Common use of Data Privacy and Security Clause in Contracts

Data Privacy and Security. A. CONTRACTOR, its officers, agents, owners, partners, employees, volunteers and subcontractors shall, to the extent applicable, abide by the provisions of the Minnesota Government Data Practices Act, Minnesota Statutes, chapter 13 (MGDPA) and all other applicable law, rules, regulations and orders relating to data or the privacy, confidentiality or security of data, which may include but is not limited to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA). For clarification and not limitation, COUNTY hereby notifies CONTRACTOR that the requirements of Minnesota Statutes section 13.05, subd. 11, apply to this Agreement. CONTRACTOR shall promptly notify COUNTY if CONTRACTOR becomes aware of any potential claims, or facts giving rise to such claims, under the MGDPA or other data, data security, privacy or confidentiality laws, and shall also comply with the other requirements of this Section. Classification of data, including trade secret data, will be determined pursuant to applicable law and, accordingly, merely labeling data as “trade secret” by CONTRACTOR does not necessarily make the data protected as such under any applicable law. B. In addition to the foregoing MGDPA and other applicable law obligations, CONTRACTOR shall comply with the following duties and obligations regarding County Data and County Systems (as each term is defined herein). As used herein, “County Data” means any data or information, and any copies thereof, created by CONTRACTOR or acquired by CONTRACTOR from or through COUNTY pursuant to this Agreement, including but not limited to handwriting, typewriting, printing, photocopying, photographing, facsimile transmitting, and every other means of recording any form of communication or representation, including electronic media, email, letters, works, pictures, drawings, sounds, videos, or symbols, or combinations thereof. If CONTRACTOR has access to or possession/control of County Data, CONTRACTOR shall safeguard and protect the County Data in accordance with generally accepted industry standards, all laws, and all then applicable COUNTY policies, procedures, rules and directions. To the extent of any inconsistency between accepted industry standards and such COUNTY policies, procedures, rules and directions, CONTRACTOR shall notify COUNTY of the inconsistency and follow COUNTY direction. CONTRACTOR shall immediately notify COUNTY of any known or suspected security breach or unauthorized access to County Data, then comply with all responsive directions provided by COUNTY. The foregoing shall not be construed as eliminating, limiting or otherwise modifying CONTRACTOR’s indemnification obligations herein. C. COUNTY may, in its sole discretion, grant CONTRACTOR limited access to COUNTY computer/data systems including but not limited to COUNTY computers, networks, databases, applications and/or environments (“County Systems”) exclusively for the purposes of performing services hereunder. County Systems may be owned by COUNTY or may be licensed by COUNTY from a third party. If COUNTY grants access to County Systems, CONTRACTOR and all CONTRACTOR personnel with access to County Systems: (i) shall secure and safeguard all access and authentication information related to County Systems, including but not limited to usernames, passwords, and other applicable authentication information related to County Systems access, (“Authentication Credentials”); (ii) shall not share or distribute Authentication Credentials with any individual; and (iii) shall comply with then applicable COUNTY data practices and security policies, procedures, rules and directions when accessing and using County Systems. Compliance with such requirements is supplemental to CONTRACTOR’s duty to comply with applicable law and regulations and CONTRACTOR’s ordinary duty of care in such situations. For clarification and not limitation of the foregoing, CONTRACTOR’s access to County Systems shall be subject to the following: (i) CONTRACTOR shall notify all personnel with access to County Systems of the obligations imposed by this Agreement; (ii) personnel performing on behalf of CONTRACTOR shall complete COUNTY approved data practices and security training as required by COUNTY; (iii) if CONTRACTOR utilizes its own systems, software or equipment in the performance of this Agreement, the same shall meet COUNTY’s technical operating and security system requirements, including but not limited to installing and/or maintaining COUNTY approved firewalls, proxies, filters and other monitors and controls; (iv) CONTRACTOR shall immediately notify COUNTY of any known or suspected County System incidents or breaches, then comply with all responsive directions provided by COUNTY; and (v) if any CONTRACTOR personnel with access to County Systems no longer requires said access and/or is no longer performing services hereunder, CONTRACTOR shall immediately notify COUNTY and ensure that said individual no longer has access to County Systems, including but not limited to deleting, eliminating and destroying all Authentication Credentials. COUNTY may terminate, deny or revoke access to County Systems at any time and without notice. Any notice required by the foregoing shall be provided to the COUNTY Contract Administrator (as identified in the CONTRACT ADMINISTRATION provisions below). D. Upon expiration, cancellation or termination of this Agreement: (1) At the discretion of COUNTY and as specified in writing by the Contract Administrator, CONTRACTOR shall deliver to the Contract Administrator all County Data so specified by COUNTY. (2) COUNTY shall have full ownership and control of all such County Data. If COUNTY permits CONTRACTOR to retain copies of the County Data, CONTRACTOR shall not, without the prior written consent of COUNTY or unless required by law, use any of the County Data for any purpose or in any manner whatsoever; shall not assign, license, loan, sell, copyright, patent and/or transfer any or all of such County Data; and shall not do anything which in the opinion of COUNTY would affect COUNTY’s ownership and/or control of such County Data. (3) Except to the extent required by law or as agreed to by COUNTY, CONTRACTOR shall not retain any County Data that are confidential, protected, privileged, not public, nonpublic, or private, as those classifications are determined pursuant to applicable law. In addition, CONTRACTOR shall, upon COUNTY’s request, certify destruction of any County Data so specified by COUNTY.

Data Privacy and Security. A. CONTRACTORX. XXXXXXX, its officers, agents, owners, partners, employees, volunteers and subcontractors shall, to the extent applicable, abide by the provisions of the Minnesota Government Data Practices Act, Minnesota Statutes, chapter 13 (MGDPA) and all other applicable lawstate and federal laws, rules, regulations and orders relating to data or the privacy, confidentiality or security of data, which may include but is not limited to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA). For clarification and not limitation, COUNTY hereby notifies CONTRACTOR GRANTEE that the requirements of Minnesota Statutes section 13.05, subd. 11, apply to this Agreement. CONTRACTOR GRANTEE shall promptly notify COUNTY if CONTRACTOR GRANTEE becomes aware of any potential claims, or facts giving rise to such claims, under the MGDPA or other data, data security, privacy or confidentiality laws, and shall also comply with the other requirements of this Section. Classification of data, including trade secret data, will be determined pursuant to applicable law and, accordingly, merely labeling data as “trade secret” by CONTRACTOR GRANTEE does not necessarily make the data protected as such under any applicable law. B. In addition to the foregoing MGDPA and other applicable law obligations, CONTRACTOR GRANTEE shall comply with the following duties and obligations regarding County Data and County Systems (as each term is defined herein). As used herein, “County Data” means any data or information, and any copies thereof, created by CONTRACTOR GRANTEE or acquired by CONTRACTOR GRANTEE from or through COUNTY pursuant to this Agreement, including but not limited to handwriting, typewriting, printing, photocopying, photographing, facsimile transmitting, and every other means of recording any form of communication or representation, including electronic media, email, letters, works, pictures, drawings, sounds, videos, or symbols, or combinations thereof. If CONTRACTOR GRANTEE has access to or possession/control of County Data, CONTRACTOR GRANTEE shall safeguard and protect the County Data in accordance with generally accepted industry standards, all laws, and all then applicable COUNTY policies, procedures, rules and directions. To the extent of any inconsistency between accepted industry standards and such COUNTY policies, procedures, rules and directions, CONTRACTOR GRANTEE shall notify COUNTY of the inconsistency and follow COUNTY direction. CONTRACTOR GRANTEE shall immediately notify COUNTY of any known or suspected security breach or unauthorized access to County Data, then comply with all responsive directions provided by COUNTY. The foregoing shall not be construed as eliminating, limiting or otherwise modifying CONTRACTORGRANTEE’s indemnification obligations herein. C. COUNTY may, in its sole discretion, grant CONTRACTOR limited access to COUNTY computer/data systems including but not limited to COUNTY computers, networks, databases, applications and/or environments (“County Systems”) exclusively for the purposes of performing services hereunder. County Systems may be owned by COUNTY or may be licensed by COUNTY from a third party. If COUNTY grants access to County Systems, CONTRACTOR and all CONTRACTOR personnel with access to County Systems: (i) shall secure and safeguard all access and authentication information related to County Systems, including but not limited to usernames, passwords, and other applicable authentication information related to County Systems access, (“Authentication Credentials”); (ii) shall not share or distribute Authentication Credentials with any individual; and (iii) shall comply with then applicable COUNTY data practices and security policies, procedures, rules and directions when accessing and using County Systems. Compliance with such requirements is supplemental to CONTRACTOR’s duty to comply with applicable law and regulations and CONTRACTOR’s ordinary duty of care in such situations. For clarification and not limitation of the foregoing, CONTRACTOR’s access to County Systems shall be subject to the following: (i) CONTRACTOR shall notify all personnel with access to County Systems of the obligations imposed by this Agreement; (ii) personnel performing on behalf of CONTRACTOR shall complete COUNTY approved data practices and security training as required by COUNTY; (iii) if CONTRACTOR utilizes its own systems, software or equipment in the performance of this Agreement, the same shall meet COUNTY’s technical operating and security system requirements, including but not limited to installing and/or maintaining COUNTY approved firewalls, proxies, filters and other monitors and controls; (iv) CONTRACTOR shall immediately notify COUNTY of any known or suspected County System incidents or breaches, then comply with all responsive directions provided by COUNTY; and (v) if any CONTRACTOR personnel with access to County Systems no longer requires said access and/or is no longer performing services hereunder, CONTRACTOR shall immediately notify COUNTY and ensure that said individual no longer has access to County Systems, including but not limited to deleting, eliminating and destroying all Authentication Credentials. COUNTY may terminate, deny or revoke access to County Systems at any time and without notice. Any notice required by the foregoing shall be provided to the COUNTY Contract Administrator (as identified in the CONTRACT ADMINISTRATION provisions below). D. Upon expiration, cancellation or termination of this Agreement: (1) At the discretion of COUNTY and as specified in writing by the Contract Administrator, CONTRACTOR shall deliver to the Contract Administrator all County Data so specified by COUNTY. (2) COUNTY shall have full ownership and control of all such County Data. If COUNTY permits CONTRACTOR to retain copies of the County Data, CONTRACTOR shall not, without the prior written consent of COUNTY or unless required by law, use any of the County Data for any purpose or in any manner whatsoever; shall not assign, license, loan, sell, copyright, patent and/or transfer any or all of such County Data; and shall not do anything which in the opinion of COUNTY would affect COUNTY’s ownership and/or control of such County Data. (3) Except to the extent required by law or as agreed to by COUNTY, CONTRACTOR shall not retain any County Data that are confidential, protected, privileged, not public, nonpublic, or private, as those classifications are determined pursuant to applicable law. In addition, CONTRACTOR shall, upon COUNTY’s request, certify destruction of any County Data so specified by COUNTY.

Data Privacy and Security. A. CONTRACTOR, its officers, agents, owners, partners, employees, volunteers and subcontractors shall, to the extent applicable, abide by the provisions of the Minnesota Government Data Practices Act, Minnesota Statutes, chapter 13 (MGDPA) and all other applicable law, rules, regulations and orders relating to data or the privacy, confidentiality or security of data, which may include but is not limited to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA). For clarification and not limitation, COUNTY hereby notifies CONTRACTOR that the requirements of Minnesota Statutes section 13.05, subd. 11, apply to this Agreement. CONTRACTOR shall promptly notify COUNTY if CONTRACTOR becomes aware of any potential claims, or facts giving rise to such claims, under the MGDPA or other data, data security, privacy or confidentiality laws, and shall also comply with the other requirements of this Section. Classification of data, including trade secret data, will be determined pursuant to applicable law and, accordingly, merely labeling data as “trade secret” by CONTRACTOR does not necessarily make the data protected as such under any applicable law. B. In addition to the foregoing MGDPA and other applicable law obligations, CONTRACTOR shall comply with the following duties and obligations regarding County Data and County Systems (as each term is defined herein). As used herein, “County Data” means any data or information, and any copies thereof, created by CONTRACTOR or acquired by CONTRACTOR from or through COUNTY pursuant to this Agreement, including but not limited to handwriting, typewriting, printing, photocopying, photographing, facsimile transmitting, and every other means of recording any form of communication or representation, including electronic media, email, letters, works, pictures, drawings, sounds, videos, or symbols, or combinations thereof. If CONTRACTOR has access to or possession/control of County Data, CONTRACTOR shall safeguard and protect the County Data in accordance with generally accepted industry standards, all laws, and all then applicable COUNTY policies, procedures, rules and directions. To the extent of any inconsistency between accepted industry standards and such COUNTY policies, procedures, rules and directions, CONTRACTOR shall notify COUNTY of the inconsistency and follow COUNTY direction. CONTRACTOR shall immediately notify COUNTY of any known or suspected security breach or unauthorized access to County Data, then comply with all responsive directions provided by COUNTY. The foregoing shall not be construed as eliminating, limiting or otherwise modifying CONTRACTOR’s indemnification obligations herein. C. COUNTY may, in its sole discretion, grant CONTRACTOR limited access to COUNTY computer/data systems systems, including but not limited to COUNTY computers, networks, databases, applications and/or environments environments, (“County Systems”) exclusively for the purposes of performing services hereunder. County Systems may be owned by COUNTY or may be licensed by COUNTY from a third party. If COUNTY grants access to County Systems, CONTRACTOR and all CONTRACTOR personnel with access to County Systems: (i) shall secure and safeguard all access and authentication information related to County Systems, including but not limited to usernames, passwords, and other applicable authentication information related to County Systems access, (“Authentication Credentials”); (ii) shall not share or distribute Authentication Credentials with any individual; and (iii) shall comply with then applicable COUNTY data practices and security policies, procedures, rules and directions when accessing and using County Systems. Compliance with such requirements is supplemental to CONTRACTOR’s duty to comply with applicable law and regulations and CONTRACTOR’s ordinary duty of care in such situations. For clarification and not limitation of the foregoing, CONTRACTOR’s access to County Systems shall be subject to the following: (i) CONTRACTOR shall notify all personnel with access to County Systems of the obligations imposed by this Agreement; (ii) personnel performing on behalf of CONTRACTOR shall complete COUNTY approved data practices and security training as required by COUNTY; (iii) if CONTRACTOR utilizes its own systems, software or equipment in the performance of this Agreement, the same shall meet COUNTY’s technical operating and security system requirements, including but not limited to installing and/or maintaining COUNTY approved firewalls, proxies, filters and other monitors and controls; (iv) CONTRACTOR shall immediately notify COUNTY of any known or suspected County System incidents or breaches, then comply with all responsive directions provided by COUNTY; and (v) if any CONTRACTOR personnel with access to County Systems no longer requires said access and/or is no longer performing services hereunder, CONTRACTOR shall immediately notify COUNTY and ensure that said individual no longer has access to County Systems, including but not limited to deleting, eliminating and destroying all Authentication Credentials. COUNTY may terminate, deny or revoke access to County Systems at any time and without notice. Any notice required by the foregoing shall be provided to the COUNTY Contract Administrator (as identified in the CONTRACT ADMINISTRATION provisions below). D. Upon expiration, cancellation or termination of this Agreement: (1) At the discretion of COUNTY and as specified in writing by the Contract Administrator, CONTRACTOR shall deliver to the Contract Administrator all County Data so specified by COUNTY. (2) COUNTY shall have full ownership and control of all such County Data. If COUNTY permits CONTRACTOR to retain copies of the County Data, CONTRACTOR shall not, without the prior written consent of COUNTY or unless required by law, use any of the County Data for any purpose or in any manner whatsoever; shall not assign, license, loan, sell, copyright, patent and/or transfer any or all of such County Data; and shall not do anything which in the opinion of COUNTY would affect COUNTY’s ownership and/or control of such County Data. (3) Except to the extent required by law or as agreed to by COUNTY, CONTRACTOR shall not retain any County Data that are confidential, protected, privileged, not public, nonpublic, or private, as those classifications are determined pursuant to applicable law. In addition, CONTRACTOR shall, upon COUNTY’s request, certify destruction of any County Data so specified by COUNTY.

Data Privacy and Security. A. CONTRACTOR, its officers, agents, owners, partners, employees, volunteers and subcontractors shall, to the extent applicable, abide by the provisions of the Minnesota Government Data Practices Act, Minnesota Statutes, chapter 13 (MGDPA) and all other applicable law, rules, regulations and orders relating to data or the privacy, confidentiality or security of data, which may include but is not limited to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA). For clarification and not limitation, COUNTY hereby notifies CONTRACTOR that the requirements of Minnesota Statutes section 13.05, subd. 11, apply to this Agreement. CONTRACTOR shall promptly notify COUNTY if CONTRACTOR becomes aware of any potential claims, or facts giving rise to such claims, under the MGDPA or other data, data security, privacy or confidentiality laws, and shall also comply with the other requirements of this Section. Classification of data, including trade secret data, will be determined pursuant to applicable law and, accordingly, merely labeling data as “trade secret” by CONTRACTOR does not necessarily make the data protected as such under any applicable law. B. In addition to the foregoing MGDPA and other applicable law obligations, CONTRACTOR shall comply with the following duties and obligations regarding County Data and County Systems (as each term is defined herein). As used herein, “County Data” means any data or information, and any copies thereof, created by CONTRACTOR or acquired by CONTRACTOR from or through COUNTY pursuant to this Agreement, including but not limited to handwriting, typewriting, printing, photocopying, photographing, facsimile transmitting, and every other means of recording any form of communication or representation, including electronic media, email, letters, works, pictures, drawings, sounds, videos, or symbols, or combinations thereof. If CONTRACTOR has access to or possession/control of County Data, CONTRACTOR shall safeguard and protect the County Data in accordance with generally accepted industry standards, all laws, and all then applicable COUNTY policies, procedures, rules and directions. To the extent of any inconsistency between accepted industry standards and such COUNTY policies, procedures, rules and directions, CONTRACTOR shall notify COUNTY of the inconsistency and follow COUNTY direction. CONTRACTOR shall immediately notify COUNTY of any known or suspected security breach or unauthorized access to County Data, then comply with all responsive directions provided by COUNTY. The foregoing shall not be construed as eliminating, limiting or otherwise modifying CONTRACTOR’s indemnification obligations herein. C. COUNTY may, in its sole discretion, grant CONTRACTOR limited access to COUNTY computer/data systems systems, including but not limited to COUNTY computers, networks, databases, applications and/or environments environments, (“County Systems”) exclusively for the purposes of performing services hereunder. County Systems may be owned by COUNTY or may be licensed by COUNTY from a third party. If COUNTY grants access to County Systems, CONTRACTOR and all CONTRACTOR personnel with access to County Systems: (i) shall secure and safeguard all access and authentication information related to County Systems, including but not limited to usernames, passwords, and other applicable authentication information related to County Systems access, (“Authentication Credentials”); (ii) shall not share or distribute Authentication Credentials with any individual; and (iii) shall comply with then applicable COUNTY data practices and security policies, procedures, rules and directions when accessing and using County Systems. Compliance with such requirements is supplemental to CONTRACTOR’s duty to comply with applicable law and regulations and CONTRACTOR’s ordinary duty of care in such situations. For clarification and not limitation of the foregoing, CONTRACTOR’s access to County Systems shall be subject to the following: (i) CONTRACTOR shall notify all personnel with access to County Systems of the obligations imposed by this Agreement; (ii) personnel performing on behalf of CONTRACTOR shall complete COUNTY approved data practices and security training as required by COUNTY; (iii) if CONTRACTOR utilizes its own systems, software or equipment in the performance of this Agreement, the same shall meet COUNTY’s technical operating and security system requirements, including but not limited to installing and/or maintaining COUNTY approved firewalls, proxies, filters and other monitors and controls; (iv) CONTRACTOR shall immediately notify COUNTY of any known or suspected County System incidents or breaches, then comply with all responsive directions provided by COUNTY; and (v) if any CONTRACTOR personnel with access to County Systems no longer requires said access and/or is no longer performing services hereunder, CONTRACTOR shall immediately notify COUNTY and ensure that said individual no longer has access to County Systems, including but not limited to deleting, eliminating and destroying all Authentication Credentials. COUNTY may terminate, deny or revoke access to County Systems at any time and without notice. Any notice required by the foregoing shall be provided to the COUNTY Contract Administrator (as identified in the CONTRACT ADMINISTRATION provisions below). D. Upon expiration, cancellation or termination of this Agreement: (1) At the discretion of COUNTY and as specified in writing by the Contract Administrator, CONTRACTOR shall deliver to the Contract Administrator all County Data so specified by COUNTY. (2) COUNTY shall have full ownership and control of all such County Data. If COUNTY permits CONTRACTOR to retain copies of the County Data, CONTRACTOR shall not, without the prior written consent of COUNTY or unless required by law, use any of the County Data for any purpose or in any manner whatsoever; shall not assign, license, loan, sell, copyright, patent and/or transfer any or all of such County Data; and shall not do anything which in the opinion of COUNTY would affect COUNTY’s ownership and/or control of such County Data. (3) Except to the extent required by law or as agreed to by COUNTY, CONTRACTOR shall not retain any County Data that are confidential, protected, privileged, not public, nonpublic, or private, as those classifications are determined pursuant to applicable law. In addition, CONTRACTOR shall, upon COUNTY’s request, certify destruction of any County Data so specified by COUNTY. X. CONTRACTOR agrees to comply with the provisions of the Non-Disclosure Agreement, attached as Attachment A.

Data Privacy and Security. A. CONTRACTOR, its officers, agents, owners, partners, employees, volunteers and subcontractors shall, to the extent applicable, abide by the provisions of the Minnesota Government Data Practices Act, Minnesota Statutes, chapter 13 (MGDPA) and all other applicable law, rules, regulations and orders relating to data or the privacy, confidentiality or security of data, which may include but is not limited to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA). For clarification and not limitation, COUNTY hereby notifies CONTRACTOR that the requirements of Minnesota Statutes section 13.05, subd. 11, apply to this Agreement. CONTRACTOR shall promptly notify COUNTY if CONTRACTOR becomes aware of any potential claims, or facts giving rise to such claims, under the MGDPA or other data, data security, privacy or confidentiality laws, and shall also comply with the other requirements of this Section. Classification of data, including trade secret data, will be determined pursuant to applicable law and, accordingly, merely labeling data as “"trade secret” " by CONTRACTOR does not necessarily make the data protected as such under any applicable law. B. In addition to the foregoing MGDPA and other applicable law obligations, CONTRACTOR shall comply with the following duties and obligations regarding County Data and County Systems (as each term is defined herein). As used herein, “"County Data” " means any data or information, and any copies thereof, created by CONTRACTOR or acquired by CONTRACTOR from or through COUNTY pursuant to this Agreement, including but not limited to handwriting, typewriting, printing, photocopying, photographing, facsimile transmitting, and every other means of recording any form of communication or representation, including electronic media, email, letters, works, pictures, drawings, sounds, videos, or symbols, or combinations thereof. If CONTRACTOR has access to or possession/control of County Data, CONTRACTOR shall safeguard and protect the County Data in accordance with generally accepted industry standards, all laws, and all then applicable COUNTY policies, procedures, rules and directions. To the extent of any inconsistency between accepted industry standards and such COUNTY policies, procedures, rules and directions, CONTRACTOR shall notify COUNTY of the inconsistency and follow COUNTY direction. CONTRACTOR shall immediately notify COUNTY of any known or suspected security breach or unauthorized access to County Data, then comply with all responsive directions provided by COUNTY. The foregoing shall not be construed as eliminating, limiting or otherwise modifying CONTRACTOR’s 's indemnification obligations herein. C. COUNTY may, in its sole discretion, grant CONTRACTOR limited access to COUNTY computer/data systems systems, including but not limited to COUNTY computers, networks, databases, applications and/or environments environments, (“"County Systems”") exclusively for the purposes of performing services hereunder. County Systems may be owned by COUNTY or may be licensed by COUNTY from a third party. If COUNTY grants access to County Systems, CONTRACTOR and all CONTRACTOR personnel with access to County Systems: (i) shall secure and safeguard all access and authentication information related to County Systems, including but not limited to usernames, passwords, and other applicable authentication information related to County Systems access, (“"Authentication Credentials”"); (ii) shall not share or distribute Authentication Credentials with any individual; and (iii) shall comply with then applicable COUNTY data practices and security policies, procedures, rules and directions when accessing and using County Systems. Compliance with such requirements is supplemental to CONTRACTOR’s 's duty to comply with applicable law and regulations and CONTRACTOR’s 's ordinary duty of care in such situations. For clarification and not limitation of the foregoing, CONTRACTOR’s 's access to County Systems shall be subject to the following: (i) CONTRACTOR shall notify all personnel with access to County Systems of the obligations imposed by this Agreement; (ii) personnel performing on behalf of CONTRACTOR shall complete COUNTY approved data practices and security training as required by COUNTY; (iii) if CONTRACTOR utilizes its own systems, software or equipment in the performance of this Agreement, the same shall meet COUNTY’s 's technical operating and security system requirements, including but not limited to installing and/or maintaining COUNTY approved firewalls, proxies, filters and other monitors and controls; (iv) CONTRACTOR shall immediately notify COUNTY of any known or suspected County System incidents or breaches, then comply with all responsive directions provided by COUNTY; and (v) if any CONTRACTOR personnel with access to County Systems no longer requires said access and/or is no longer performing services hereunder, CONTRACTOR shall immediately notify COUNTY and ensure that said individual no longer has access to County Systems, including but not limited to deleting, eliminating and destroying all Authentication Credentials. COUNTY may terminate, deny or revoke access to County Systems at any time and without notice. Any notice required by the foregoing shall be provided to the COUNTY Contract Administrator (as identified in the CONTRACT ADMINISTRATION provisions below). D. Upon expiration, cancellation or termination of this Agreement: (1) At the discretion of COUNTY and as specified in writing by the Contract Administrator, CONTRACTOR shall deliver to the Contract Administrator all County Data so specified by COUNTY. (2) COUNTY shall have full ownership and control of all such County Data. If COUNTY permits CONTRACTOR to retain copies of the County Data, CONTRACTOR shall not, without the prior written consent of COUNTY or unless required by law, use any of the County Data for any purpose or in any manner whatsoever; shall not assign, license, loan, sell, copyright, patent and/or transfer any or all of such County Data; and shall not do anything which in the opinion of COUNTY would affect COUNTY’s 's ownership and/or control of such County Data. (3) Except to the extent required by law or as agreed to by COUNTY, CONTRACTOR shall not retain any County Data that are confidential, protected, privileged, not public, nonpublic, or private, as those classifications are determined pursuant to applicable law. In addition, CONTRACTOR shall, upon COUNTY’s 's request, certify destruction of any County Data so specified by COUNTY.

Data Privacy and Security. A. CONTRACTORGRANTEE, its officers, agents, owners, partners, employees, volunteers and subcontractors shall, to the extent applicable, abide by the provisions of the Minnesota Government Data Practices Act, Minnesota Statutes, chapter 13 (MGDPA) and all other applicable lawstate and federal laws, rules, regulations and orders relating to data or the privacy, confidentiality or security of data, which may include but is not limited to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA). For clarification and not limitation, COUNTY hereby notifies CONTRACTOR GRANTEE that the requirements of Minnesota Statutes section 13.05, subd. 11, apply to this Agreement. CONTRACTOR GRANTEE shall promptly notify COUNTY if CONTRACTOR GRANTEE becomes aware of any potential claims, or facts giving rise to such claims, under the MGDPA or other data, data security, privacy or confidentiality laws, and shall also comply with the other requirements of this Section. Classification of data, including trade secret data, will be determined pursuant to applicable law and, accordingly, merely labeling data as “trade secret” by CONTRACTOR GRANTEE does not necessarily make the data protected as such under any applicable law. B. In addition to the foregoing MGDPA and other applicable law obligations, CONTRACTOR GRANTEE shall comply with the following duties and obligations regarding County Data and County Systems (as each term is defined herein). As used herein, “County Data” means any data or information, and any copies thereof, created by CONTRACTOR GRANTEE or acquired by CONTRACTOR GRANTEE from or through COUNTY pursuant to this Agreement, including but not limited to handwriting, typewriting, printing, photocopying, photographing, facsimile transmitting, and every other means of recording any form of communication or representation, including electronic media, email, letters, works, pictures, drawings, sounds, videos, or symbols, or combinations thereof. If CONTRACTOR GRANTEE has access to or possession/control of County Data, CONTRACTOR GRANTEE shall safeguard and protect the County Data in accordance with generally accepted industry standards, all laws, and all then applicable COUNTY policies, procedures, rules and directions. To the extent of any inconsistency between accepted industry standards and such COUNTY policies, procedures, rules and directions, CONTRACTOR GRANTEE shall notify COUNTY of the inconsistency and follow COUNTY direction. CONTRACTOR GRANTEE shall immediately notify COUNTY of any known or suspected security breach or unauthorized access to County Data, then comply with all responsive directions provided by COUNTY. The foregoing shall not be construed as eliminating, limiting or otherwise modifying CONTRACTORGRANTEE’s indemnification obligations herein. C. COUNTY may, in its sole discretion, grant CONTRACTOR limited access to COUNTY computer/data systems including but not limited to COUNTY computers, networks, databases, applications and/or environments (“County Systems”) exclusively for the purposes of performing services hereunder. County Systems may be owned by COUNTY or may be licensed by COUNTY from a third party. If COUNTY grants access to County Systems, CONTRACTOR and all CONTRACTOR personnel with access to County Systems: (i) shall secure and safeguard all access and authentication information related to County Systems, including but not limited to usernames, passwords, and other applicable authentication information related to County Systems access, (“Authentication Credentials”); (ii) shall not share or distribute Authentication Credentials with any individual; and (iii) shall comply with then applicable COUNTY data practices and security policies, procedures, rules and directions when accessing and using County Systems. Compliance with such requirements is supplemental to CONTRACTOR’s duty to comply with applicable law and regulations and CONTRACTOR’s ordinary duty of care in such situations. For clarification and not limitation of the foregoing, CONTRACTOR’s access to County Systems shall be subject to the following: (i) CONTRACTOR shall notify all personnel with access to County Systems of the obligations imposed by this Agreement; (ii) personnel performing on behalf of CONTRACTOR shall complete COUNTY approved data practices and security training as required by COUNTY; (iii) if CONTRACTOR utilizes its own systems, software or equipment in the performance of this Agreement, the same shall meet COUNTY’s technical operating and security system requirements, including but not limited to installing and/or maintaining COUNTY approved firewalls, proxies, filters and other monitors and controls; (iv) CONTRACTOR shall immediately notify COUNTY of any known or suspected County System incidents or breaches, then comply with all responsive directions provided by COUNTY; and (v) if any CONTRACTOR personnel with access to County Systems no longer requires said access and/or is no longer performing services hereunder, CONTRACTOR shall immediately notify COUNTY and ensure that said individual no longer has access to County Systems, including but not limited to deleting, eliminating and destroying all Authentication Credentials. COUNTY may terminate, deny or revoke access to County Systems at any time and without notice. Any notice required by the foregoing shall be provided to the COUNTY Contract Administrator (as identified in the CONTRACT ADMINISTRATION provisions below). D. Upon expiration, cancellation or termination of this Agreement: (1) At the discretion of COUNTY and as specified in writing by the Contract Administrator, CONTRACTOR GRANTEE shall deliver to the Contract Administrator all County Data so specified by COUNTY. (2) COUNTY shall have full ownership and control of all such County Data. If COUNTY permits CONTRACTOR GRANTEE to retain copies of the County Data, CONTRACTOR GRANTEE shall not, without the prior written consent of COUNTY or unless required by law, use any of the County Data for any purpose or in any manner whatsoever; shall not assign, license, loan, sell, copyright, patent and/or transfer any or all of such County Data; and shall not do anything which in the opinion of COUNTY would affect COUNTY’s ownership and/or control of such County Data. (3) Except to the extent required by law or as agreed to by COUNTY, CONTRACTOR GRANTEE shall not retain any County Data that are confidential, protected, privileged, not public, nonpublic, or private, as those classifications are determined pursuant to applicable law. In addition, CONTRACTOR GRANTEE shall, upon COUNTY’s request, certify destruction of any County Data so specified by COUNTY.

Data Privacy and Security. A. CONTRACTOR, its officers, agents, owners, partners, employees, volunteers and subcontractors shall, to the extent applicable, abide by the provisions of the Minnesota Government Data Practices Act, Minnesota Statutes, chapter 13 (MGDPA) and all other applicable law, rules, regulations and orders relating to data or the privacy, confidentiality or security of data, which may include but is not limited to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA). For clarification and not limitation, COUNTY hereby notifies CONTRACTOR that the requirements of Minnesota Statutes section 13.05, subd. 11, apply to this Agreement. CONTRACTOR shall promptly notify COUNTY if CONTRACTOR becomes aware of any potential claims, or facts giving rise to such claims, under the MGDPA or other data, data security, privacy or confidentiality laws, and shall also comply with the other requirements of this Section. Classification of data, including trade secret data, will be determined pursuant to applicable law and, accordingly, merely labeling data as “"trade secret” " by CONTRACTOR does not necessarily make the data protected as such under any applicable law. B. In addition to the foregoing MGDPA and other applicable law obligations, CONTRACTOR shall comply with the following duties and obligations regarding County Data and County Systems (as each term is defined herein). As used herein, “"County Data” " means any data or information, and any copies thereof, created by CONTRACTOR or acquired by CONTRACTOR from or through COUNTY pursuant to this Agreement, including but not limited to handwriting, typewriting, printing, photocopying, photographing, facsimile transmitting, and every other means of recording any form of communication or representation, including electronic media, email, letters, works, pictures, drawings, sounds, videos, or symbols, or combinations thereof. If CONTRACTOR has access to or possession/control of County Data, CONTRACTOR shall safeguard and protect the County Data in accordance with generally accepted industry standards, all laws, and all then applicable COUNTY policies, procedures, rules and directions. To the extent of any inconsistency between accepted industry standards and such COUNTY policies, procedures, rules and directions, CONTRACTOR shall notify COUNTY of the inconsistency and follow COUNTY direction. CONTRACTOR shall immediately notify COUNTY of any known or suspected security breach or unauthorized access to County Data, then comply with all responsive directions provided by COUNTY. The foregoing shall not be construed as eliminating, limiting or otherwise modifying CONTRACTOR’s 's indemnification obligations herein. C. COUNTY may, in its sole discretion, grant CONTRACTOR limited access to COUNTY computer/data systems systems, including but not limited to COUNTY computers, networks, databases, applications and/or environments environments, (“"County Systems”") exclusively for the purposes of performing services hereunder. County Systems may be owned by COUNTY or may be licensed by COUNTY from a third party. If COUNTY grants access to County Systems, CONTRACTOR and all CONTRACTOR personnel with access to County Systems: (i) shall secure and safeguard all access and authentication information related to County Systems, including but not limited to usernames, passwords, and other applicable authentication information related to County Systems access, (“"Authentication Credentials”"); (ii) shall not share or distribute Authentication Credentials with any individual; and (iii) shall comply with then applicable COUNTY data practices and security policies, procedures, rules and directions when accessing and using County Systems. Compliance with such requirements is supplemental to CONTRACTOR’s 's duty to comply with applicable law and regulations and CONTRACTOR’s 's ordinary duty of care in such situations. For clarification and not limitation of the foregoing, CONTRACTOR’s 's access to County Systems shall be subject to the following: (i) CONTRACTOR shall notify all personnel with access to County Systems of the obligations imposed by this Agreement; (ii) personnel performing on behalf of CONTRACTOR shall complete COUNTY approved data practices and security training as required by COUNTY; (iii) if CONTRACTOR utilizes its own systems, software or equipment in the performance of this Agreement, the same shall meet COUNTY’s 's technical operating and security system requirements, including but not limited to installing and/or maintaining COUNTY approved firewalls, proxies, filters and other monitors and controls; (iv) CONTRACTOR shall immediately notify COUNTY of any known or suspected County System incidents or breaches, then comply with all responsive directions provided by COUNTY; and (v) if any CONTRACTOR personnel with access to County Systems no longer requires said access and/or is no longer performing services hereunder, CONTRACTOR shall immediately notify COUNTY and ensure that said individual no longer has access to County Systems, including but not limited to deleting, eliminating and destroying all Authentication Credentials. COUNTY may terminate, deny or revoke access to County Systems at any time and without notice. Any notice required by the foregoing shall be provided to the COUNTY Contract Administrator (as identified in the CONTRACT ADMINISTRATION provisions below). D. Upon expiration, cancellation or termination of this Agreement: (1) At the discretion of COUNTY and as specified in writing by the Contract Administrator, CONTRACTOR shall deliver to the Contract Administrator all County Data so specified by COUNTY. (2) COUNTY shall have full ownership and control of all such County Data. If COUNTY permits CONTRACTOR to retain copies of the County Data, CONTRACTOR shall not, without the prior written consent of COUNTY or unless required by law, use any of the County Data for any purpose or in any manner whatsoever; shall not assign, license, loan, sell, copyright, patent and/or transfer any or all of such County Data; and shall not do anything which in the opinion of COUNTY would affect COUNTY’s 's ownership and/or control of such County Data. (3) Except to the extent required by law or as agreed to by COUNTY, CONTRACTOR shall not retain any County Data that are confidential, protected, privileged, not public, nonpublic, or private, as those classifications are determined pursuant to applicable law. In addition, CONTRACTOR shall, upon COUNTY’s 's request, certify destruction of any County Data so specified by COUNTY. E. XXXXXXXXXX agrees to comply with the provisions of the Non-Disclosure Agreement, attached as Attachment A.

Data Privacy and Security. A. CONTRACTORCHARTER, its officers, agents, owners, partners, employees, volunteers and subcontractors shall, to the extent applicable, abide by the provisions of the Minnesota Government Data Practices Act, Minnesota Statutes, chapter 13 (MGDPA) and all other applicable lawstate and federal laws, rules, regulations and orders relating to data or the privacy, confidentiality or security of data, which may include but is not limited to the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA). For clarification and not limitation, COUNTY hereby notifies CONTRACTOR CHARTER that the requirements of Minnesota Statutes section 13.05, subd. 11, apply to this Agreement. CONTRACTOR To the extent permitted by law, CHARTER shall promptly notify COUNTY if CONTRACTOR CHARTER becomes aware of any potential claims, or facts giving rise to such claims, under the MGDPA or other data, data security, privacy or confidentiality laws, and shall also comply with the other requirements of this Section. Classification of data, including trade secret data, will be determined pursuant to applicable law and, accordingly, merely labeling data as “trade secret” by CONTRACTOR does not necessarily make the data protected as such under any applicable law. B. In addition to the foregoing MGDPA and other applicable law obligations, CONTRACTOR CHARTER shall comply with the following duties and obligations regarding County Data and County Systems (as each term is defined herein)Data. As used herein, “County Data” means any data or information, and any copies thereof, created by CONTRACTOR CHARTER or acquired by CONTRACTOR CHARTER from or through COUNTY pursuant to this Agreement, including but not limited to handwriting, typewriting, printing, photocopying, photographing, facsimile transmitting, and every other means of recording any form of communication or representation, including electronic media, email, letters, works, pictures, drawings, sounds, videos, or symbols, or combinations thereof. “County Data” excludes data originating from CHARTER that are classified as “not public data” under the Minnesota Government Data Practices Act, including, but not limited to, private educational data and private personnel data. If CONTRACTOR CHARTER has access to or possession/control of County Data, CONTRACTOR CHARTER shall safeguard and protect the County Data in accordance with generally accepted industry standards, all laws, and all then applicable COUNTY policies, procedures, rules and directionsdirection. To the extent of any inconsistency between accepted industry standards and such COUNTY policies, procedures, rules and directions, CONTRACTOR CHARTER shall notify COUNTY of the inconsistency and follow COUNTY direction. CONTRACTOR CHARTER shall immediately notify COUNTY of any known or suspected security breach or unauthorized access to County Data, then comply with all responsive directions provided by COUNTY. The foregoing shall not be construed as eliminating, limiting or otherwise modifying CONTRACTORCHARTER’s indemnification obligations herein. C. COUNTY mayIn accordance with Minnesota Statutes, section 13.46, subdivision 10 now in its sole discretionforce or as hereafter enacted, grant CONTRACTOR limited CHARTER shall specify a Responsible Authority who shall allow the Responsible Authorities in other components of the welfare system access to COUNTY computer/data systems including but not limited to COUNTY computers, networks, databases, applications and/or environments (“County Systems”) exclusively classified as non-public when access is necessary for the purposes administration and management of performing services hereunder. County Systems may be owned by COUNTY programs or may be licensed by COUNTY from a third party. If COUNTY grants access to County Systems, CONTRACTOR and all CONTRACTOR personnel with access to County Systems: (i) shall secure and safeguard all access and authentication information related to County Systems, including but not limited to usernames, passwords, and other applicable authentication information related to County Systems access, (“Authentication Credentials”); (ii) shall not share as authorized or distribute Authentication Credentials with any individual; and (iii) shall comply with then applicable COUNTY data practices and security policies, procedures, rules and directions when accessing and using County Systems. Compliance with such requirements is supplemental to CONTRACTOR’s duty to comply with applicable law and regulations and CONTRACTOR’s ordinary duty of care in such situations. For clarification and not limitation of the foregoing, CONTRACTOR’s access to County Systems shall be subject to the following: (i) CONTRACTOR shall notify all personnel with access to County Systems of the obligations imposed by this Agreement; (ii) personnel performing on behalf of CONTRACTOR shall complete COUNTY approved data practices and security training as required by COUNTY; (iii) if CONTRACTOR utilizes its own systems, software state or equipment in the performance of this Agreement, the same federal law. CHARTER shall meet COUNTY’s technical operating and security system requirements, including but not limited to installing and/or maintaining COUNTY approved firewalls, proxies, filters and other monitors and controls; (iv) CONTRACTOR shall immediately notify COUNTY of any known or suspected County System incidents or breaches, then comply with all responsive directions provided by COUNTY; and (v) if any CONTRACTOR personnel with access to County Systems no longer requires said access and/or is no longer performing services hereunder, CONTRACTOR shall immediately notify COUNTY and ensure that said individual no longer has access to County Systems, including but not limited to deleting, eliminating and destroying all Authentication Credentials. COUNTY may terminate, deny or revoke access to County Systems at any time and without notice. Any notice required by the foregoing name of the Responsible Authority which shall be provided to the maintained in COUNTY Contract Administrator (as identified in the CONTRACT ADMINISTRATION provisions below)files. D. Upon expiration, cancellation or termination of this Agreement: (1) At the discretion of COUNTY and as specified in writing by the Contract Administrator, CONTRACTOR CHARTER shall deliver to the Contract Administrator all County Data so specified by COUNTY. (2) COUNTY shall have full ownership and control of all such County Data. If COUNTY permits CONTRACTOR CHARTER to retain copies of the County Data, CONTRACTOR CHARTER shall not, without the prior written consent of COUNTY or unless required by law, use any of the County Data for any purpose or in any manner whatsoever; shall not assign, license, loan, sell, copyright, patent and/or transfer any or all of such County Data; and shall not do anything which in the opinion of COUNTY would affect COUNTY’s ownership and/or control of such County Data. (3) Except to the extent required by law or as agreed to by COUNTY, CONTRACTOR CHARTER shall not retain any County Data that are confidential, protected, privileged, not public, nonpublic, or private, as those classifications are determined pursuant to applicable law. In addition, CONTRACTOR CHARTER shall, upon COUNTY’s request, certify destruction of any County Data so specified by COUNTY. (4) Nothing in this section D shall interfere with any obligation of CHARTER under MGDPA or 20 U.S.C. § 1232g, The Family Educational Rights and Privacy Act.