Data Control; Media Disposal and Servicing. Protected Purchasing Entity Information: (i) may only be made available and accessible to Provider Personnel as necessary to perform Contract or otherwise expressly by the Purchasing Entity in writing; (ii) if transferred across the Internet, any wireless network (e.g., cellular, 802.11x, or similar technology), or other public or shared networks, must be protected using appropriate industry standard cryptography; and (iii) if transferred using Removable Media must be sent, where applicable, via a bonded courier, and protected using industry standard strong cryptography (such as NIST-approved cryptography or FIPS 140-2/3 validated modules). The foregoing requirements shall apply to back-up data stored by Provider at off-site facilities. In the event any hardware, storage media, or Removable Media must be disposed of, Provider shall ensure all Protected Purchasing Entity Information has been “scrubbed” , sanitized, and/or rendered unrecoverable from such hardware and/or media using industry best practices such as NIST Special Publication 800-88, Rev. 1, or the DoD 5220-22-M Standard unless otherwise approved in writing by the Purchasing Entity.
Data Control; Media Disposal and Servicing. Company confidential information (i) may only be made available and accessible pursuant to the Program Agreement; (ii) if transferred across the internet, any wireless network (e.g., cellular, 802.11x, or similar technology), or other public or shared networks, must be protected using appropriate cryptography consistent with industry best practices or as designated or approved by Company in writing; and (iii) if transferred using removable media (as defined above) must be sent via a bonded courier or protected using cryptography consistent with industry best practices or as designated or approved by Company in writing. The foregoing requirements apply to back-up data stored by Bank at off-site facilities. In [*] Text Omitted and Filed Separately with the Securities and Exchange Commission Confidential Treatment Requested Under 17 C.F.R. Sections 200.80(b)(4) and 230.406 the event any hardware, storage media, or removable media must be disposed of or sent off-site for servicing, Bank will ensure all Company confidential information, including personal information, has been “scrubbed” from such hardware and/or media using industry best practices (e.g., dod 5220-22-m standard) and in accordance with the privacy and security requirements.
Data Control; Media Disposal and Servicing. Subject to and without limiting the requirements under Section 4 (Storage, Transmission and Destruction of Protected Health Information), Personally Identifiable Information, Protected Health Information, and County Confidential Information (i) may only be made available and accessible to those parties explicitly authorized under the Agreement or otherwise expressly approved by County in writing; (ii) if transferred across the Internet, any wireless network (e.g., cellular, 802.11x, or similar technology), or other public or shared networks, must be protected using appropriate encryption technology as designated or approved by County in writing; and (iii) if transferred using Removable Media (as defined above) must be sent via a bonded courier or protected using encryption technology designated or approved by County in writing. The foregoing requirements shall apply to back-up data stored by Contractor at off-site facilities. In the event any hardware, storage media, or Removable Media must be disposed of or sent off-site for servicing, Contractor shall ensure all County Confidential Information, including Personally Identifiable Information and Protected Health Information, has been cleared, purged, or scrubbed from such hardware and/or media using industry best practices (e.g., NIST Special Publication 800-88, Guidelines for Media Sanitization2).
Data Control; Media Disposal and Servicing. Protected Purchasing Entity Information: (i) may only be made available and accessible to those parties explicitly authorized under the Contract or otherwise expressly by the Purchasing Entity in writing; (ii) if transferred across the Internet, any wireless network (e.g., cellular, 802.11x, or similar technology), or other public or shared networks, must be protected using appropriate cryptography as designated or approved by the Purchasing Entity in writing; and (iii) if transferred using Removable Media must be sent via a bonded courier or protected using cryptography designated or approved by the Purchasing Entity in writing. The foregoing requirements shall apply to back-up data stored by Provider at off-site facilities. In the event any hardware, storage media, or Removable Media must be disposed of or sent off- site for servicing, Provider shall ensure all Protected Purchasing Entity Information has been “scrubbed” from such hardware and/or media using methods at least as protective as the DoD 5220-22-M Standard unless otherwise approved in writing by the Purchasing Entity.
Data Control; Media Disposal and Servicing. Subject to and without limiting the requirements under Section 4 (Storage, Transmission and Destruction of Protected Health Information), Personally Identifiable Information, Protected Health Information, and County’s Confidential Information: (i) may only be made available and accessible to those parties explicitly authorized under the Contract or otherwise expressly approved by County in writing; (ii) if transferred across the Internet, any wireless network (e.g., cellular, 802.11x, or similar technology), or other public or shared networks, must be protected using appropriate encryption technology as designated or Approved by County Project Director in writing; and (iii) if transferred using Removable Media (as defined above) must be sent via a bonded courier or protected using encryption technology designated by Contractor and previously approved by the County in writing. The foregoing requirements will apply to back-up data stored by Contractor at off-site facilities. In the event any hardware, storage media, or Removable Media must be disposed of or sent off-site for servicing, Contractor must ensure all County’s Confidential Information, including Personally Identifiable Information and Protected Health Information, has been cleared, purged, or scrubbed from such hardware and/or media using industry best practices (e.g.,NIST Special Publication 800-88, Guidelines for Media Sanitization).
Data Control; Media Disposal and Servicing. Personally Identifiable Information (a) may only be made available and accessible to those parties explicitly authorized under the Agreement or otherwise expressly by Exelon in writing, (b) if transmitted over the Internet or over other public or shared networks, must be protected using appropriate cryptography as designated or approved by Exelon in writing, and (c) if transferred using Removable Media must be sent via a bonded courier or protected using cryptography designated or approved by Exelon in writing. The foregoing requirements shall also apply to back-up data stored by Contractor at off- site facilities. If any hardware, storage media, or Removable Media must be disposed of or sent off- site for servicing, Contractor shall ensure all Personally Identifiable Information has been removed from such hardware and media using industry best practices (e.g., Department of Defense 5220-22- M Standard).
Data Control; Media Disposal and Servicing. Protected Authorized Purchaser Information: (i) may only be made available and accessible to those parties explicitly authorized under the Contract or otherwise expressly by the Authorized Purchaser in writing;
Data Control; Media Disposal and Servicing. Subject to and without limiting the requirements under Section 4 (Storage, Transmission and Destruction of Protected Health Information), Personally Identifiable Information, Protected Health Information, and County Confidential Information: (i) may only be made available and accessible to those parties explicitly authorized under the Agreement or otherwise expressly Approved by County in writing; (ii) if transferred across the Internet, any wireless network (e.g., cellular, 802.11x, or similar technology), or other public or shared networks, must be protected using industry standard encryption technology in accordance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-52 Guidelines for the Selection and use of Transport Layer Security Implementations4; and (iii) if transferred using Removable Media (as defined above) must be sent via a bonded courier or protected using industry standard encryption technology in accordance with NIST SP 800-111 Guide to Storage Encryption Technologies for End User Devices5. The foregoing requirements shall apply to back-up data stored by Contractor at off-site facilities. In the event any hardware, storage media, or Removable Media must be disposed of or sent off-site for servicing, Contractor shall ensure all County Confidential Information, including Personally Identifiable Information and Protected Health Information, has been cleared, purged, or scrubbed from such hardware and/or media using industry best practices in accordance with NIST SP 800-88, Guidelines for Media Sanitization6).
