DATA HANDLING AND SECURITY. It will always be the responsibility of the selected Contractor to manage data transfer and to secure all data appropriately during the project to prevent unauthorized access to all data, products, and deliverables.
DATA HANDLING AND SECURITY. 6.1 The clauses below outline the duties of all parties in regards to handling information.
DATA HANDLING AND SECURITY. Data Management and Security
22.1. All data and Information submitted by or on behalf of EKEDP to MAP or otherwise in MAP’s possession or accessible by MAP pursuant to the provision of the Services, including without limitation all Personal Information (“Distribution Oath), are and shall remain the property of EKEDP or applicable third parties. EKEDP Data shall not be:
(i) Used by MAP or any MAP Agent other than in connection with providing the Services in accordance with the terms of this Agreement
(ii) Disclosed sold, assigned, leased or otherwise provided to third parties or to anyone not having a specific need to know the information for providing the Services, by MAP or any MAP Agent; or
(iii) Commercially exploited by or on behalf of MAP or any MAP Agent.
22.2. MAP shall establish and maintain safeguards against the destruction, loss, alteration or unauthorized disclosure of EKEDP’s Data in the possession of MAP or any MAP Agent in accordance with Distribution Company’s security standards set out in the Service Agreement or as notified, by EKEDP to MAP from time to time. EKEDP shall be responsible for reasonable costs incurred by the MAP in the event of changes to such standards after the effective date of the Agreement.
DATA HANDLING AND SECURITY. Please note: Both the SIA and the Approved Contractor will be data controllers in their own right in respect of the data being processed through the licensing site, as each party will be using the data for its own purposes – the SIA in the course of carrying out its regulatory functions, and the Approved Contractor for managing employment and/or contractual relationships (or potential employment and/or contractual relationships) with licence applicants. The Approved Contractor will be a data processor where it is utilising the additional LM functionality on the licensing site which allows it to undertake the tasks outlined in Schedule 1. However, the SIA still wishes to ensure that the Approved Contractor has certain minimum standards in place when it is a data controller if the Approved Contractor is going to be an SIA partner
3.1 The Approved Contractor shall:
3.1.1 comply with its obligations under the Data Protection Legislation in respect of all personal data it processes on behalf of the Licence Applicant;
3.1.2 ensure it obtains any necessary consents from the Licence Applicant in relation to its own use of Licence Applicant data and acts within the bounds of that consent;
3.1.3 ensure that all data is kept secure and transmitted in an encrypted form and use reasonable security practices and systems (in accordance with the SIA Code of Connection) for the collection, storage and use of such data;
3.1.4 retain a copy of all original identity documents used to verify the Licence Applicant’s identity in the format specified by the SIA and to the security standard specified in the LM Manual for 7 years following a Licence Applicant leaving the Approved Contractor’s business;
3.1.5 notify the SIA without undue delay but in any event no later than 24 hours upon becoming aware of any security incident/breach of security including, but not limited to an actual, potential or attempted breach, or threat to, the Approved Contractor’s Information Security Policy where it relates to SIA licensing; and
3.1.6 If the Approved Contractor ceases trading, provide to the SIA a copy of the most recent identity documents used to verify the identity of all individuals with a currently valid licence.
