Data Privacy and Information Security Program. Without limiting Contractor’s obligation of confidentiality as further described herein, Contractor shall establish and maintain a data privacy and information security program, including physical, technical, administrative, and organizational safeguards, that is designed to: (i) ensure the security and confidentiality of the City Data; (ii) protect against any anticipated threats or hazards to the security or integrity of the City Data; (iii) protect against unauthorized disclosure, access to, or use of the City Data; (iv) ensure the proper disposal of City Data; and, (v) ensure that all of Contractor’s employees, agents, and subcontractors, if any, comply with all of the foregoing.
Data Privacy and Information Security Program. Without limiting Contractor’s obligation of confidentiality as further described herein, Contractor shall be responsible for establishing and maintaining a data privacy and information security program, including physical, technical, administrative, and organizational safeguards, that is designed to:
Data Privacy and Information Security Program. Without limiting Agency’s obligation of confidentiality as further described herein, Agency shall be responsible for establishing and maintaining a data privacy and information security program, including physical, technical, administrative, and organizational safeguards, that is designed to: (i) ensure the security and confidentiality of the City Data; (ii) protect against any anticipated threats or hazards to the security or integrity of the City Data; (iii) protect against unauthorized disclosure, access to, or use of the City Data; (iv) ensure the proper disposal of City Data; and, (v) ensure that all of Agency’s employees, agents, and subcontractors, if any, comply with all of the foregoing. In no case shall the safeguards of Agency’s data privacy and information security program be less stringent than the safeguards and standards recommended by the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Health Information Technology for Economic and Clinical Health Act (HITECH).
Data Privacy and Information Security Program. Visitor Queue will encrypt Personal Data using industry standard encryption tools, whether in transit or at rest. Visitor Queue will safeguard the security and confidentiality of all encryption keys associated with encrypted Personal Data. Both Client and Visitor Queue shall maintain appropriate technical and organizational measures to protect the Personal Data from a Data Security Breach. This includes, but is not limited to ongoing security vulnerability testing and regular security audits of its products and hosting environment to ensure continued compliance with its strict security standards. If Visitor Queue disposes of any paper, electronic or other record or media containing Personal Data, Visitor Queue will do so by taking all reasonable steps to destroy the information by (i) shredding; (ii) permanently erasing and deleting; (iii) degaussing; or (iv) otherwise modifying the Personal Data in such records to make it unreadable, un-reconstructable and indecipherable.
