Data Return and Destruction - Regulated Data Sample Clauses

Data Return and Destruction - Regulated Data. New York State considers the protection of sensitive and NYS Confidential Information and business systems to be of the upmost importance. The NYS Confidential Information collected and maintained by state and local government agencies is protected by a myriad of Federal, State, and local laws, regulations, and ordinances. Access to and use of NYS Confidential Information is limited to authorized government employees and legally designated agents, for authorized purposes only.
Sample 1Sample 2Sample 3See All (6)
AutoNDA by SimpleDocs

Related to Data Return and Destruction - Regulated Data

  • Data Return and Destruction of Data (a) Protecting PII from unauthorized access and disclosure is of the utmost importance to the EA, and Contractor agrees that it is prohibited from retaining PII or continued access to PII or any copy, summary or extract of PII, on any storage medium (including, without limitation, in secure data centers and/or cloud-based facilities) whatsoever beyond the period of providing Services to the EA, unless such retention is either expressly authorized for a prescribed period by the Service Agreement or other written agreement between the Parties, or expressly requested by the EA for purposes of facilitating the transfer of PII to the EA or expressly required by law. As applicable, upon expiration or termination of the Service Agreement, Contractor shall transfer PII, in a format agreed to by the Parties to the EA. (b) If applicable, once the transfer of PII has been accomplished in accordance with the EA’s written election to do so, Contractor agrees to return or destroy all PII when the purpose that necessitated its receipt by Contractor has been completed. Thereafter, with regard to all PII (including without limitation, all hard copies, archived copies, electronic versions, electronic imaging of hard copies) as well as any and all PII maintained on behalf of Contractor in a secure data center and/or cloud-based facilities that remain in the possession of Contractor or its Subcontractors, Contractor shall ensure that PII is securely deleted and/or destroyed in a manner that does not allow it to be retrieved or retrievable, read or reconstructed. Hard copy media must be shredded or destroyed such that PII cannot be read or otherwise reconstructed, and electronic media must be cleared, purged, or destroyed such that the PII cannot be retrieved. Only the destruction of paper PII, and not redaction, will satisfy the requirements for data destruction. Redaction is specifically excluded as a means of data destruction. (c) Contractor shall provide the EA with a written certification of the secure deletion and/or destruction of PII held by the Contractor or Subcontractors. (d) To the extent that Contractor and/or its subcontractors continue to be in possession of any de-identified data (i.e., data that has had all direct and indirect identifiers removed), they agree not to attempt to re-identify de-identified data and not to transfer de-identified data to any party.

  • Meteorological Data Reporting Requirement (Applicable to wind generation facilities only)

  • CERTIFICATION REGARDING DRUG-FREE WORKPLACE REQUIREMENTS 1. The Contractor certifies that it will provide a drug-free workplace by: a. Publishing a statement notifying employees that the unlawful manufacture, distribution, dispensing, possession or use of a controlled substance is prohibited in the Contractor’s workplace and specifying the actions that will be taken against employees for violation of such prohibition;

  • New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.

  • DATA REPORTING a) CONTRACTOR shall agree to provide all data related to student information and billing information with XXX. CONTRACTOR shall agree to provide all data related to any and all sections of this contract and requested by and in the format require by the LEA. CONTRACTOR shall provide the LEA with invoices, attendance reports and progress reports for LEA students enrolled in CONTRACTOR’s NPS/A. b) Using forms developed by the CDE or as otherwise mutually agreed upon by CONTRACTOR and XXX, CONTRACTOR shall provide LEA, on a monthly basis, a written report of all incidents in which a statutory offense is committed by any LEA student, regardless if it results in a disciplinary action of suspension or expulsion. This includes all statutory offenses as described in Education Code sections 48900 and 48915. CONTRACTOR shall also include, in this monthly report, incidents resulting in the use of a behavioral restraint and/or seclusion even if they were not a result of a violation of Education Code sections 48900 and 48915. c) The LEA shall provide the CONTRACTORS with approved forms and/or format for such data including but not limited to invoicing, attendance reports and progress reports. The LEA may approve use of CONTRACTORS-provided forms at their discretion.

  • Data Destruction When no longer needed, all County PHI or PI must be cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media Sanitization such that the PHI or PI cannot be retrieved.

  • Data Deletion Google will delete Customer Data in accordance with Section 6 (Data Deletion) of the Data Processing Amendment.

  • Insurance and Fingerprint Requirements Information Insurance If applicable and your staff will be on TIPS member premises for delivery, training or installation etc. and/or with an automobile, you must carry automobile insurance as required by law. You may be asked to provide proof of insurance. Fingerprint It is possible that a vendor may be subject to Chapter 22 of the Texas Education Code. The Texas Education Code, Chapter 22, Section 22.0834. Statutory language may be found at: xxxx://xxx.xxxxxxxx.xxxxx.xxxxx.xx.xx/ If the vendor has staff that meet both of these criterion: (1) will have continuing duties related to the contracted services; and (2) has or will have direct contact with students Then you have ”covered” employees for purposes of completing the attached form. TIPS recommends all vendors consult their legal counsel for guidance in compliance with this law. If you have questions on how to comply, see below. If you have questions on compliance with this code section, contact the Texas Department of Public Safety Non-Criminal Justice Unit, Access and Dissemination Bureau, FAST-FACT at XXXX@xxxxx.xxxxx.xx.xx and you should send an email identifying you as a contractor to a Texas Independent School District or ESC Region 8 and TIPS. Texas DPS phone number is (000) 000-0000. See form in the next attribute to complete entitled: Texas Education Code Chapter 22 Contractor Certification for Contractor Employees

  • Review of legality and data minimisation (a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e). (b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request.

  • Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!