Common use of County Data Clause in Contracts

County Data. 2.6.1. Contractor shall maintain controls that ensure logical separation of County Data from non-County data. Contractor agrees to provide at a minimum Advanced Encryption Standard 256-bit encryption (“AES-256”) or current industry security standards (or whichever is higher) for all County Data that includes any social security numbers, bank account numbers, username with passwords or security questions, cardholder data, or any other protected data such as Protected Health Information (“PHI”) and Personally Identifiable Information (“PII”), and any other data as may be directed by County, and on all copies of such data stored, transmitted, or processed, at no additional charge to County, and shall classify such data internally at its highest confidentiality level. Contractor shall also ensure that the encryption key(s) are not stored with the encrypted data and are secured by a Hardware Security Module (“HSM”). Contractor shall immediately notify County of any compromise of any encryption key. Contractor shall provide a copy of County’s encryption key(s) at County’s request. Contractor shall prohibit the use of unencrypted protocols such as FTP and Telnet for the data identified in this paragraph. 2.6.2. Upon termination or expiration of this Agreement or end of serviceable life of any media used in connection with this Agreement, and upon written notification from County that the applicable County Data is currently maintained by County or otherwise securely stored, Contractor shall, at County’s option, (a) securely destroy all media (including media used for backups) containing any County Data on all decommissioned hard drives or storage media to National Institute of Standards and Technology (“NIST”) standards and provide to County a signed certificate of destruction within ten (10) business days, or (b) return to County all County Data and provide a signed certification within two (2) business days thereafter documenting that no County Data is retained by Contractor in any format or media. 2.6.3. County Data is the property solely of County and may not be reproduced or used by Contractor with the prior written consent of County. Contractor and its Subcontractors will not publish, transmit, release, sell, or disclose any County Data to any third party without County’s prior written consent. 2.6.4. County shall have the right to use the Products and Services to provide public access to County Data as County deems appropriate or as otherwise required by law. 2.6.5. In the event of any impermissible disclosure, loss, or destruction of County Data caused in whole or in part by any action or omission of Contractor, Contractor must immediately notify County and take all reasonable and necessary steps to mitigate any potential harm, further disclosure, loss, and destruction. 2.6.6. County shall have sole control over County Data unless otherwise expressly stated in the Agreement and required for Contractor to provide the Services required under the Agreement. 2.6.7. Contractor shall not supplement, modify, or alter any deliverable previously accepted by County or any County Data (other than modifications strictly necessary to upload the County Data to the Contactor Platform) without County’s prior written consent.

County Data. 2.6.12.7.1. Contractor shall maintain controls that ensure logical separation of County Data from non-County dataData. Contractor agrees to provide at a minimum Advanced Encryption Standard 256-bit encryption keys (“AES-256”) or current industry security standards (or whichever is higher) for all County Data that includes any social security numbers, taxpayer identification numbers, employer identification numbers, bank account numbers, username with passwords or security questionspasswords, cardholder data, or and any other protected data such as Protected Health Information (“PHI”) and Personally Identifiable Information (“PII”), and any other data ) or as may be otherwise directed by County, and County on all copies of such data stored, transmitted, or processed, at no additional charge to County, and shall classify such data internally at its highest confidentiality level. Contractor shall also ensure that the encryption key(s) are not stored with the encrypted data and are secured by a Hardware Security Module (“HSM”). Contractor shall immediately notify County of any compromise of any the encryption keykeys. Contractor shall provide a copy of County’s encryption key(s) at County’s request. Contractor shall prohibit the use of unencrypted protocols such as FTP and Telnet for the data identified defined in this paragraph. 2.6.22.7.2. Any County Data must be available to County upon request within one (1) business day, in any format reasonably requested by County, including, without limitation, Extensible Markup Language (“XML”) and Structured Query Language (“SQL”), or in another format as may be mutually agreed to by County and Contractor. 2.7.3. Upon termination or expiration of this Agreement or end of serviceable life of any media used in connection with this Agreement, and upon written notification from County that the applicable County Data is currently maintained by County or otherwise securely stored, Contractor shall, at County’s option, (a) securely destroy all media (including media used for backups) containing any County Data on all decommissioned hard drives or storage media to National Institute of Standards and Technology (“NIST”) standards and provide to County a signed certificate of destruction within ten (10) business days, or (b) return to County all County Data and provide a signed certification within two (2) business days thereafter documenting that no County Data is retained by Contractor in any format or media. 2.6.32.7.4. County Data is the property solely of County and may not be reproduced or used by Contractor with the prior written consent of County. Contractor and its Subcontractors subcontractors will not publish, transmit, release, sell, or disclose any County Data to any third party without County’s prior written consent. 2.6.42.7.5. County shall have the right to use the Products and Services to provide public access to County Data as County deems appropriate or as otherwise required by law. 2.6.52.7.6. In the event of any impermissible disclosure, loss, or destruction of County Data caused in whole or in part by relating to any action or omission of Contractor, Contractor must immediately notify County and County, take all reasonable and necessary steps to mitigate any potential harm, further disclosure, loss, and or destruction. 2.6.6. County shall have sole control over County Data unless otherwise expressly stated in the Agreement and required for Contractor to provide the Services required under the Agreement. 2.6.7. Contractor shall not supplement, modify, or alter any deliverable previously accepted by County or any County Data (other than modifications strictly necessary to upload the County Data to the Contactor Platform) without County’s prior written consent.

County Data. 2.6.12.7.1. Contractor Provider shall maintain controls that ensure logical separation of County Data from non-County dataData. Contractor Provider agrees to provide at a minimum Advanced Encryption Standard 256-bit encryption keys (“"AES-256”") or current industry security standards (or whichever is higher) for all County Data that includes any social security numbers, taxpayer identification numbers, employer identification numbers, bank account numbers, username with passwords or security questionspasswords, cardholder data, or and any other protected data such as Protected Health Information (“"PHI”") and Personally Identifiable Information (“"PII”), and any other data ") or as may be otherwise directed by County, and County on all copies of such data stored, transmitted, or processed, at no additional charge to County, and shall classify such data internally at its highest confidentiality level. Contractor Provider shall also ensure that the encryption key(s) are not stored with the encrypted data and are secured by a Hardware Security Module (“"HSM”"). Contractor Provider shall immediately notify County of any compromise of any the encryption keykeys. Contractor Provider shall provide a copy of County’s 's encryption key(s) at County’s 's request. Contractor Provider shall prohibit the use of unencrypted protocols such as FTP and Telnet for the data identified defined in this paragraph. 2.6.22.7.2. Any County Data must be available to County upon request within one (1) business day, in any format reasonably requested by County, including, without limitation, Extensible Markup Language ("XML") and Structured Query Language ("SQL"), or in another format as may be mutually agreed to by County and Provider. 2.7.3. Upon termination or expiration of this Agreement or end of serviceable life of any media used in connection with this Agreement, and upon written notification from County that the applicable County Data is currently maintained by County or otherwise securely stored, Contractor Provider shall, at County’s 's option, (a) securely destroy all media (including media used for backups) containing any County Data on all decommissioned hard drives or storage media to National Institute of Standards and Technology (“"NIST”") standards and provide to County a signed certificate of destruction within ten (10) business days, or (b) return to County all County Data and provide a signed certification within two (2) business days thereafter documenting that no County Data is retained by Contractor Provider in any format or media. 2.6.32.7.4. County Data is the property solely of County and may not be reproduced or used by Contractor Provider with the prior written consent of County. Contractor Provider and its Subcontractors subcontractors will not publish, transmit, release, sell, or disclose any County Data to any third party without County’s 's prior written consent. 2.6.42.7.5. County shall have the right to use the Products and Services to provide public access to County Data as County deems appropriate or as otherwise required by law. 2.6.52.7.6. In the event of any impermissible disclosure, loss, loss or destruction of County Data caused in whole or in part by relating to any action or omission of ContractorProvider, Contractor Provider must immediately notify County and County, take all reasonable and necessary steps to mitigate any potential harm, further disclosure, loss, and or destruction. 2.6.6. County shall have sole control over County Data unless otherwise expressly stated in the Agreement and required for Contractor to provide the Services required under the Agreement. 2.6.7. Contractor shall not supplement, modify, or alter any deliverable previously accepted by County or any County Data (other than modifications strictly necessary to upload the County Data to the Contactor Platform) without County’s prior written consent.

County Data. 2.6.12.7.1. Contractor shall maintain controls that ensure logical separation of County Data from non-County dataData. Contractor agrees to provide at a minimum Advanced Encryption Standard 256-bit encryption keys (“AES-256”) or current industry security standards (or whichever is higher) for all County Data that includes any social security numbers, taxpayer identification numbers, employer identification numbers, bank account numbers, username with passwords or security questionspasswords, cardholder data, or and any other protected data such as Protected Health Information (“PHI”) and Personally Identifiable Information (“PII”), and any other data ) or as may be otherwise directed by County, and County on all copies of such data stored, transmitted, or processed, at no additional charge to County, and shall classify such data internally at its highest confidentiality level. Contractor shall also ensure that the encryption key(s) are not stored with the encrypted data and are secured by a Hardware Security Module (“HSM”). Contractor shall immediately notify County of any compromise of any the encryption keykeys. Contractor shall provide a copy of County’s encryption key(s) at County’s request. Contractor shall prohibit the use of unencrypted protocols such as FTP and Telnet for the data identified defined in this paragraph. 2.6.22.7.2. Any County Data must be available to County upon request within one (1) business day, in any format reasonably requested by County, including, without limitation, Extensible Markup Language (“XML”) and Structured Query Language (“SQL”), or in another format as may be mutually agreed to by County and Contractor. 2.7.3. Upon termination or expiration of this Agreement or end of serviceable life of any media used in connection with this Agreement, and upon written notification from County that the applicable County Data is currently maintained by County or otherwise securely stored, Contractor shall, at County’s option, (a) securely destroy all media (including media used for backups) containing any County Data on all decommissioned hard drives or storage media to National Institute of Standards and Technology (“NIST”) standards and provide to County a signed certificate of destruction within ten (10) business days, or (b) return to County all County Data and provide a signed certification within two (2) business days thereafter documenting that no County Data is retained by Contractor in any format or media. 2.6.32.7.4. County Data is the property solely of County and may not be reproduced or used by Contractor with the prior written consent of County. Contractor and its Subcontractors subcontractors will not publish, transmit, release, sell, or disclose any County Data to any third party without County’s prior written consent. 2.6.42.7.5. County shall have the right to use the Products and Services to provide public access to County Data as County deems appropriate or as otherwise required by law. 2.6.52.7.6. In the event of any impermissible disclosure, loss, loss or destruction of County Data caused in whole or in part by relating to any action or omission of Contractor, Contractor must immediately notify County and County, take all reasonable and necessary steps to mitigate any potential harm, further disclosure, loss, and or destruction. 2.6.6. County shall have sole control over County Data unless otherwise expressly stated in the Agreement and required for Contractor to provide the Services required under the Agreement. 2.6.7. Contractor shall not supplement, modify, or alter any deliverable previously accepted by County or any County Data (other than modifications strictly necessary to upload the County Data to the Contactor Platform) without County’s prior written consent.