Common use of Data Security and Privacy Plan Clause in Contracts

Data Security and Privacy Plan. Xxxxxxx agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Xxxxxxx and is set forth below. Additional elements of Xxxxxxx’ Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPA, consistent with BOCES data security and privacy policy, Xxxxxxx will: [ continue to monitor all processes and policies in accordance Industry standards. _ ] (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Xxxxxxx AGREEMENT, Xxxxxxx will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Xxxxxxx AGREEMENT: [ Xxxxxxx utilizes SOC certified data centers, use of NIST 800-53, rev. 4 security and global privacy controls, Xxxxxxx has a dedicated security and privacy team to monitor and ensure implementation of compliance requirements, staff confidentiality and security annual training, Incident Response, Security and Data Protections Plans (c) Xxxxxxx will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Xxxxxxx has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Xxxxxxx provides security training annually to its employees, recorded in their training dashboard, and intermittent touch points throughout the year. In addition, staff has Ethics training which includes data confidentially handling. Xxxxxxx utilizes the KnowBe4, xxxxx://xxx.xxxxxx0.xxx/, platform training. (e) Xxxxxxx [check one] x will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Xxxxxxx AGREEMENT. In the event that Xxxxxxx engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Xxxxxxx AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Xxxxxxx AGREEMENT,” below. (f) Xxxxxxx will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Xxxxxxx will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement. (g) Xxxxxxx will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.

Data Security and Privacy Plan. Xxxxxxx PROQUEST agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Xxxxxxx PROQUEST and is set forth below. Additional elements of Xxxxxxx’ PROQUEST’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security and privacy policy, Xxxxxxx PROQUEST will: [ continue Review its data security and privacy policy and practices to monitor ensure they are in conformance with all processes applicable laws and policies the terms of this Data Sharing and Confidentiality Agreement. In the event PROQUEST’S policy and practices are not in accordance Industry standards. _ ]conformance, PROQUEST will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Xxxxxxx AGREEMENT, Xxxxxxx PROQUEST will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Xxxxxxx AGREEMENT: [ Xxxxxxx utilizes SOC certified data centers, :. PROQUEST will protect and use of NIST 800-53, rev. 4 security and global Protected Data consistent with its published privacy controls, Xxxxxxx has a dedicated security statements and privacy team to monitor policy (xxxxx://xxx.xxxxxxxx.xxx/about/Privacy-Home.html) which reflect the requirements set out in the EU General Data Protection Regulation (GDPR), Family Educational Rights and ensure implementation of compliance requirementsPrivacy Act (FERPA), staff confidentiality 20 U.S.C. Section 1232[g],et seq , the Children’s Online Privacy Protection Act (COPPA) and security annual training, Incident Response, Security other applicable data protection and Data Protections Plansprivacy laws. (c) Xxxxxxx PROQUEST will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Xxxxxxx PROQUEST has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Xxxxxxx PROQUEST provides annual information security training annually to its employeesall employees to ensure that these individuals are aware of and familiar with PROQUEST security and privacy policies and required compliance with applicable laws. If applicable, recorded in their training dashboard, PROQUEST will require that officers or employees of subcontractors or assignees comply with applicable laws and intermittent touch points throughout the year. In addition, staff has Ethics training which includes data confidentially handling. Xxxxxxx utilizes the KnowBe4, xxxxx://xxx.xxxxxx0.xxx/, platform trainingPROQUEST policies. (e) Xxxxxxx PROQUEST [check one] x will X _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Xxxxxxx AGREEMENT. In the event that Xxxxxxx PROQUEST engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Xxxxxxx AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Xxxxxxx AGREEMENT,” below. (f) Xxxxxxx PROQUEST will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Xxxxxxx PROQUEST will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement. (g) Xxxxxxx PROQUEST will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.

Data Security and Privacy Plan. Xxxxxxx XXXXXXX agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Xxxxxxx XXXXXXX and is set forth below. Additional elements of Xxxxxxx’ XXXXXXX’x Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security and privacy policy, Xxxxxxx XXXXXXX will: [ continue to monitor all processes and policies in accordance Industry standards. See attached data security agreement _ ] (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Xxxxxxx XXXXXXX AGREEMENT, Xxxxxxx XXXXXXX will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Xxxxxxx XXXXXXX AGREEMENT: [ Xxxxxxx utilizes SOC certified See attached data centers, use of NIST 800-53, rev. 4 security and global privacy controls, Xxxxxxx has a dedicated security and privacy team to monitor and ensure implementation of compliance requirements, staff confidentiality and security annual training, Incident Response, Security and Data Protections Plansagreement (c) Xxxxxxx XXXXXXX will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Xxxxxxx XXXXXXX has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Xxxxxxx provides security Ongoing training annually as processes are implemented to its employees, recorded in their training dashboard, ensure best practices and intermittent touch points throughout the year. In addition, staff has Ethics training which includes data confidentially handling. Xxxxxxx utilizes the KnowBe4, xxxxx://xxx.xxxxxx0.xxx/, platform training.procedures (e) Xxxxxxx XXXXXXX [check one] x will X _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Xxxxxxx FOG ARTY AGREEMENT. In the event that Xxxxxxx XXXXXXX engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Xxxxxxx XXXXXXX AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Xxxxxxx XXXXXXX AGREEMENT,” below. (f) Xxxxxxx XXXXXXX will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Xxxxxxx XXXXXXX will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement. (g) Xxxxxxx XXXXXXX will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.

Data Security and Privacy Plan. Xxxxxxx Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Xxxxxxx the Vendor and is set forth below. Additional elements of Xxxxxxx’ Vendor’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security and privacy policy, Xxxxxxx Vendor will: [ continue Review its data security and privacy policy and practices to monitor ensure that they are in conformance with all processes applicable federal, state, and policies local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in accordance Industry standards. _ ]conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Xxxxxxx AGREEMENTMLSA, Xxxxxxx Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Xxxxxxx AGREEMENTMLSA: [ Xxxxxxx utilizes SOC certified data centers, use of NIST 800-53, rev. 4 security and global privacy controls, Xxxxxxx has a dedicated security and privacy team to monitor and ensure implementation of compliance requirements, staff confidentiality and security annual training, Incident Response, See Vendor Data Security and Data Protections PlansPrivacy Plan at: xxxxx://xxxxx.xxxx.xxx/nwea-ny-privacy-and-security-plan.html and Vendor Security Whitepaper at: xxxxx://xxxxx.xxxx.xxx/map-growth-information-security- whitepaper.html (also attached as Exhibit E-2 and E-3) (c) Xxxxxxx Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Xxxxxxx Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Xxxxxxx provides Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training annually to its employees, recorded in their training dashboard, ensure that these individuals are aware of and intermittent touch points throughout the year. In addition, staff has Ethics training which includes familiar with all applicable data confidentially handling. Xxxxxxx utilizes the KnowBe4, xxxxx://xxx.xxxxxx0.xxx/, platform trainingsecurity and privacy laws. (e) Xxxxxxx [check one] x Vendor will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Xxxxxxx AGREEMENTMLSA. In the event that Xxxxxxx Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Xxxxxxx AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Xxxxxxx AGREEMENTMLSA,” below. (f) Xxxxxxx Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Xxxxxxx Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement. (g) Xxxxxxx Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.

Data Security and Privacy Plan. Xxxxxxx BRAINPOP LLC agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Parents Bill Xxxx of Rights for Data Privacy and Security, a copy of which has been signed by Xxxxxxx BRAINPOP LLC and is set forth below. Additional elements of Xxxxxxx’ BRAINPOP LLC’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES data security and privacy policy, Xxxxxxx BRAINPOP LLC will: [ continue to monitor all processes comply with FERPA and policies in accordance Industry standardsCOPPA. For more information on our privacy and security practices, please review our privacy policy xxxxx://xxx.xxxxxxxx.xxx/about/privacy_policy/ _ ] (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Xxxxxxx AGREEMENT, Xxxxxxx BRAINPOP LLC will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Xxxxxxx AGREEMENT: [ Xxxxxxx utilizes SOC certified data centers[Data will be encrypted in transit and at rest. Servers are locked, use of NIST 800-53secured, revmonitored, and protected by a firewall. 4 security Servers are stored in the U.S. and global privacy controls, Xxxxxxx has a dedicated security and privacy team to monitor and ensure implementation of compliance requirements, staff confidentiality and security annual training, Incident Response, Security and Data Protections Plansbacked up daily. Subscribers can only access their own data. (c) Xxxxxxx BRAINPOP LLC will comply with all obligations set forth in B OCES “Supplemental Information about the AGREEMENT” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Xxxxxxx BRAINPOP LLC has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Xxxxxxx provides Employees receive training regarding data security and a limited number of employees are granted access to Protected Data accounts. Background checks and privacy training annually to its is company- wide for all employees, recorded in their training dashboard, and intermittent touch points throughout the year. In addition, staff has Ethics training which includes data confidentially handling. Xxxxxxx utilizes the KnowBe4, xxxxx://xxx.xxxxxx0.xxx/, platform training. (e) Xxxxxxx BRAINPOP LLC [check one] x ⌡ will _will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Xxxxxxx AGREEMENT. In the event that Xxxxxxx BRAINPOP LLC engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Xxxxxxx AGREEMENT, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES “Supplemental Information about the Xxxxxxx AGREEMENT,” below. (f) Xxxxxxx BRAINPOP LLC will manage data security and privacy incidents that implicate Protected Data, including identify breaches and unauthorized disclosures, and Xxxxxxx BRAINPOP LLC will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement. (g) Xxxxxxx BRAINPOP LLC will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT is terminated or expires, as more fully described in BOCES “Supplemental Information about the AGREEMENT,” below.

Data Security and Privacy Plan. Xxxxxxx Vendor agrees that it will protect the confidentiality, privacy and security of the Protected Data received from Participating Educational Agencies in accordance with the BOCES Erie 1 BOCES’ Parents Bill of Rights for Data Privacy and Security, a copy of which has been signed by Xxxxxxx the Vendor and is set forth below. Additional elements of Xxxxxxx’ Vendor’s Data Security and Privacy Plan are as follows: (a) In order to implement all state, federal, and local data security and privacy requirements, including those contained within this DPAData Sharing and Confidentiality Agreement, consistent with BOCES Erie 1 BOCES’ data security and privacy policy, Xxxxxxx Vendor will: [ continue Review its data security and privacy policy and practices to monitor ensure that they are in conformance with all processes applicable federal, state, and policies local laws and the terms of this Data Sharing and Confidentiality Agreement. In the event Vendor’s policy and practices are not in accordance Industry standards. _ ]conformance, the Vendor will implement commercially reasonable efforts to ensure such compliance. (b) In order to protect the security, confidentiality and integrity of the Protected Data that it receives under the Xxxxxxx AGREEMENTMLSA, Xxxxxxx Vendor will have the following reasonable administrative, technical, operational and physical safeguards and practices in place throughout the term of the Xxxxxxx AGREEMENTMLSA: [ Xxxxxxx utilizes SOC certified The general security duties we follow include, but are not limited to: secure passwords and employee access with reasonable safeguards like multi factor authentication and encryption; industry standard security protocols for transferring data; using Secure Socket Layer (SSL) or equivalent technology to protect data; use server DocuSign Envelope ID: 04285847-45CA-48CD-B30A-8AD7CD0909B0 authentication an data centers, use of NIST 800-53, revencryption for PII; conduct a periodic risk assessment and remediate any identified issues. 4 security and global You can find our privacy controls, Xxxxxxx has a dedicated security and privacy team to monitor and ensure implementation of compliance requirements, staff confidentiality and security annual training, Incident Response, Security and Data Protections Planspolicy at xxxxxxxxxx.xxx/xxxxxxx (c) Xxxxxxx Vendor will comply with all obligations set forth in B OCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA” below. (d) For any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who have access to Protected Data, Xxxxxxx Vendor has provided or will provide training on the federal and state laws governing confidentiality of such data prior to their receiving access, as follows: [ Xxxxxxx provides Annually, Vendor will require that all of its employees (or officers or employees of any of its subcontractors or assignees) undergo data security and privacy training annually to its employees, recorded in their training dashboard, ensure that these individuals are aware of and intermittent touch points throughout the year. In addition, staff has Ethics training which includes familiar with all applicable data confidentially handling. Xxxxxxx utilizes the KnowBe4, xxxxx://xxx.xxxxxx0.xxx/, platform trainingsecurity and privacy laws. (e) Xxxxxxx [check one] x Vendor will _X will not utilize sub-contractors for the purpose of fulfilling one or more of its obligations under the Xxxxxxx AGREEMENTMLSA. In the event that Xxxxxxx Vendor engages any subcontractors, assignees, or other authorized agents to perform its obligations under the Xxxxxxx AGREEMENTMLSA, it will require such subcontractors, assignees, or other authorized agents to execute written agreements as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the Xxxxxxx AGREEMENTMLSA,” below. (f) Xxxxxxx Vendor will manage data security and privacy incidents that implicate Protected Data, including identify identifying breaches and unauthorized disclosures, and Xxxxxxx Vendor will provide prompt notification of any breaches or unauthorized disclosures of Protected Data in accordance with Section 6 of this Data Sharing and Confidentiality Agreement. (g) Xxxxxxx Vendor will implement procedures for the return, transition, deletion and/or destruction of Protected Data at such time that the AGREEMENT MLSA is terminated or expires, as more fully described in BOCES Erie 1 BOCES’ “Supplemental Information about the AGREEMENTMLSA,” below.