by inference or implication. (b) Each Fund agrees to keep confidential all information obtained hereunder relating to the Custodian’s business (it being understood, however, that the existence and the terms of this Agreement are required to be publicly disclosed by the Funds), unless the release of such records or information is (i) necessary to facilitate the receipt of services provided under this Agreement, (ii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Fund has determined, on the advice of counsel, that it is required to comply, or (iii) where the Fund has determined, on the advice of counsel, that the failure to release such information would expose the Fund to civil or criminal contempt proceedings; provided in the case of clause (ii) or (iii) the Fund provides the Custodian written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. (c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Xxxxx-Xxxxx-Xxxxxx Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or as otherwise permitted by Regulation S-P or the GLB Act. (d) Without limiting the generality of Section 10(a) hereof, the Custodian acknowledges and agrees that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and all such information to the Custodian hereunder is made strictly under the conditions of confidentiality set forth in Section 10(a) hereof and solely for the purposes of the performance of custodial services hereunder, that any unauthorized disclosure or misuse of such information (including by the Custodian or any of its employees or agents, or any trading on the basis of such information by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securities, that access to any and all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunder, and that the Custodian shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential information. (e) The parties acknowledge and agree that any breach of Section 10(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a) hereof, the non-breaching party shall (in addition to all other rights and remedies it may have pursuant to this Agreement, including without limitation Section 8(g) hereof, and at law and in equity) be entitled to an injunction, without the necessity of posting any bond or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a) hereof. (f) The Custodian will implement and maintain a written information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutes, laws, rules and regulations, and definitive and binding guidance or interpretations by applicable authorities of any of the foregoing from time to time, including without limitation the personal information of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the Custodian. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public. (g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designed: (i) to maintain the security and confidentiality of records and information of the Funds; (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; and (iii) to protect against unauthorized access to or use of such records and information. The Custodian shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls framework. Such safeguards will include, but shall not be limited to, virus protection, password protection and encryption of data in transmission at a minimum standard of AES 256. The Custodian will provide the Fund, at least annually, with the most recent SOC reports of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (in the form generally provided by the Custodian to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the Custodian. The Custodian shall maintain books and records sufficient to demonstrate its compliance with the terms of this Section 10(g). (h) Upon reasonable notice to the Custodian, the Custodian will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds once annually and at such other times as the Funds may reasonably request to review the Custodian’s security controls and any deficiencies identified in the SSAE-18 audit reports, and for the Custodian to review with the Funds the penetration testing results and provide such additional information concerning the penetration tests as the Custodian determines to be prudent. At such meeting, the Funds may view the Custodian’s security-related policies and procedures; however, no documentation may be copied, shared, transmitted or removed from the Custodian’s premises, except as mutually agreed. In the event that the Funds identify any control deficiencies, the Custodian will discuss such findings with the Funds and will use reasonable efforts to develop a mutually agreeable remediation plan. All nonpublic documentation and information disclosed to the Funds in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the Custodian. The Funds shall not disclose such documentation or information to any third party (except to the extent permitted, necessary or required pursuant to Section 10(b)) or use it for any purpose other than evaluating the Custodian’s security controls, except that the Funds may disclose the Custodian’s SSAE-18 summary to the Funds’ external auditors provided that such external auditors are required to maintain the confidentiality of the summary and any related information. (i) In the event of any actual or reasonably suspected, based on Custodian’s experience, breach of security of its systems resulting in the actual, probable or reasonably suspected unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any of the confidential records or information of a Fund (each, a “Security Breach”), upon learning of the Security Breach, the Custodian shall notify such Fund as promptly as reasonably possible of the relevant facts related to such Security Breach then known to the Custodian, and of additional relevant facts promptly after they become known to the Custodian, in the manner provided in Section 12 hereof and also by sending notice to xxxxxxxxxxxxx@xxxxxxxxx.xxx and/or such other electronic mail address or addresses as a Fund may specify by written notice to the Custodian. The Custodian shall at its sole cost: (i) promptly investigate such Security Breach; (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; (iii) restore any lost or damaged data using generally accepted data restoration techniques; and (iv) conduct a root cause analysis to provide the Fund with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information in the possession or under the control of the Custodian or any of its affiliates, subsidiaries, agents or employees the Custodian shall be responsible for each Fund’s reasonable costs associated with responding to such Security Breach, including, but not limited to, the costs of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian reasonably deems necessary (with due regard for industry standards, if any). (j) If the Custodian uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian by this Agreement, such subsidiary, affiliate or agent shall have appropriate controls in place to meet the objectives of this Section 10, and the Custodian shall exercise oversight over each such subsidiary, affiliate or agent to ensure ongoing compliance with the objectives of this Section 10. The Custodian will require each Foreign Sub-Custodian that it engages to provide services under this Agreement to establish and maintain reasonably designed safeguards and controls against the unauthorized access to and use of Fund data and information.
Appears in 21 contracts
Samples: Custodian Services Agreement (Western Asset Global High Income Fund Inc.), Custodian Services Agreement (Western Asset Managed Municipals Fund Inc.), Custodian Services Agreement (Western Asset High Income Fund Ii Inc.)
Confidentiality and Data Security. (a) The Custodian Fund Accounting Agent agrees to keep confidential, and to cause its employees and agents to keep confidential, all records of the Funds and information relating to the Funds, including without limitation information as to their respective shareholders and their respective portfolio holdings, unless the release of such records or information is made (i) in connection with the services provided under this Agreement, (ii) at the written direction of the applicable Fund Funds or Managers or otherwise consented to, in writing, by the respective Fundssuch Funds or Managers, (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian Fund Accounting Agent has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian Fund Accounting Agent has determined, on the advice of counsel, that the failure to release such information would expose the Custodian Fund Accounting Agent to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian Fund Accounting Agent provides the applicable Fund written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Section 10(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d), (1i) the Custodian Fund Accounting Agent may use information regarding the Funds in the connection with certain functions performed on a centralized basis by the Custodian, Fund Accounting Agent and its affiliates Affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information, but only for the purpose of servicing the Funds in connection with the relationship contemplated by this Agreement or providing additional services to the FundsFund, to its Affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information; and (2ii) the Custodian Fund Accounting Agent may aggregate Fund or Portfolio data with similar data of other customers of the Custodian Fund Accounting Agent (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that no Fund or Portfolio data can be identified either directly or by inference or implication.
(b) Each Fund agrees to keep confidential all information obtained hereunder relating to the CustodianFund Accounting Agent’s business (it being understood, however, that the existence and the terms of this Agreement Agreement, with the exception of fee information, are required to be publicly disclosed by the Funds), unless the release of such records or information is (i) necessary to facilitate the receipt of services provided under this Agreement, (ii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Fund has determined, on the advice of counsel, that it is required to comply, or (iii) where the Fund has determined, on the advice of counsel, that the failure to release such information would expose the Fund to civil or criminal contempt proceedings; provided in the case of clause (ii) or (iii) the Fund provides the Custodian Fund Accounting Agent written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement.
(c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Xxxxx-Xxxxx-Xxxxxx Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or as otherwise permitted by Regulation S-P or the GLB Act.
(d) Without limiting the generality of Section 10(a) hereofthe preceding paragraph (a), the Custodian Fund Accounting Agent acknowledges and agrees that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and all such information to the Custodian Fund Accounting Agent hereunder is made strictly under the conditions of confidentiality set forth in Section 10(a) hereof and solely for the purposes of the performance of custodial accounting services hereunder, that any unauthorized disclosure or misuse of such information (including by the Custodian Fund Accounting Agent or any of its employees or agents, or any trading on the basis of such information by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securities, that access to any and all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunder, and that the Custodian Fund Accounting Agent shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential information.
(e) The parties acknowledge and agree that any breach of Section 10(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a) hereof, the non-breaching party shall (in addition to all other rights and remedies it they may have pursuant to this Agreement, including without limitation Section 8(g) hereof, Agreement and at law and or in equity) be entitled to an injunction, without the necessity of posting any bond or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a) hereof.
(f) The Custodian Fund Accounting Agent will implement and maintain a written information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutes, laws, rules and regulations, and definitive and binding guidance or interpretations by of applicable regulatory authorities of any of the foregoing from time to time, including without limitation to the extent applicable the personal information of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian Fund Accounting Agent receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the CustodianFund Accounting Agent. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
(g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designed: (i) to maintain the security and confidentiality of records and information of the Funds; (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; and (iii) to protect against unauthorized access to or use of such records and information. The Custodian Fund Accounting Agent shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls framework. Such safeguards will include, but shall not be limited to, virus protection, password protection and encryption of data in transmission at a minimum standard of AES 256. The Custodian Fund Accounting Agent will provide the Fund, at least annually, with the most recent SOC reports of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (in the form generally provided by the Custodian Fund Accounting Agent to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the CustodianFund Accounting Agent. The Custodian Fund Accounting Agent shall maintain books and records sufficient to demonstrate its compliance with the terms of this Section 10(g).
(h) Upon reasonable notice to the CustodianFund Accounting Agent, the Custodian Fund Accounting Agent will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds once annually and at such other times as the Funds may reasonably request to review the CustodianFund Accounting Agent’s security controls and any deficiencies identified in the SSAE-18 audit reports, and for the Custodian Fund Accounting Agent to review with the Funds the penetration testing results and provide such additional information concerning the penetration tests as the Custodian Fund Accounting Agent determines to be prudent. At such meeting, the Funds may view the CustodianFund Accounting Agent’s security-related policies and procedures; however, no documentation may be copied, shared, transmitted or removed from the CustodianFund Accounting Agent’s premises, except as mutually agreed. In the event that the Funds identify any control deficiencies, the Custodian Fund Accounting Agent will discuss such findings with the Funds and will use reasonable efforts to develop a mutually agreeable remediation plan. All nonpublic documentation and information disclosed to the Funds in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the CustodianFund Accounting Agent. The Funds shall not disclose such documentation or information to any third party (except to the extent permitted, necessary or required pursuant to Section 10(b)) or use it for any purpose other than evaluating the CustodianFund Accounting Agent’s security controls, except that the Funds may disclose the CustodianFund Accounting Agent’s SSAE-18 summary to the Funds’ external auditors provided that such external auditors are required to maintain the confidentiality of the summary and any related information.
(i) In the event of any actual or reasonably suspected, based on CustodianFund Accounting Agent’s experience, breach of security of its systems resulting in the actual, probable actual or reasonably suspected suspected, based on Fund Accounting Agent’s experience, unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any of the confidential records or information of a Fund (each, a “Security Breach”), upon learning of the Security Breach, the Custodian Fund Accounting Agent shall notify such Fund as promptly as reasonably possible of the relevant facts related to such Security Breach then known to the CustodianFund Accounting Agent, and of additional relevant facts promptly after they become known to the CustodianFund Accounting Agent, in the manner provided in Section 12 hereof 11 of this Agreement and also by sending notice to xxxxxxxxxxxxx@xxxxxxxxx.xxx and/or such other electronic mail address or addresses as a Fund may specify by written notice to the CustodianFund Accounting Agent. The Custodian Fund Accounting Agent shall at its sole cost: (i) promptly investigate such Security Breach; (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; (iii) restore any lost or damaged data using generally accepted data restoration techniques; and (iv) conduct a root cause analysis to provide the Fund with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information in the possession or under the control of the Custodian Fund Accounting Agent or any of its affiliates, subsidiaries, agents or employees employees, the Custodian Fund Accounting Agent shall be responsible for each Fund’s reasonable costs associated with responding to such Security Breach, including, but not limited to, the costs of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian Fund Accounting Agent reasonably deems necessary (with due regard for industry standards, if any).
(j) If the Custodian Fund Accounting Agent uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian Fund Accounting Agent by this Agreement, such subsidiary, subsidiary or affiliate or agent shall have appropriate controls in place to meet the objectives of this Section 10, and the Custodian Fund Accounting Agent shall exercise oversight over each such subsidiary, subsidiary or affiliate or agent to ensure ongoing compliance with the objectives of this Section 10. The Custodian will require each Foreign Sub-Custodian that it engages to provide services under this Agreement to establish and maintain reasonably designed safeguards and controls against the unauthorized access to and use of Fund data and information.
Appears in 15 contracts
Samples: Fund Accounting Services Agreement (Western Asset Diversified Income Fund), Fund Accounting Services Agreement (ActiveShares ETF Trust), Fund Accounting Services Agreement (Legg Mason Partners Money Market Trust)
Confidentiality and Data Security. (a) The Custodian agrees Parties current scope of work does not require PG&E to keep confidential, and to cause its employees and agents to keep confidential, all records of the Funds and information relating to the Funds, including without limitation information as to their respective shareholders and their respective portfolio holdings, unless the release of such records or information is made (i) in connection provide Seller with the services provided under this Agreement, (ii) at the written direction of the applicable Fund or otherwise consented to, in writing, by the respective Funds, (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian has determined, on the advice of counsel, that the failure to release such information would expose the Custodian to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian provides the applicable Fund written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Section 10(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d), (1) the Custodian may use information regarding the Funds in connection with certain functions performed on a centralized basis by the Custodian, its affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information, but only for the purpose of servicing the Funds in connection with the relationship contemplated by this Agreement or providing additional services to the Funds, and (2) the Custodian may aggregate Fund or Portfolio data with similar data of other customers of the Custodian (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that no Fund or Portfolio data can be identified either directly or by inference or implication.
(b) Each Fund agrees to keep confidential all information obtained hereunder relating to the Custodian’s business (it being understoodPersonally Identifiable Customer Information, however, that the existence and the terms of this Agreement are required to be publicly disclosed by the Funds), unless the release of such records or information is (i) necessary to facilitate the receipt of services provided under this Agreement, (ii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Fund has determined, on the advice of counsel, that it is required to comply, or (iii) where the Fund has determined, on the advice of counsel, that the failure to release such information would expose the Fund to civil or criminal contempt proceedings; provided in the case of clause (ii) or (iii) the Fund provides the Custodian written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement.
(c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Xxxxx-Xxxxx-Xxxxxx Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or as otherwise permitted by Regulation S-P or the GLB Act.
(d) Without limiting the generality of Section 10(a) hereof, the Custodian acknowledges and agrees that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and all such information to the Custodian hereunder is made strictly under the conditions of confidentiality set forth in Section 10(a) hereof and solely for the purposes of the performance of custodial services hereunder, that any unauthorized disclosure or misuse of such information (including by the Custodian or any of its employees or agents, or any trading on the basis of such information by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securities, that access to any and all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunder, and that the Custodian shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential information.
(e) The parties acknowledge and agree that any breach of Section 10(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a) hereofthe scope changes to include providing such data, the non-breaching party following provisions shall (in apply. In addition to the requirements set out in Article 19 (Confidentiality), Seller shall comply with the following additional terms of this Appendix XXI (Confidentiality and Data Security) regarding the handling of Confidential Information and PG&E Data from PG&E or its Customers. NON-DISCLOSURE AGREEMENTS: Seller shall have all other rights and remedies it may have pursuant to this Agreementof its employees, including without limitation Section 8(g) hereofSubcontractors, and at law and in equity) be entitled to an injunction, without the necessity of posting any bond Subcontractor employees who will perform Work or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a) hereof.
(f) The Custodian will implement and maintain a written information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutes, laws, rules and regulations, and definitive and binding guidance or interpretations by applicable authorities of any of the foregoing from time to time, including without limitation the personal information of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the Custodian. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
(g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designed: (i) to maintain the security and confidentiality of records and information of the Funds; (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; and (iii) to protect against unauthorized access to or use of such records and information. The Custodian shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls framework. Such safeguards will include, but shall not be limited to, virus protection, password protection and encryption of data in transmission at a minimum standard of AES 256. The Custodian will provide the Fund, at least annually, with the most recent SOC reports of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (sign a non-disclosure agreement in the form generally provided by attached hereto as Appendix XXII (Non-Disclosure and Use of Information Agreement [“NDA”]). Prior to starting said Work or services, Seller shall promptly furnish the Custodian original signed non-disclosure agreements to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the Custodian. The Custodian PG&E. SECURITY MEASURES: Seller shall maintain books and records sufficient to demonstrate its compliance take “Security Measures” with the terms handling of this Section 10(g).
(h) Upon reasonable notice Confidential Information to ensure that the CustodianConfidential Information will not be compromised and shall be kept secure. Security Measures shall mean industry standards and techniques, the Custodian will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds once annually physical and logical, including but not limited to: written policies regarding information security, disaster recovery, third-party assurance auditing, penetration testing, password protected workstations at such other times as the Funds may reasonably request to review the Custodian’s security controls and any deficiencies identified in the SSAE-18 audit reports, and for the Custodian to review with the Funds the penetration testing results and provide such additional information concerning the penetration tests as the Custodian determines to be prudent. At such meeting, the Funds may view the Custodian’s security-related policies and procedures; however, no documentation may be copied, shared, transmitted or removed from the CustodianSeller’s premises, except as mutually agreed. In the event that the Funds identify any control deficiencies, the Custodian will discuss such findings with the Funds and will use reasonable efforts to develop a mutually agreeable remediation plan. All nonpublic documentation and information disclosed to the Funds in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the Custodian. The Funds shall not disclose such documentation premises where Work or information to any third party (except to the extent permitted, necessary or required pursuant to Section 10(b)) or use it for any purpose other than evaluating the Custodian’s security controls, except that the Funds may disclose the Custodian’s SSAE-18 summary to the Funds’ external auditors provided that such external auditors services are required to maintain the confidentiality of the summary being performed and any related information.
(i) In the event premises of any actual or reasonably suspected, based on Custodian’s experience, breach of security of its systems resulting in the actual, probable or reasonably suspected unauthorized person who has access to or acquisitionsuch Confidential Information, encryption of Confidential Information, and measures to safeguard against the unauthorized access, destruction, use, loss, destruction, compromise alteration or disclosure of any of the confidential records or information of a Fund (each, a “Security Breach”), upon learning of the Security Breach, the Custodian shall notify such Fund as promptly as reasonably possible of the relevant facts related to such Security Breach then known to the Custodian, and of additional relevant facts promptly after they become known to the Custodian, in the manner provided in Section 12 hereof and also by sending notice to xxxxxxxxxxxxx@xxxxxxxxx.xxx and/or such other electronic mail address or addresses as a Fund may specify by written notice to the Custodian. The Custodian shall at its sole cost: (i) promptly investigate such Security Breach; (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; (iii) restore any lost or damaged data using generally accepted data restoration techniques; and (iv) conduct a root cause analysis to provide the Fund with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information in the possession or under the control of the Custodian or any of its affiliates, subsidiaries, agents or employees the Custodian shall be responsible for each Fund’s reasonable costs associated with responding to such Security Breach, Confidential Information including, but not limited to, the costs restriction of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian reasonably deems necessary (with due regard for industry standards, if any).
(j) If the Custodian uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian by this Agreement, such subsidiary, affiliate or agent shall have appropriate controls in place to meet the objectives of this Section 10, and the Custodian shall exercise oversight over each such subsidiary, affiliate or agent to ensure ongoing compliance with the objectives of this Section 10. The Custodian will require each Foreign Sub-Custodian that it engages to provide services under this Agreement to establish and maintain reasonably designed safeguards and controls against the unauthorized physical access to and use of Fund such data and information, implementation of logical access controls, sanitization or destruction of media, including hard drives, and establishment of an information security program that at all times is in alignment with the industry requirements of ISO 2700X or SOC2 Type 2.
Appears in 6 contracts
Samples: Distribution Services Agreement, Distribution Services Agreement, Distribution Services Agreement
Confidentiality and Data Security. (a) It is expressly understood and agreed that information the Grantee collects on behalf of the State or from a third party in performing its obligations under this grant agreement may be deemed confidential by the State. Therefore, the Grantee must:
1. All information or data gathered pursuant to this grant shall be held confidential and released only to CARB or other entities as CARB may specify in writing.
2. The Custodian agrees Grantee certifies that it has appropriate systems and controls in place to keep confidentialensure that State funds will not be used in the performance of this grant agreement for the acquisition, operation or maintenance of computer software in violation of copyright laws.
3. Information or data, including but not limited to all application records and supporting documentation that personally identifies or describes an individual or individuals is confidential in accordance with California Civil Code sections 1798, et seq. and other relevant State or Federal statutes and regulations. The Grantee shall safeguard all such information or data which comes into their possession under this agreement in perpetuity, and to cause its employees and agents to keep confidentialshall not release or publish any such information, all records of the Funds and information relating to the Funds, including without limitation information as to their respective shareholders and their respective portfolio holdings, unless the release of such records or information is made (i) in connection with the services provided under this Agreement, (ii) at the written direction of the applicable Fund or otherwise consented to, in writing, by the respective Funds, (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian has determined, on the advice of counsel, that it is required to complydata, or (iv) where the Custodian has determined, on the advice of counsel, that the failure to release such information would expose the Custodian to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian provides the applicable Fund written notice of such requirement to release such records or information, to the extent such notice is permittedapplication records.
4. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Section 10(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d), (1) the Custodian may use information regarding the Funds in connection with certain functions performed on a centralized basis by the Custodian, its affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the Observe complete confidentiality obligations hereunder with respect to such informationinformation or data collected pursuant to this grant, but only including without limitation, agreeing not to disclose or otherwise permit access to such information by any person or entity in any manner whatsoever unless such disclosure is required by law or legal process.
5. Acknowledge the confidential nature of such information and ensure by agreement or otherwise that they are prohibited from copying or revealing, for any purpose whatsoever, the purpose contents of servicing such information or any part thereof, or from taking any action otherwise prohibited under this section.
6. Ensure that the Funds in connection with the relationship contemplated by this Agreement or providing additional services to the Funds, and (2) the Custodian may aggregate Fund or Portfolio data with similar data of other customers Grantee’s employees are informed of the Custodian (“Aggregated Data”) confidential nature of such information and may use Aggregated Data so long as ensure by agreement or otherwise that they are prohibited from copying, revealing, or utilizing for any purpose in fulfillment of this grant, the contents of such Aggregated Data represents such a sufficiently large sample that no Fund information or Portfolio data can be identified either directly any part thereof, or by inference or implicationfrom taking any action otherwise prohibited under this section.
(b) Each Fund agrees 7. Grantee shall limit access to keep confidential all information obtained hereunder relating to the Custodian’s business (it being understood, however, that the existence and the terms of this Agreement are required to be publicly disclosed by the Funds), unless the release of such records or information is (i) necessary to facilitate the receipt of services provided under this Agreement, (ii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or data gathered pursuant to a subpoena, court order or other legal process, in each case with respect this grant only to which the Fund has determined, on the advice of counsel, that it is required necessary employees to comply, or (iii) where the Fund has determined, on the advice of counsel, that the failure to release perform their job duties.
8. Not use such information would expose the Fund to civil or criminal contempt proceedings; provided any part thereof in the case of clause (ii) or (iii) the Fund provides the Custodian written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement.
(c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Xxxxx-Xxxxx-Xxxxxx Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or as otherwise permitted by Regulation S-P or the GLB Act.
(d) Without limiting the generality of Section 10(a) hereof, the Custodian acknowledges and agrees that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and all such information to the Custodian hereunder is made strictly under the conditions of confidentiality set forth in Section 10(a) hereof and solely for the purposes of the performance of custodial services hereunderto others or for the benefit of others in any form whatsoever whether gratuitously or for valuable consideration.
9. Notify State promptly and in writing of the circumstances surrounding any possession, that any unauthorized disclosure use or misuse knowledge of such information (including by the Custodian or any of its employees or agentspart thereof, or by any trading on the basis of such information person other than those authorized by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securitiesthis document.
10. Adhere to all CARB confidentiality, that access to any and all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunderdisclosure, and that the Custodian shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential informationprivacy policies.
(e) The parties acknowledge 11. Treat all information, deliverables, and agree that any breach of Section 10(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a) hereof, the non-breaching party shall (in addition to all other rights and remedies it may have work products developed or collected pursuant to this Agreementgrant as confidential. All information, including without limitation Section 8(g) hereofdeliverables, and at law and in equity) be entitled to an injunction, without the necessity of posting any bond or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a) hereof.
(f) The Custodian will implement and maintain a written information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutes, laws, rules and regulations, and definitive and binding guidance or interpretations by applicable authorities of any of the foregoing from time to time, including without limitation the personal information of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the Custodian. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
(g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designed: (i) to maintain the security and confidentiality of records and information of the Funds; (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; and (iii) to protect against unauthorized access to or use of such records and information. The Custodian shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls framework. Such safeguards will include, but shall work products cannot be limited to, virus protection, password protection and encryption of data disclosed in transmission at a minimum standard of AES 256. The Custodian will provide the Fund, at least annually, with the most recent SOC reports of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (in the any form generally provided by the Custodian to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the Custodian. The Custodian shall maintain books and records sufficient to demonstrate its compliance with the terms of this Section 10(g).
(h) Upon reasonable notice to the Custodian, the Custodian will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds once annually and at such other times as the Funds may reasonably request to review the Custodian’s security controls and any deficiencies identified in the SSAE-18 audit reports, and for the Custodian to review with the Funds the penetration testing results and provide such additional information concerning the penetration tests as the Custodian determines to be prudent. At such meeting, the Funds may view the Custodian’s security-related policies and procedures; however, no documentation may be copied, shared, transmitted or removed from the Custodian’s premises, except as mutually agreed. In the event that the Funds identify any control deficiencies, the Custodian will discuss such findings with the Funds and will use reasonable efforts to develop a mutually agreeable remediation plan. All nonpublic documentation and information disclosed to the Funds in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the Custodian. The Funds shall not disclose such documentation or information to any third party (without CARB’s written consent except to the extent permittedwhen required by law or legal process.
12. Not use, necessary or required pursuant to Section 10(b)) or use it without CARB written approval, any CARB materials for any purpose other than evaluating performing the Custodian’s security controls, except that agreed upon services.
13. At the Funds may disclose the Custodian’s SSAE-18 summary to the Funds’ external auditors provided that such external auditors are required to maintain the confidentiality conclusion of the summary and engagement or upon termination of this grant agreement, the Grantee shall surrender all information in any related informationform developed or collected pursuant to this grant.
(i) In 14. If the event of any actual Grantee suspects loss or reasonably suspected, based on Custodian’s experience, breach of security of its systems resulting in the actual, probable or reasonably suspected unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any of the confidential records or information of a Fund (each, a “Security Breach”), upon learning of the Security Breachtheft, the Custodian shall notify such Fund as promptly as reasonably possible of the relevant facts related to such Security Breach then known to the Custodian, and of additional relevant facts promptly after they become known to the Custodian, in the manner provided in Section 12 hereof and also by sending notice to xxxxxxxxxxxxx@xxxxxxxxx.xxx and/or such other electronic mail address or addresses as a Fund may specify by written notice to the Custodian. The Custodian shall at its sole cost: (i) promptly investigate such Security Breach; (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; (iii) restore grantee must report any lost or damaged stolen information, data, or equipment developed or collected pursuant to this grant to CARB immediately.
15. Provide CARB all pass phrases/passwords used for private keys to encrypt data using generally accepted data restoration techniques; and (iv) conduct a root cause analysis to provide the Fund with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information used, produced or acquired in the possession or course of performing duties under this grant agreement.
16. The Grantee must sign non-disclosure and confidentiality agreements as provided by CARB.
17. The Grantee agrees to notify the control CARB immediately of any security incident involving the Custodian information system, servers, data, or any other information developed or collected pursuant to this grant. The Grantee agrees that the CARB has the right to participate in the investigation of a security incident involving its affiliatesdata or conduct its own independent investigation, subsidiaries, agents or employees and that the Custodian Grantee shall cooperate fully in such investigations.
18. The Grantee agrees that it shall be responsible for each Fundall costs incurred by the CARB due to security incident resulting from the grantee’s reasonable failure to perform or negligent acts of its personnel, and resulting in an unauthorized disclosure, release, access, review, or destruction; or loss, theft or misuse of information or data developed or gathered pursuant to this grant. If the Grantee experiences a loss or breach of data, the Grantee shall immediately report the loss or breach to the CARB. If the CARB determines that notice to the individuals whose data has been lost or breached is appropriate, the Grantee will bear any and all costs associated with responding to such Security Breach, includingthe notice or any mitigation selected by the CARB. These costs include, but are not limited to, staff time, material costs, postage, media announcements, credit monitoring for impacted individuals, and other identifiable costs associated with the costs breach or loss of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian reasonably deems necessary (with due regard for industry standards, if any)data.
(j) If the Custodian uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian by this Agreement, such subsidiary, affiliate or agent 19. The Grantee agrees that it shall have appropriate controls in place to meet the objectives of this Section 10, immediately notify and the Custodian shall exercise oversight over each such subsidiary, affiliate or agent to ensure ongoing compliance work cooperatively with the objectives of this Section 10. The Custodian will require each Foreign Sub-Custodian that it engages CARB to provide services under this Agreement respond timely and correctly to establish and maintain reasonably designed safeguards and controls against the unauthorized access to and use of Fund data and informationpublic records act requests.
Appears in 2 contracts
Samples: Grant Agreement, Grant Agreement
Confidentiality and Data Security. (a) The Custodian Fund Accounting Agent agrees to keep confidential, and to cause its employees and agents to keep confidential, all records of the Funds and information relating to the Funds, including without limitation information as to their respective shareholders and their respective portfolio holdings, unless the release of such records or information is made (i) in connection with the services provided under this Agreement, (ii) at the written direction of the applicable Fund Funds or Managers or otherwise consented to, in writing, by the respective Fundssuch Funds or Managers, (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian Fund Accounting Agent has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian Fund Accounting Agent has determined, on the advice of counsel, that the failure to release such information would expose the Custodian Fund Accounting Agent to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian Fund Accounting Agent provides the applicable Fund written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Section 10(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d), (1i) the Custodian Fund Accounting Agent may use information regarding the Funds in the connection with certain functions performed on a centralized basis by the Custodian, Fund Accounting Agent and its affiliates Affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information, but only for the purpose of servicing the Funds in connection with the relationship contemplated by this Agreement or providing additional services to the FundsFund, to its Affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information; and (2ii) the Custodian Fund Accounting Agent may aggregate Fund or Portfolio data with similar data of other customers of the Custodian Fund Accounting Agent (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that no Fund or Portfolio data can be identified either directly or by inference or implication.
(b) Each Fund agrees to keep confidential all information obtained hereunder relating to the CustodianFund Accounting Agent’s business (it being understood, however, that the existence and the terms of this Agreement Agreement, with the exception of fee information, are required to be publicly disclosed by the Funds), unless the release of such records or information is (i) necessary to facilitate the receipt of services provided under this Agreement, (ii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Fund has determined, on the advice of counsel, that it is required to comply, or (iii) where the Fund has determined, on the advice of counsel, that the failure to release such information would expose the Fund to civil or criminal contempt proceedings; provided in the case of clause (ii) or (iii) the Fund provides the Custodian Fund Accounting Agent written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement.
(c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Xxxxx-Xxxxx-Xxxxxx Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or as otherwise permitted by Regulation S-P or the GLB Act.
(d) Without limiting the generality of Section 10(a) hereofthe preceding paragraph (a), the Custodian Fund Accounting Agent acknowledges and agrees that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and all such information to the Custodian Fund Accounting Agent hereunder is made strictly under the conditions of confidentiality set forth in Section 10(a) hereof and solely for the purposes of the performance of custodial accounting services hereunder, that any unauthorized disclosure or misuse of such information (including by the Custodian Fund Accounting Agent or any of its employees or agents, or any trading on the basis of such information by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securities, that access to any and all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunder, and that the Custodian Fund Accounting Agent shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential information.
(e) The parties acknowledge and agree that any breach of Section 10(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a) hereof, the non-breaching party shall (in addition to all other rights and remedies it they may have pursuant to this Agreement, including without limitation Section 8(g) hereof, Agreement and at law and or in equity) be entitled to an injunction, without the necessity of posting any bond or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a) hereof.
(f) The Custodian Fund Accounting Agent will implement and maintain a written information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutes, laws, rules and regulations, and definitive and binding guidance or interpretations by of applicable regulatory authorities of any of the foregoing from time to time, including without limitation to the extent applicable the personal information of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian Fund Accounting Agent receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the CustodianFund Accounting Agent. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
(g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designeddesigned to: (i) to maintain the security and confidentiality of records and information of the Funds; (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; and (iii) to protect against unauthorized access to or use of such records and information. The Custodian Fund Accounting Agent shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls frameworkframework or a successor control framework widely used in the industry. Such safeguards will include, but shall not be limited to, virus protection, password protection and protection, encryption of data in all external methods of transmission at a minimum standard of AES 256256 and other reasonable safeguards and encryption standards for internal methods of data transmission. The Custodian Fund Accounting Agent will use encryption standards approved by NIST or other control frameworks widely used in the industry. The Fund Accounting Agent will provide the Fund, at least annually, with the most recent SOC reports reports, or a successor control framework widely used in the industry, of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (in the form generally provided by the Custodian Fund Accounting Agent to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the CustodianFund Accounting Agent. The Custodian Fund Accounting Agent shall maintain books and records sufficient to demonstrate its compliance with the terms of this Section 10(g).
(h) Upon reasonable notice to the CustodianFund Accounting Agent, the Custodian Fund Accounting Agent will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds once annually and at such other times as the Funds may reasonably request to review the CustodianFund Accounting Agent’s security controls and any deficiencies identified in the SSAE-18 audit reports, or a successor control framework widely used in the industry, and for the Custodian Fund Accounting Agent to review with discuss the Funds summary report of the penetration testing results in further detail, including the status of vulnerability by type and provide such additional severity, and other information concerning the penetration tests as the Custodian Fund Accounting Agent determines to be prudent. At such meeting, the Funds may view the CustodianFund Accounting Agent’s security-related policies and procedures; however, no documentation may be copied, shared, transmitted or removed from the CustodianFund Accounting Agent’s premises, except as mutually agreed. In the event that the Funds identify any control deficiencies, the Custodian Fund Accounting Agent will discuss such findings with the Funds and the parties will use reasonable efforts to develop a mutually agreeable discuss the Fund Accounting Agent’s remediation plan. The Fund Accounting Agent will implement such remediation plan within a reasonable period of time. All nonpublic documentation and information disclosed to the Funds in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the CustodianFund Accounting Agent. The Funds Fund Accounting Agent shall not disclose such documentation or information to any third party (except to the extent permitted, necessary or required pursuant to Section 10(b)) or use it for any purpose other than evaluating the CustodianFund Accounting Agent’s security controls, except that the Funds may disclose the CustodianFund Accounting Agent’s SSAE-18 summary to the Funds’ external auditors provided that such external auditors are required to maintain the confidentiality of the summary and any related informationinformation and prohibited from using it for any purpose of than evaluating the Fund Accounting Agent’s security controls.
(i) In the event of any actual or reasonably suspected, based on CustodianFund Accounting Agent’s experience, breach of security of its systems resulting in the actual, probable actual or reasonably suspected suspected, based on Fund Accounting Agent’s experience, unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any of the confidential records or information of a Fund (each, a “Security Breach”), upon learning of the Security Breach, the Custodian Fund Accounting Agent shall notify such Fund as promptly as reasonably possible of the relevant facts related to such Security Breach then known to the CustodianFund Accounting Agent, and of additional relevant facts promptly after they become known to the CustodianFund Accounting Agent, in the manner provided in Section 12 hereof 11 of this Agreement and also by sending notice to xxxxxxxxxxxxx@xxxxxxxxx.xxx and/or such other electronic mail address or addresses as a Fund may specify by written notice to the CustodianFund Accounting Agent. The Custodian Fund Accounting Agent shall at its sole cost: (i) promptly investigate such Security Breach; (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; (iii) restore any lost or damaged data using generally accepted data restoration techniques; and (iv) conduct a root cause analysis to provide the Fund with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information in the possession or under the control of the Custodian or any of its affiliates, subsidiaries, agents or employees the Custodian shall be responsible for each Fund’s reasonable costs associated with responding to such Security Breach, including, but not limited to, the costs of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian reasonably deems necessary (with due regard for industry standards, if any).
(j) If the Custodian uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian by this Agreement, such subsidiary, affiliate or agent shall have appropriate controls in place to meet the objectives of this Section 10, and the Custodian shall exercise oversight over each such subsidiary, affiliate or agent to ensure ongoing compliance with the objectives of this Section 10. The Custodian will require each Foreign Sub-Custodian that it engages to provide services under this Agreement to establish and maintain reasonably designed safeguards and controls against the unauthorized access to and use of Fund data and information.prevent
Appears in 1 contract
Samples: Fund Accounting Services Agreement (Franklin Lexington Private Markets Fund)
Confidentiality and Data Security. (a) The Custodian agrees In connection with the Transfer Agent Services and any contemplated Transfer Agent Services, each party is expected to keep confidentialexchange certain information with the other (the providing party, the “Provider” and to cause its employees and agents to keep confidentialthe receiving party, all records of the Funds and “Receiver”), which may include information relating to trade secrets, systems, procedures, confidential reports, customer lists, cost information, pricing information, security procedures, shareholder lists, commission schedules, sales and/or trading strategies, computer software and tapes, programs, source codes and financial information (“Confidential Information”). The Receiver agrees that it shall use the Fundssame degree of care as the Receiver uses with respect to its own Confidential Information of like importance, including without limitation information as but no less than reasonable care, to their respective shareholders avoid unauthorized disclosure or use of any of the Provider’s Confidential Information. The Receiver may disclose the Confidential Information to its employees, agents and their respective portfolio holdings, unless affiliates who in the release of Receiver’s commercially reasonable judgment have a specific and demonstrable need to know such records or information is made (i) Confidential Information solely in connection with performing the services provided under this Agreement, (ii) at the written direction of the applicable Fund or otherwise consented to, in writing, by the respective Funds, (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian has determined, on the advice of counsel, that the failure to release such information would expose the Custodian to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian provides the applicable Fund written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided Transfer Agent Services and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Section 10(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d), (1) the Custodian may use information regarding the Funds in connection with certain functions performed on a centralized basis by the Custodian, its affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder materially consistent with respect this Agreement. The Receiver shall have the right to such informationdisclose Confidential Information as necessary for compliance with any legal or regulatory requirement, but only for the purpose including court order, statute, law, rule, regulation, subpoena or other similar requirement of servicing the Funds in connection with the relationship contemplated by this Agreement a competent governmental body, exchange organization or providing additional services to the Funds, and (2) the Custodian may aggregate Fund or Portfolio data with similar data of other customers of the Custodian (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that no Fund or Portfolio data can be identified either directly or by inference or implication.
(b) Each Fund agrees to keep confidential all information obtained hereunder relating to the Custodian’s business (it being understoodregulatory authority; provided, however, that the existence and Receiver making such required disclosure shall first notify the terms of this Agreement are required to be publicly disclosed by the Funds), unless the release of such records or information is Provider (i) necessary to facilitate the receipt of services provided under this Agreement, (ii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Fund has determined, on the advice of counsel, that it is required to comply, or (iii) where the Fund has determined, on the advice of counsel, that the failure to release such information would expose the Fund to civil or criminal contempt proceedings; provided in the case of clause (ii) or (iii) the Fund provides the Custodian written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided legally permissible) and shall cease afford the Provider a reasonable opportunity to be applicable seek confidential treatment if it wishes to any information that thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreementdo so.
(c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Xxxxx-Xxxxx-Xxxxxx Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or as otherwise permitted by Regulation S-P or the GLB Act.
(d) Without limiting the generality of Section 10(a) hereof, the Custodian acknowledges and agrees that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and all such information to the Custodian hereunder is made strictly under the conditions of confidentiality set forth in Section 10(a) hereof and solely for the purposes of the performance of custodial services hereunder, that any unauthorized disclosure or misuse of such information (including by the Custodian or any of its employees or agents, or any trading on the basis of such information by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securities, that access to any and all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunder, and that the Custodian shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential information.
(e) The parties acknowledge and agree that any breach of Section 10(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a) hereof, the non-breaching party shall (in addition to all other rights and remedies it may have pursuant to this Agreement, including without limitation Section 8(g) hereof, and at law and in equity) be entitled to an injunction, without the necessity of posting any bond or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a) hereof.
(f) The Custodian will implement and maintain a written information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutes, laws, rules and regulations, and definitive and binding guidance or interpretations by applicable authorities of any of the foregoing from time to time, including without limitation the personal information of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the Custodian. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
(g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designed: (i) to maintain the security and confidentiality of records and information of the Funds; (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; and (iii) to protect against unauthorized access to or use of such records and information. The Custodian shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls framework. Such safeguards will include, but shall not be limited to, virus protection, password protection and encryption of data in transmission at a minimum standard of AES 256. The Custodian will provide the Fund, at least annually, with the most recent SOC reports of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (in the form generally provided by the Custodian to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the Custodian. The Custodian shall maintain books and records sufficient to demonstrate its compliance with the terms of this Section 10(g).
(h) Upon reasonable notice to the Custodian, the Custodian will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds once annually and at such other times as the Funds may reasonably request to review the Custodian’s security controls and any deficiencies identified in the SSAE-18 audit reports, and for the Custodian to review with the Funds the penetration testing results and provide such additional information concerning the penetration tests as the Custodian determines to be prudent. At such meeting, the Funds may view the Custodian’s security-related policies and procedures; however, no documentation may be copied, shared, transmitted or removed from the Custodian’s premises, except as mutually agreed. In the event that the Funds identify any control deficiencies, the Custodian will discuss such findings with the Funds and will use reasonable efforts to develop a mutually agreeable remediation plan. All nonpublic documentation and information disclosed to the Funds in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the Custodian. The Funds shall not disclose such documentation or information to any third party (except to the extent permitted, necessary or required pursuant to Section 10(b)) or use it for any purpose other than evaluating the Custodian’s security controls, except that the Funds may disclose the Custodian’s SSAE-18 summary to the Funds’ external auditors provided that such external auditors are required to maintain the confidentiality of the summary and any related information.
(i) In the event of any actual or reasonably suspected, based on Custodian’s experience, breach of security of its systems resulting in the actual, probable or reasonably suspected unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any of the confidential records or information of a Fund (each, a “Security Breach”), upon learning of the Security Breach, the Custodian shall notify such Fund as promptly as reasonably possible of the relevant facts related to such Security Breach then known to the Custodian, and of additional relevant facts promptly after they become known to the Custodian, in the manner provided in Section 12 hereof and also by sending notice to xxxxxxxxxxxxx@xxxxxxxxx.xxx and/or such other electronic mail address or addresses as a Fund may specify by written notice to the Custodian. The Custodian shall at its sole cost: (i) promptly investigate such Security Breach; (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; (iii) restore any lost or damaged data using generally accepted data restoration techniques; and (iv) conduct a root cause analysis to provide the Fund with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information in the possession or under the control of the Custodian or any of its affiliates, subsidiaries, agents or employees the Custodian shall be responsible for each Fund’s reasonable costs associated with responding to such Security Breach, including, but not limited to, the costs of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian reasonably deems necessary (with due regard for industry standards, if any).
(j) If the Custodian uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian by this Agreement, such subsidiary, affiliate or agent shall have appropriate controls in place to meet the objectives of this Section 10, and the Custodian shall exercise oversight over each such subsidiary, affiliate or agent to ensure ongoing compliance with the objectives of this Section 10. The Custodian will require each Foreign Sub-Custodian that it engages to provide services under this Agreement to establish and maintain reasonably designed safeguards and controls against the unauthorized access to and use of Fund data and information.
Appears in 1 contract
Samples: Transfer Agent Services Agreement (wShares Bitcoin Fund)
Confidentiality and Data Security. (a) The Custodian BNY Mellon agrees to keep confidential, and to cause its employees and agents to keep confidential, all records of the Investment Advisor and the Funds and information relating to the Investment Advisor and the Funds, including without limitation information as to their the Funds’ respective shareholders and their the Funds’ respective portfolio holdings, unless the release of such records or information is made (i) in connection with the services provided under this Agreement, (ii) at the written direction of the Investment Advisor (acting solely for itself or on behalf of the applicable Fund Funds) or otherwise consented to, in writing, by the respective Investment Advisor (acting solely for itself or on behalf of the applicable Funds), (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian BNY Mellon has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian BNY Mellon has determined, on the advice of counsel, that the failure to release such information would expose the Custodian BNY Mellon to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian BNY Mellon provides the applicable Fund Investment Advisor written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that or thereafter becomes publicly available, other than through a breach of this Section 10(a18(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d)foregoing, (1i) the Custodian BNY Mellon may use information regarding the Investment Advisor or the Funds in the connection with certain functions performed on a centralized basis by the Custodian, BNY Mellon and its affiliates Affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information, but only for the purpose of servicing the Investment Advisor or the Funds in connection with the relationship contemplated by this Agreement or providing additional services for the benefit of the Fund, to the Funds, its Affiliates and to its or their service providers who are subject to confidentiality obligations with respect to such information; and (2ii) the Custodian BNY Mellon may aggregate Fund or Portfolio Series data with similar data of other customers of the Custodian BNY Mellon (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that no Fund or Portfolio Series data can be identified either directly or by inference or implication.
(b) Each Fund The Investment Advisor agrees to keep confidential all information obtained hereunder relating to the CustodianBNY Mellon’s business (it being understood, however, that the existence and the terms of this Agreement Agreement, with the exception of fee information, are required to be publicly disclosed by the Fundsdisclosed), unless the release of such records or information is (i) necessary to facilitate the receipt of services provided under this Agreement, (ii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Fund Investment Advisor has determined, on the advice of counsel, that it is required to comply, or (iii) where the Fund Investment Advisor has determined, on the advice of counsel, that the failure to release such information would expose the Fund Investment Advisor to civil or criminal contempt proceedings; provided in the case of clause (ii) or (iii) the Fund Investment Advisor provides the Custodian BNY Mellon written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that or thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement.
(c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Xxxxx-Xxxxx-Xxxxxx Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or as otherwise permitted by Regulation S-P or the GLB Act.
(d) Without limiting the generality of Section 10(a) hereofthe preceding paragraph (a), the Custodian BNY Mellon acknowledges and agrees that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and all such information to BNY Mellon hereunder by the Custodian hereunder Investment Adviser (acting on behalf of the Funds) is made strictly under the conditions of confidentiality set forth in this Section 10(a) hereof 18 and solely for the purposes of the BNY Mellon’s performance of custodial services hereunder, that any unauthorized disclosure or misuse of such information (including without limitation any unauthorized disclosure to others by the Custodian BNY Mellon or any of its employees or agents, or any trading on the basis of such information by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securities, that access to any and all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunder, and that the Custodian BNY Mellon shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential information.
(e) The parties acknowledge and agree that any breach of Section 10(a18(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a18(a) hereof, the non-breaching party shall (in addition to all other rights and remedies it they may have pursuant to this Agreement, including without limitation Section 8(g) hereof, Agreement and at law and or in equity) be entitled to an injunction, without the necessity of posting any bond or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a18(a) hereof.
(f) The Custodian BNY Mellon will implement and maintain a written information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutes, laws, rules and regulations, and definitive and binding guidance or interpretations by applicable authorities of any of the foregoing from time to timeFunds, including without limitation to the extent applicable the personal information of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian BNY Mellon receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the CustodianBNY Mellon. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
(g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designed: (i) to maintain the security and confidentiality of records and information of the Investment Advisor and the Funds; , (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; , and (iii) to protect against unauthorized access to or use of such records and information. The Custodian BNY Mellon shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls framework. Such safeguards will include, but shall not be limited to, virus protection, password protection and encryption of data in transmission at a minimum standard of AES 256. The Custodian BNY Mellon will provide the FundInvestment Advisor, at least annually, with the most recent SOC reports of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (in the form generally provided by the Custodian BNY Mellon to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the CustodianXXX Xxxxxx. The Custodian XXX Xxxxxx shall maintain books and records sufficient to demonstrate its compliance with the terms of this Section 10(g18(g).
(h) Upon reasonable notice to the CustodianXXX Xxxxxx, the Custodian XXX Xxxxxx will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds Investment Advisor once annually and at such other times as the Funds Investment Advisor may reasonably request to review the CustodianBNY Mellon’s security controls and any deficiencies identified in the SSAE-18 audit reports, and for the Custodian BNY Mellon to review with the Funds Investment Advisor the penetration testing results and provide such additional information concerning the penetration tests as the Custodian BNY Mellon determines to be prudent. At such meeting, the Funds Investment Advisor may view the CustodianBNY Mellon’s security-related policies and procedures; , however, no documentation may be copied, shared, transmitted or removed from the CustodianBNY Mellon’s premises, except as mutually agreed. In the event that the Funds identify Investment Advisor identifies any control deficiencies, the Custodian BNY Mellon will discuss such findings with the Funds Investment Advisor and will use reasonable efforts if appropriate the parties shall work together to develop a mutually agreeable remediation plan. All nonpublic documentation and information disclosed to the Funds Investment Advisor in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the CustodianBNY Mellon. The Funds Investment Advisor shall not disclose such documentation or information to any third party (except to the extent permitted, necessary or required pursuant to Section 10(b18(b)) or use it for any purpose other than evaluating the CustodianBNY Mellon’s security controls, except that the Funds Investment Advisor may disclose the CustodianBNY Mellon’s SSAE-18 summary to the Investment Advisor or the Funds’ external auditors provided that such external auditors are required to maintain the confidentiality of the summary and any related information.
(i) In the event of any actual or reasonably suspected, based on CustodianBNY Mellon’s experience, breach of security of its systems resulting in the actual, probable actual or reasonably suspected suspected, based on BNY Mellon’s experience, unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any of the confidential records or information of the Investment Advisor or a Fund (each, a “Security Breach”), upon learning of the Security Breach, BNY Mellon shall promptly notify the Custodian shall notify such Fund as promptly as reasonably possible Investment Advisor of the relevant facts related to such Security Breach then known to the CustodianBNY Mellon, and of additional relevant facts promptly after they become known to the CustodianBNY Mellon, in the manner provided in Section 12 hereof 16 of this Agreement and also by sending notice to xxxxxxxxxxxxx@xxxxxxxxx.xxx and/or such other electronic mail address or addresses as a Fund the Investment Advisor may specify by written notice to the CustodianXXX Xxxxxx. The Custodian XXX Xxxxxx shall at its sole cost: (i) promptly investigate such Security Breach; , (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; , (iii) restore any lost or damaged data using generally accepted data restoration techniques; , and (iv) conduct a root cause analysis to provide the Fund Investment Advisor with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information in the possession or under the control of the Custodian BNY Mellon or any of its affiliates, subsidiaries, agents or employees the Custodian employees, BNY Mellon shall be responsible to the Investment Advisor for each Fund’s reasonable costs associated with responding to such Security Breach, including, but not limited to, the costs of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian reasonably deems necessary (with due regard for industry standards, if any)individuals.
(j) If the Custodian BNY Mellon uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian BNY Mellon by this Agreement, such subsidiary, subsidiary or affiliate or agent shall have appropriate controls in place to meet the objectives of this Section 1018, and the Custodian BNY Mellon shall exercise oversight over each such subsidiary, subsidiary or affiliate or agent to ensure ongoing compliance with the objectives of this Section 10. The Custodian will require each Foreign Sub-Custodian that it engages to provide services under this Agreement to establish and maintain reasonably designed safeguards and controls against the unauthorized access to and use of Fund data and information18.
Appears in 1 contract
Samples: Administration Agreement (Clarion Partners Real Estate Income Fund Inc.)
Confidentiality and Data Security. Confidential Information” means all non-public, confidential, sensitive, or proprietary information disclosed or made available by City to Consultant or its affiliates, employees, contractors, partners, or agents (collectively “Recipients”), whether disclosed before or after the Effective Date, whether disclosed orally, in writing, or via permitted electronic access, and whether or not marked, designated, or otherwise identified as “confidential,” including: all user contents, user data, electronic files, meta data, technology networks, information security practices, business operations, financial accounts, personal identifying data, protected health information, protected criminal justice information, and any other information that by the nature and circumstance of the disclosure should be deemed confidential. Confidential Information does not include information that: (a) The Custodian agrees to keep confidential, and to cause its employees and agents to keep confidential, all records of the Funds and information relating is now or subsequently becomes generally available to the Fundspublic through no wrongful act or omission of Consultant; (b) Consultant can demonstrate by its written records to lawfully have had in its possession prior to receiving such information from the City;
(c) Consultant can demonstrate by its written records to have been independently developed by Consultant without direct or indirect use of any Confidential Information; (d) Consultant lawfully obtains from a third party who has the right to transfer or disclose it; or (e) is approved in writing by the City for disclosure. SAMPLE CONTRACT Consultant shall: (a) protect and safeguard Confidential Information with at least the same degree of care as Consultant would protect its own Confidential Information, but in no event with less than a commercially reasonable degree of care, such as using data encryption and maintaining appropriate technical and organizational measures in performing the Services under this Agreement; (b) not use Confidential Information, or permit it to be accessed or used, for any purpose other than in accordance with this Agreement; (c) not use Confidential Information, or permit it to be accessed or used, in any manner that would constitute a violation of law, including without limitation information as to their respective shareholders export control and their respective portfolio holdings, unless the release of such records or information is made data privacy laws; and (id) in connection with the services provided under this Agreement, (ii) at the written direction of the applicable Fund or otherwise consented to, in writing, by the respective Funds, (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian has determined, on the advice of counsel, that the failure to release such information would expose the Custodian to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian provides the applicable Fund written notice of such requirement to release such records or information, not disclose Confidential Information except to the extent such notice is permitted. The foregoing shall not be applicable minimum number of Recipients who have a need to any information that is publicly available when provided know and shall cease who have been informed of and agree to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Section 10(a), or that is independently derived abide by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d), (1) the Custodian may use information regarding the Funds in connection with certain functions performed on a centralized basis by the Custodian, its affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information, but only for the purpose of servicing the Funds in connection with the relationship contemplated by this Agreement or providing additional services to the Funds, and (2) the Custodian may aggregate Fund or Portfolio data with similar data of other customers of the Custodian (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that are no Fund or Portfolio data can be identified either directly or by inference or implication.
(b) Each Fund agrees to keep confidential all information obtained hereunder relating to the Custodian’s business (it being understood, however, that the existence and less restrictive than the terms of this Agreement are Agreement. If Consultant is required by law to be publicly disclosed by disclose any Confidential Information, Consultant will first give written notice to the Funds), unless City and provide the release of such records or information is (i) necessary City with a meaningful opportunity to facilitate the receipt of services provided under this Agreement, (ii) in response to seek a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court protective order or other legal process, in each case with respect to which limit disclosure. Upon the Fund has determined, on the advice termination of counsel, that it is required to comply, or (iii) where the Fund has determined, on the advice of counsel, that the failure to release such information would expose the Fund to civil or criminal contempt proceedings; provided in the case of clause (ii) or (iii) the Fund provides the Custodian written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement.
(c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Xxxxx-Xxxxx-Xxxxxx Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or at any time as otherwise permitted instructed by Regulation S-P or the GLB Act.
(d) Without limiting City in writing, Consultant shall promptly return to the generality City all copies of Section 10(a) hereof, the Custodian acknowledges and agrees Confidential Information that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and Consultant has in its possession and/or destroy all such information copies and certify in writing to the Custodian hereunder is made strictly under the conditions of confidentiality set forth in Section 10(a) hereof and solely for the purposes of the performance of custodial services hereunderCity that Confidential Information has been destroyed. If applicable, that any unauthorized disclosure or misuse of such information (including by the Custodian or any of its employees or agents, or any trading on the basis of such information by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securities, that access Consultant agrees to any and comply with all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunder, and that the Custodian shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential information.
(e) The parties acknowledge and agree that any breach of Section 10(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a) hereof, the non-breaching party shall (in addition to all other rights and remedies it may have pursuant to this Agreement, including without limitation Section 8(g) hereof, and at law and in equity) be entitled to an injunction, without the necessity of posting any bond or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a) hereof.
(f) The Custodian will implement and maintain a written City information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutestechnology policies, lawsstandards, rules and regulations, and definitive and binding guidance or interpretations by applicable authorities of any of the foregoing as may be updated from time to time, including without limitation when accessing City networks and computerized systems whether onsite or remotely. Consultant will indemnify and hold the personal information City harmless against all losses, claims, costs, attorneys’ fees, damages or proceedings suffered or incurred by the City arising out of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian receives, stores, maintains, processes or otherwise accesses in connection with the Consultant’s breach of this Section (Confidentiality). This provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the Custodian. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
(g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designed: (i) to maintain the security and confidentiality of records and information of the Funds; (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; and (iii) to protect against unauthorized access to or use of such records and information. The Custodian shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls framework. Such safeguards will include, but shall not be limited to, virus protection, password protection and encryption subject to any limits of data liability or exclusions as may be stated elsewhere in transmission at a minimum standard of AES 256. The Custodian will provide the Fund, at least annually, with the most recent SOC reports of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (in the form generally provided by the Custodian to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the Custodian. The Custodian shall maintain books and records sufficient to demonstrate its compliance with the terms A violation of this Section 10(g).
(h) Upon reasonable notice to the Custodian, the Custodian will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds once annually and at such other times as the Funds may reasonably request to review the Custodian’s security controls and any deficiencies identified in the SSAE-18 audit reports, and for the Custodian to review with the Funds the penetration testing results and provide such additional information concerning the penetration tests as the Custodian determines to be prudent. At such meeting, the Funds may view the Custodian’s security-related policies and procedures; however, no documentation may be copied, shared, transmitted or removed from the Custodian’s premises, except as mutually agreed. In the event that the Funds identify any control deficiencies, the Custodian will discuss such findings with the Funds and will use reasonable efforts to develop a mutually agreeable remediation plan. All nonpublic documentation and information disclosed to the Funds in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the Custodianto cause irreparable harm that justifies injunctive relief in court. The Funds shall not disclose such documentation or information to any third party (except to the extent permitted, necessary or required pursuant to Section 10(b)) or use it for any purpose other than evaluating the Custodian’s security controls, except that the Funds may disclose the Custodian’s SSAE-18 summary to the Funds’ external auditors provided that such external auditors are required to maintain the confidentiality of the summary and any related information.
(i) In the event of any actual or reasonably suspected, based on Custodian’s experience, breach of security of its systems resulting in the actual, probable or reasonably suspected unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any of the confidential records or information of a Fund (each, a “Security Breach”), upon learning of the Security Breach, the Custodian shall notify such Fund as promptly as reasonably possible of the relevant facts related to such Security Breach then known to the Custodian, and of additional relevant facts promptly after they become known to the Custodian, in the manner provided in Section 12 hereof and also by sending notice to xxxxxxxxxxxxx@xxxxxxxxx.xxx and/or such other electronic mail address or addresses as a Fund may specify by written notice to the Custodian. The Custodian shall at its sole cost: (i) promptly investigate such Security Breach; (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; (iii) restore any lost or damaged data using generally accepted data restoration techniques; and (iv) conduct a root cause analysis to provide the Fund with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information in the possession or under the control of the Custodian or any of its affiliates, subsidiaries, agents or employees the Custodian shall be responsible for each Fund’s reasonable costs associated with responding to such Security Breach, including, but not limited to, the costs of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian reasonably deems necessary (with due regard for industry standards, if any).
(j) If the Custodian uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian by this Agreement, such subsidiary, affiliate or agent shall have appropriate controls in place to meet the objectives A violation of this Section 10, and may at the Custodian shall exercise oversight over each such subsidiary, affiliate or agent to ensure ongoing compliance with the objectives City’s discretion result in immediate termination of this Section 10Agreement without notice. The Custodian will require each Foreign Sub-Custodian that it engages to provide services obligations of Consultant under this Agreement to establish and maintain reasonably designed safeguards and controls against Section shall survive the unauthorized access to and use termination of Fund data and informationthis Agreement.
Appears in 1 contract
Samples: Technology Consulting Professional Services Agreement
Confidentiality and Data Security. (a) The Custodian BNY Mellon agrees to keep confidential, and to cause its employees and agents to keep confidential, all records of the Investment Advisor and the Funds and information relating to the Investment Advisor and the Funds, including without limitation information as to their the Funds’ respective shareholders and their the Funds’ respective portfolio holdings, unless the release of such records or information is made (i) in connection with the services provided under this Agreement, (ii) at the written direction of the Investment Advisor (acting solely for itself or on behalf of the applicable Fund Funds) or otherwise consented to, in writing, by the respective Investment Advisor (acting solely for itself or on behalf of the applicable Funds), (iii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Custodian BNY Mellon has determined, on the advice of counsel, that it is required to comply, or (iv) where the Custodian BNY Mellon has determined, on the advice of counsel, that the failure to release such information would expose the Custodian BNY Mellon to civil or criminal contempt proceedings; provided in the case of clause (iii) or (iv) the Custodian BNY Mellon provides the applicable Fund Investment Advisor written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that or thereafter becomes publicly available, other than through a breach of this Section 10(a18(a), or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement. Notwithstanding the foregoing but subject to Section 10(d)foregoing, (1i) the Custodian BNY Mellon may use information regarding the Investment Advisor or the Funds in the connection with certain functions performed on a centralized basis by the Custodian, BNY Mellon and its affiliates Affiliates or its or their service providers (including audit, accounting, risk, legal, compliance, sales, administration, product communication, relationship management, compilation and analysis of customer-related data and storage) and disclose such information to its affiliates and to its or their service providers who are subject to the confidentiality obligations hereunder with respect to such information, but only for the purpose of servicing the Investment Advisor or the Funds in connection with the relationship contemplated by this Agreement or providing additional services for the benefit of the Fund, to the Funds, its Affiliates and to its or their service providers who are subject to confidentiality obligations with respect to such information; and (2ii) the Custodian BNY Mellon may aggregate Fund or Portfolio Series data with similar data of other customers of the Custodian BNY Mellon (“Aggregated Data”) and may use Aggregated Data so long as such Aggregated Data represents such a sufficiently large sample that no Fund or Portfolio Series data can be identified either directly or by inference or implication.
(b) Each Fund The Investment Advisor agrees to keep confidential all information obtained hereunder relating to the CustodianBNY Mellon’s business (it being understood, however, that the existence and the terms of this Agreement Agreement, with the exception of fee information, are required to be publicly disclosed by the Fundsdisclosed), unless the release of such records or information is (i) necessary to facilitate the receipt of services provided under this Agreement, (ii) in response to a request of a governmental, regulatory or self-regulatory authority or agency or pursuant to a subpoena, court order or other legal process, in each case with respect to which the Fund Investment Advisor has determined, on the advice of counsel, that it is required to comply, or (iii) where the Fund Investment Advisor has determined, on the advice of counsel, that the failure to release such information would expose the Fund Investment Advisor to civil or criminal contempt proceedings; provided in the case of clause (ii) or (iii) the Fund Investment Advisor provides the Custodian BNY Mellon written notice of such requirement to release such records or information, to the extent such notice is permitted. The foregoing shall not be applicable to any information that is publicly available when provided and shall cease to be applicable to any information that or thereafter becomes publicly available, other than through a breach of this Agreement, or that is independently derived by any party hereto without the use of any information derived in connection with the services provided under this Agreement.
(c) Notwithstanding any provision herein to the contrary, each party hereto agrees that any Nonpublic Personal Information, as defined under Section 248.3(t) of Regulation S-P (“Regulation S-P”), promulgated under the Xxxxx-Xxxxx-Xxxxxx Act (the “GLB Act”), disclosed or otherwise made accessible by a party hereunder is for the specific purpose of permitting the other party to perform its duties as set forth in this Agreement. Each party agrees that, with respect to such information, it will comply with Regulation S-P and the GLB Act and that it will not disclose any Nonpublic Personal Information received in connection with this Agreement to any other party, except to the extent necessary to carry out the services set forth in this Agreement or as otherwise permitted by Regulation S-P or the GLB Act.
(d) Without limiting the generality of Section 10(a) hereofthe preceding paragraph (a), the Custodian BNY Mellon acknowledges and agrees that the Funds are prohibited by law from making selective public disclosure of information regarding portfolio holdings, that disclosure of any and all such information to BNY Mellon hereunder by the Custodian hereunder Investment Adviser (acting on behalf of the Funds) is made strictly under the conditions of confidentiality set forth in this Section 10(a) hereof 18 and solely for the purposes of the BNY Mellon’s performance of custodial services hereunder, that any unauthorized disclosure or misuse of such information (including without limitation any unauthorized disclosure to others by the Custodian BNY Mellon or any of its employees or agents, or any trading on the basis of such information by anyone in receipt of such information) may constitute a criminal offense of trading on or tipping of material inside information regarding publicly traded securities, that access to any and all such information regarding portfolio holdings of the Funds shall be restricted to those persons needing such information in the course of the performance of duties hereunder, and that the Custodian BNY Mellon shall apprise all such persons having access of the obligation hereunder and under applicable law to prevent unauthorized disclosure of such confidential information.
(e) The parties acknowledge and agree that any breach of Section 10(a18(a) hereof would cause not only financial damage, but irreparable harm to the other party, for which money damages will not provide an adequate remedy. Accordingly, in the event of a breach of Section 10(a18(a) hereof, the non-breaching party shall (in addition to all other rights and remedies it they may have pursuant to this Agreement, including without limitation Section 8(g) hereof, Agreement and at law and or in equity) be entitled to an injunction, without the necessity of posting any bond or surety, to restrain disclosure or misuse, in whole or in part, of any information in violation of Section 10(a18(a) hereof.
(f) The Custodian BNY Mellon will implement and maintain a written information security program (the “Security Program”) that contains appropriate security measures designed to safeguard confidential records and information of the Funds consistent with applicable statutes, laws, rules and regulations, and definitive and binding guidance or interpretations by applicable authorities of any of the foregoing from time to timeFunds, including without limitation to the extent applicable the personal information of the Funds’ shareholders, employees, trustees, directors and/or officers that the Custodian BNY Mellon receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account with the CustodianBNY Mellon. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
(g) The Security Program shall have administrative, technical and physical safeguards, appropriate to the type of information concerned, designed: (i) to maintain the security and confidentiality of records and information of the Investment Advisor and the Funds; , (ii) to protect against anticipated threats or hazards to the security or integrity of such records and information; , and (iii) to protect against unauthorized access to or use of such records and information. The Custodian BNY Mellon shall develop, implement and maintain, at its sole expense, a system or methodology to audit for compliance with the requirements of the preceding sentence that is consistent with the SOC controls framework. Such safeguards will include, but shall not be limited to, virus protection, password protection and encryption of data in transmission at a minimum standard of AES 256. The Custodian BNY Mellon will provide the FundInvestment Advisor, at least annually, with the most recent SOC reports of its systems and methodologies prepared by an independent third party, and will provide executive summaries of its most recent penetration and ethical hack testing of its internet-facing environment relevant to the systems used to provide services under this Agreement (in the form generally provided by the Custodian BNY Mellon to other similarly situated customers of services similar to the services provided under this Agreement), as conducted by a qualified, independent third party selected by the CustodianBNY Mellon. The Custodian BNY Mellon shall maintain books and records sufficient to demonstrate its compliance with the terms of this Section 10(g18(g).
(h) Upon reasonable notice to the CustodianBNY Mellon, the Custodian BNY Mellon will arrange for its relevant subject matter experts to meet with the relevant subject matter experts of the Funds Investment Advisor once annually and at such other times as the Funds Investment Advisor may reasonably request to review the CustodianBNY Mellon’s security controls and any deficiencies identified in the SSAE-18 audit reports, and for the Custodian BNY Mellon to review with the Funds Investment Advisor the penetration testing results and provide such additional information concerning the penetration tests as the Custodian BNY Mellon determines to be prudent. At such meeting, the Funds Investment Advisor may view the CustodianBNY Mellon’s security-related policies and procedures; , however, no documentation may be copied, shared, transmitted or removed from the CustodianBNY Mellon’s premises, except as mutually agreed. In the event that the Funds identify Investment Advisor identifies any control deficiencies, the Custodian BNY Mellon will discuss such findings with the Funds Investment Advisor and will use reasonable efforts if appropriate the parties shall work together to develop a mutually agreeable remediation plan. All nonpublic documentation and information disclosed to the Funds Investment Advisor in accordance with this Section 10(h) shall be deemed proprietary and confidential information of the CustodianBNY Mellon. The Funds Investment Advisor shall not disclose such documentation or information to any third party (except to the extent permitted, necessary or required pursuant to Section 10(b18(b)) or use it for any purpose other than evaluating the CustodianBNY Mellon’s security controls, except that the Funds Investment Advisor may disclose the CustodianBNY Mellon’s SSAE-18 summary to the Investment Advisor or the Funds’ external auditors provided that such external auditors are required to maintain the confidentiality of the summary and any related information.
(i) In the event of any actual or reasonably suspected, based on CustodianBNY Mellon’s experience, breach of security of its systems resulting in the actual, probable actual or reasonably suspected suspected, based on BNY Mellon’s experience, unauthorized access to or acquisition, use, loss, destruction, compromise or disclosure of any of the confidential records or information of the Investment Advisor or a Fund (each, a “Security Breach”), upon learning of the Security Breach, BNY Mellon shall promptly notify the Custodian shall notify such Fund as promptly as reasonably possible Investment Advisor of the relevant facts related to such Security Breach then known to the CustodianBNY Mellon, and of additional relevant facts promptly after they become known to the CustodianBNY Mellon, in the manner provided in Section 12 hereof 16 of this Agreement and also by sending notice to xxxxxxxxxxxxx@xxxxxxxxx.xxx and/or such other electronic mail address or addresses as a Fund the Investment Advisor may specify by written notice to the CustodianBNY Mellon. The Custodian BNY Mellon shall at its sole cost: (i) promptly investigate such Security Breach; , (ii) resolve or mitigate the vulnerability that facilitated the Security Breach to the extent possible; , (iii) restore any lost or damaged data using generally accepted data restoration techniques; , and (iv) conduct a root cause analysis to provide the Fund Investment Advisor with a summary of the findings and actions taken to prevent recurrence of such Security Breach. If a Security Breach occurs with respect to personal information in the possession or under the control of the Custodian BNY Mellon or any of its affiliates, subsidiaries, agents or employees the Custodian employees, BNY Mellon shall be responsible to the Investment Advisor for each Fund’s reasonable costs associated with responding to such Security Breach, including, but not limited to, the costs of notifying affected individuals and taking any remedial action required by applicable statutes, laws, rules and regulations and any such other remedial action that the Custodian reasonably deems necessary (with due regard for industry standards, if any)individuals.
(j) If the Custodian BNY Mellon uses any subsidiary or affiliate or, pursuant to Section 2.6(a), agent to perform the duties assigned to the Custodian BNY Mellon by this Agreement, such subsidiary, subsidiary or affiliate or agent shall have appropriate controls in place to meet the objectives of this Section 1018, and the Custodian BNY Mellon shall exercise oversight over each such subsidiary, subsidiary or affiliate or agent to ensure ongoing compliance with the objectives of this Section 10. The Custodian will require each Foreign Sub-Custodian that it engages to provide services under this Agreement to establish and maintain reasonably designed safeguards and controls against the unauthorized access to and use of Fund data and information18.
Appears in 1 contract
Samples: Administration Agreement (Franklin Lexington Private Markets Fund)
