Data Security and Privacy Plan Sample Clauses

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unau...

Data Security and Privacy Plan. Contractor shall adopt and maintain administrative, technical and physical safeguards, measures and controls to manage privacy and security risks and protect PII in a manner that complies with New York State, federal and local laws and regulations and the EA’s policies. Education Law Section 2-d requires that Contractor provide the EA with a Data Privacy and Security Plan that outlines such safeguards, measures and controls including how the Contractor will implement all applicable state, federal and local data security and privacy requirements. Contractor’s Data Security and Privacy Plan is attached to this DPA as Exhibit C.

Data Security and Privacy Plan a. Vendor agrees to have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from Hinsdale Central School District b. Vendor understands and agrees that it is responsible for submitting a Data Security and Privacy Plan to Hinsdale Central School prior to the start of the term of the Agreement, and it shall: 1. Outline how all state, federal and local data security and privacy contract requirements will be implemented over the life of the contract consistent with Hinsdale Central School District’s policy on data security and privacy, as adopted. 2. Outline specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from Hinsdale Central School District under the Contract. 3. Outline the training requirement established by the Vendor for all employees who will receive personally identifiable information from student records (hereinafter referred to as “student data”).

Data Security and Privacy Plan a. Vendor agrees to have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from CRCS. b. Vendor understands and agrees that it is responsible for submitting a Data Security and Privacy Plan to CRCS prior to the start of the term of the Agreement, and it shall: 1. Outline how all state, federal and local data security and privacy contract requirements will be implemented over the life of the contract consistent with CRCS’s policy on data security and privacy, as adopted. 2. Outline specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from CRCS under the Contract. 3. Outline the training requirement established by the Vendor for all employees who will receive personally identifiable information from student records (hereinafter referred to as “student data”).

Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this Data Sharing and Confidentiality Agreement, consistent with Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the MLSA: ARC digital products adhere to the following security and disaster recovery practices: • All web-based services and RESTful API calls use TLS 1.2 security. • All personally identifiable information stored in MySQL is encrypted at rest using InnoDB tablespace encryption. • ARC digital products offer access for teachers, school administrators, and district administrators as identified by the district. Users in each of those security groups have access to only those student records in their scope of responsibility. • For districts using Clever Instant Login or Classlink OneClick Single Sign-On, the district maintains real-time control of all user credentials. For districts not using one of our supported single sign-on solutions, districts may assign usernames and passwords up to 128 characters. All passwords are stored using BCrypt encryption. • The TrueNet data center includes biometric door locks coupled with NFC cards. All server cabinets are locked. • Servers at the TrueNet data center have dual power supplies connected to separate power circuits with battery backup. • All data at the TrueNet data center is stored on striped and mirrored hard drives for redundancy. • All digital product data is ...

Data Security and Privacy Plan. Xxxxxxx agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Xxxxxxx and is set forth below. Additional elements of Xxxxxxx’ Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES data security and privacy policy, Xxxxxxx will: [ continue to monitor all processes and policies in accordance Industry standards. _ ] (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Xxxxxxx AGREEMENT, Xxxxxxx will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Xxxxxxx AGREEMENT: [ Xxxxxxx utilizes SOC certified data centers, use of NIST 800-53, rev. 4 security and global privacy controls, Xxxxxxx has a dedicated security and privacy team to monitor and ensure implementation of compliance requirements, staff confidentiality and security annual training, Incident Response, Security and Data Protections Plans (c) Xxxxxxx will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Xxxxxxx has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Xxxxxxx provides security training annually to its employees, recorded in their training dashboard, and intermittent touch points throughout the year. In addition, staff has Ethics training which includes data confidentially handling. Xxxxxxx utilizes the KnowBe4, xxxxx://xxx.xxxxxx0.xxx/, platform training. (e) Xxxxxxx [check one] x will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Xxxxxxx AGREEMENT. In the event that Xxxxxxx engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Xxxxxxx AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Sup...

Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. Additional elements of Vendor’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this Data Sharing and Confidentiality Agreement, consistent with Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the MLSA: [Insert here – also provide a copy of Data Security and Privacy Plan] Cengage Learning, Inc. maintains a formal, written information security program containing administrative, technical and physical safeguards to protect the security, confidentiality and integrity of personal information. This program is reasonably designed to protect (i) the security and confidentiality of personal information, (ii) protect against any anticipated threats or hazards to the security or integrity of the information, and (iii) protect against unauthorized access to or use of the information. This document provides an overview of Cengage ’s information security program.

Data Security and Privacy Plan. Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by the Vendor and is set forth below. [Privacy Policy: xxxxx://xxx.xxxxxxxxx.xxx/privacy-policy A copy of our Data Security and Privacy Plan is provided on Page 32.] Additional elements of Vendor’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this Data Sharing and Confidentiality Agreement, consistent with Erie 1 BOCES’ data security and privacy policy, Vendor will: Review its data security and privacy policy and practices to ensure that they are in conformance with all applicable federal, state, and local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) As required by the NIST Cybersecurity Framework, in order to protect the security, confidentiality and integrity of the Protected Data that it receives under the MLSA, a. Vendor will have the following reasonable administrative, technical, operational, and physical safeguards and practices in place throughout the term of the MLSA: i. Data Security: 1. Data-at-rest & data-in-transit is encrypted 2. Data leak protections are implemented ii. Information Protection Processes and Procedures: 1. Data destruction is performed according to contract and agreements 2. A plan for vulnerability management is developed and implemented iii. Protective Technology: 1. Log/audit records are ascertained, implemented, documented, and reviewed according to policy 2. Network communications are protected iv. Identity Management, Authentication and Access Control: 1. Credentials and identities are issued, verified, managed, audited, and revoked, as applicable, for authorized dev (c) Vendor will comply with all obligations set forth in Erie 1 BOCES’ “Supplemental Information about the MLSA” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to thei...

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Master Services Agreement and applicable Statement of Work(s), Provider will have and maintain a Data Security and Privacy Plan (the "Plan") in place to protect the confidentiality, privacy, and security of the Protected Data it receives from the Client, students, teachers, principals or administrators. Provider's Plan for protecting the Client's Protected Data includes, but is not limited to, its Agreement to comply with the terms of the Client's Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Provider. The Provider's Data Security and Privacy Plan must also contain the following additional components: (a) The Plan will comply with all state, federal, and local data security and privacy requirements, including but not limited to: the Children's Internet Protection Act; Family Educational Rights and Privacy Act; Health Insurance Portability and Accountability Act of 1996, if applicable; the terms contained in the MSA, SOW(s), this Exhibit A; and any other terms and conditions agreed upon between the parties that pertain to data security and privacy. (b) Prohibits the use of any Data received by the Client to market or advertise to students, teachers, or parents. (c) Providers will have specific administrative, operational, and technical safeguards and practices in place to protect Protected Data that it receives under the Agreements. (d) Provider must execute written agreements with any subcontractors or any other authorized persons or entities to whom it may disclose Protected Data (if any) that contain requirements to comply with all federal, state and local laws applicable to the types of services performed and requires them to adhere to all the provisions set forth in the Agreements, including but not limited to the procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent permitted) as outlined in the Agreements. (e) Provider has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, before their receiving access. (f) Provider will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify brea...

Data Security and Privacy Plan. The Contractor shall: