DATA PROTECTION AND NETWORK SECURITY Clause Samples

DATA PROTECTION AND NETWORK SECURITY. A. Seller shall implement and maintain administrative, technical and physical safeguards and controls (“Security Measures”) to: (i) protect the security and confidentiality of electronic data, (ii) protect against any threats or hazards to network security if Seller receives access to NorthWestern’s network, (iii) protect against unauthorized access to Seller’s systems or use of electronic data; and (iv) comply with all applicable state and federal laws governing privacy and data security. B. Seller shall document Security Measures and upon request, Seller shall provide NorthWestern a copy of Security Measures (subject to confidentiality requirements consistent with imposed on Seller in Section 7.07). If subcontractors perform Work, Seller’s subcontractors shall reasonably comply with the requirements of this Section 14.05. C. Seller shall promptly notify NorthWestern if Seller (i) discovers or becomes aware of any unauthorized disclosure or use that adversely impacts NorthWestern’s electronic data or Confidential Information, or (ii) any breach of Seller’s systems (successful or unsuccessful) that materially affects NorthWestern or its network (each of (i) and (ii) a “Security Incident”). Seller shall promptly remedy and mitigate any damages, losses, or expenses caused by a breach in the security of Seller’s systems that adversely impacts NorthWestern and Seller shall take measures necessary to prevent any further Security Incident. D. In addition to the indemnification obligation set forth in Section 9 and subject to the procedural requirements therein, Seller shall indemnify, defend, and hold harmless the NorthWestern Indemnified Parties from and against any third party claims to the extent such third party claims arise from or in connection with a Security Incident (including a Security Incident by a subcontractor).