COMMERCIALLY SENSITIVE INFORMATION 1. The Authority acknowledges that the Contractor has requested that the following information be treated as Commercially Sensitive Information; Document Page Number Section Condition or Paragraph Number Explanation of harm which may result from disclosure and time period applicable to sensitivity.
Sensitive data Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter ‘sensitive data’), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B.
Sensitive Information Buyer will inform Licensor if Personal Data falls into any special categories of personal data as defined in Article 9(1) of Regulation (EU) 2016/679.
Contractor Sensitive Information 17.1 The Authority must:
Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.
Treatment of Confidential Information (a) The Parties shall not, and shall cause all other Persons providing Services or having access to information of the other Party that is known to such Party as confidential or proprietary (the “Confidential Information”) not to, disclose to any other Person or use, except for purposes of this Agreement, any Confidential Information of the other Party; provided, however, that the Confidential Information may be used by such Party to the extent that such Confidential Information has been (i) in the public domain through no fault of such Party or any member of such Group or any of their respective Representatives or (ii) later lawfully acquired from other sources by such Party (or any member of such Party’s Group), which sources are not themselves bound by a confidentiality obligation; provided, further, that each Party may disclose Confidential Information of the other Party, to the extent not prohibited by applicable Law: (A) to its Representatives on a need-to-know basis in connection with the performance of such Party’s obligations under this Agreement; (B) in any report, statement, testimony or other submission required to be made to any Governmental Authority having jurisdiction over the disclosing Party; or (C) in order to comply with applicable Law, or in response to any summons, subpoena or other legal process or formal or informal investigative demand issued to the disclosing Party in the course of any litigation, investigation or administrative proceeding. In the event that a Party becomes legally compelled (based on advice of counsel) by deposition, interrogatory, request for documents subpoena, civil investigative demand or similar judicial or administrative process to disclose any Confidential Information of the other Party, such disclosing Party shall provide the other Party with prompt prior written notice of such requirement, and, to the extent reasonably practicable, cooperate with the other Party (at such other Party’s expense) to obtain a protective order or similar remedy to cause such Confidential Information not to be disclosed, including interposing all available objections thereto, such as objections based on settlement privilege. In the event that such protective order or other similar remedy is not obtained, the disclosing Party shall furnish only that portion of the Confidential Information that has been legally compelled, and shall exercise its commercially reasonable efforts (at such other Party’s expense) to obtain assurance that confidential treatment will be accorded such Confidential Information.
Treatment of Proprietary and Confidential Information A. Both parties agree that it may be necessary to provide each other during the term of this Agreement with certain confidential information, including trade secret information, including but not limited to, technical and business plans, technical information, proposals, specifications, drawings, procedures, customer account data and like information (hereinafter collectively referred to as “Information”). Both parties agree that all Information shall either be in writing or other tangible format and clearly marked with a confidential, private or proprietary legend, or, when the Information is communicated orally, it shall also be communicated that the Information is confidential, private or proprietary. The Information will be returned to the owner within a reasonable time. Both parties agree that the Information shall not be copied or reproduced in any form. Both parties agree to receive such Information and not disclose such Information. Both parties agree to protect the Information received from distribution, disclosure or dissemination to anyone except employees of the parties with a need to know such Information and which employees agree to be bound by the terms of this Section. Both parties will use the same standard of care to protect Information received as they would use to protect their own confidential and proprietary Information.
Technical and Organisational Measures (1) Before the commencement of processing, the Supplier shall document the execution of the necessary Technical and Organisational Measures, set out in advance of the awarding of the Order or Contract, specifically with regard to the detailed execution of the contract, and shall present these documented measures to the Client for inspection. Upon acceptance by the Client, the documented measures become the foundation of the contract. Insofar as the inspection/audit by the Client shows the need for amendments, such amendments shall be implemented by mutual agreement.
Information Safeguards Business Associate will develop, document, implement, maintain and use appropriate administrative, technical and physical safeguards to preserve the integrity and confidentiality of and to prevent non-permitted use or disclosure of PHI created for or received from Recipient or its Subsidiaries. These safeguards must be appropriate to the size and complexity of Business Associate’s operations and the nature and scope of its activities. Business Associate agrees that these safeguards will meet any applicable requirements set forth by the U.S. Department of Health and Human Services, including (as of the effective date or as of the compliance date, whichever is applicable) any requirements set forth in the final HIPAA security regulations. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate resulting from a use or disclosure of PHI by Business Associate in violation of the requirements of this Addendum.
Appropriate Technical and Organizational Measures SAP has implemented and will apply the technical and organizational measures set forth in Appendix 2. Customer has reviewed such measures and agrees that as to the Cloud Service selected by Customer in the Order Form the measures are appropriate taking into account the state of the art, the costs of implementation, nature, scope, context and purposes of the processing of Personal Data.