Common use of Data Protection in General Clause in Contracts

Data Protection in General. The protection of personal privacy and personally identifiable data shall be an integral part of the business activities of Contractor, and Contractor shall use all reasonable efforts to prevent inappropriate or unauthorized use of City Data at any time and safeguard the confidentiality, integrity, and availability of City Data and comply with the following conditions: 5.2.1 Contractor shall implement and maintain appropriate administrative, technical and organizational security measures in order to safeguard against unauthorized access, disclosure, destruction, or theft of City Data. Contractor shall protect City Data using no less than the security means and technology necessary to meet the standard of care relevant to the data at issue. Such security measures shall also be in accordance with recognized industry best practices and the standard of care imposed by state and federal laws and regulations relating to the protection of such information. 5.2.2 Unless otherwise stipulated in writing, Contractor shall encrypt all City Data at rest and in transit with controlled access. The Contractor shall apply and support encryption in solutions that are certified against U.S. Federal Information and Processing Standard 140-2, Level 2, or equivalent industry standard, and verify that the encryption keys and keying material are not stored with any associated data. Whenever and wherever applicable, Contractor shall apply and support industry standards or better for tokenization, fraud-use protection, format-preserving encryption, and data encryption technology. 5.2.3 At no time shall any City Data be copied, disclosed, or retained by Contractor or any party related to Contractor, including its subcontractors, for use in any process, publication, or transaction that is not specifically authorized by Section 3.0 of this Agreement or by the City in writing.

Data Protection in General. The protection of personal privacy and personally identifiable data shall be an integral part of the business activities of Contractor, and Contractor shall use all reasonable efforts to prevent inappropriate or unauthorized use of City Data at any time and safeguard the confidentiality, integrity, and availability of City Data and comply with the following conditions: 5.2.1 Contractor shall implement and maintain appropriate administrative, technical and organizational security measures in order to safeguard against unauthorized access, disclosure, destruction, or theft of City Data. Contractor shall protect City Data using no less than the security means and technology necessary to meet the standard of care relevant to the data at issue. Such security measures shall also be in accordance with recognized industry best practices and the standard of care imposed by state and federal laws and regulations relating to the protection of such information. 5.2.2 Unless otherwise stipulated in writing, Contractor shall encrypt all City Data at rest and in transit with controlled access. The Contractor shall apply and support encryption in solutions that are certified against U.S. Federal Information and Processing Standard 140-2, Level 2, or equivalent industry standard, and verify that the encryption keys and keying material are not stored with any associated data. Whenever and wherever applicable, Contractor shall apply and support industry standards or better for tokenization, fraud-use protection, format-preserving encryption, and data encryption technology. 5.2.3 At no time shall any City Data be copied, disclosed, or retained by Contractor or any party related to Contractor, including its subcontractors, for use in any process, publication, or transaction that is not specifically authorized by Section 3.0 3 of this Agreement or by the City in writing. 5.2.4 Contractor shall secure and protect all City Data from hacking, viruses, ransomware, and denial of service and related attacks.

Data Protection in General. The protection of personal privacy and personally identifiable data shall be an integral part of the business activities of Contractor, and Contractor shall use all reasonable efforts to prevent inappropriate or unauthorized use of City Data at any time and safeguard the confidentiality, integrity, and availability of City Data and comply with the following conditions: 5.2.1 8.2.1 Contractor shall implement and maintain appropriate administrative, technical and organizational security measures in order to safeguard against unauthorized access, disclosure, destruction, or theft of City Data. Contractor shall protect City Data using no less than the security means and technology necessary to meet the standard of care relevant to the data at issue. Such security measures shall also be in accordance with recognized industry best practices and the standard of care imposed by state and federal laws and regulations relating to the protection of such information. 5.2.2 8.2.2 Unless otherwise stipulated in writing, Contractor shall encrypt all City Data at rest and in transit with controlled access. The Contractor shall apply and support encryption in solutions that are certified against U.S. Federal Information and Processing Standard 140-2, Level 2, or equivalent industry standard, and verify that the encryption keys and keying material are not stored with any associated data. Whenever and wherever applicable, Contractor shall apply and support industry standards or better for tokenization, fraud-use protection, format-preserving encryption, and data encryption technology. 5.2.3 8.2.3 At no time shall any City Data be copied, disclosed, or retained by Contractor or any party related to Contractor, including its subcontractors, for use in any process, publication, or transaction that is not specifically authorized by Section 3.0 of this Agreement or by the City in writing. 8.2.4 Contractor shall secure and protect all City Data from hacking, viruses, ransomware, and denial of service and related attacks.

Data Protection in General. The protection of personal privacy and personally identifiable data shall be an integral part of the business activities of Contractor, and Contractor shall use all reasonable efforts to prevent inappropriate or unauthorized use of City Data at any time and safeguard the confidentiality, integrity, and availability of City Data and comply with the following conditions: 5.2.1 6.2.1 Contractor shall implement and maintain appropriate administrative, technical and organizational security measures in order to safeguard against unauthorized access, disclosure, destruction, or theft of City Data. Contractor shall protect City Data using no less than the security means and technology necessary to meet the standard of care relevant to the data at issue. Such security measures shall also be in accordance with recognized industry best practices and the standard of care imposed by state and federal laws and regulations relating to the protection of such information. 5.2.2 6.2.2 Unless otherwise stipulated in writing, Contractor shall encrypt all City Data at rest and in transit with controlled access. The Contractor shall apply and support encryption in solutions that are certified against U.S. Federal Information and Processing Standard 140-2, Level 2, or equivalent industry standard, and verify that the encryption keys and keying material are not stored with any associated data. Whenever and wherever applicable, Contractor shall apply and support industry standards or better for tokenization, fraud-use protection, format-preserving encryption, and data encryption technology. 5.2.3 6.2.3 At no time shall any City Data be copied, disclosed, or retained by Contractor or any party related to Contractor, including its subcontractors, for use in any process, publication, or transaction that is not specifically authorized by Section 3.0 3 of this Agreement or by the City in writing. 6.2.4 Contractor shall secure and protect all City Data from hacking, viruses, ransomware, and denial of service and related attacks.