Common use of Data Security and Privacy Plan Clause in Contracts

Data Security and Privacy Plan. As more fully described herein, throughout the term of the Master Services Agreement and applicable Statement of Work(s), Provider will have and maintain a Data Security and Privacy Plan (the "Plan") in place to protect the confidentiality, privacy, and security of the Protected Data it receives from the Client, students, teachers, principals or administrators. Provider's Plan for protecting the Client's Protected Data includes, but is not limited to, its Agreement to comply with the terms of the Client's Xxxx of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Provider. The Provider's Data Security and Privacy Plan must also contain the following additional components: (a) The Plan will comply with all state, federal, and local data security and privacy requirements, including but not limited to: the Children's Internet Protection Act; Family Educational Rights and Privacy Act; Health Insurance Portability and Accountability Act of 1996, if applicable; the terms contained in the MSA, SOW(s), this Exhibit A; and any other terms and conditions agreed upon between the parties that pertain to data security and privacy. (b) Prohibits the use of any Data received by the Client to market or advertise to students, teachers, or parents. (c) Providers will have specific administrative, operational, and technical safeguards and practices in place to protect Protected Data that it receives under the Agreements. (d) Provider must execute written agreements with any subcontractors or any other authorized persons or entities to whom it may disclose Protected Data (if any) that contain requirements to comply with all federal, state and local laws applicable to the types of services performed and requires them to adhere to all the provisions set forth in the Agreements, including but not limited to the procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent permitted) as outlined in the Agreements. (e) Provider has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, before their receiving access. (f) Provider will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Provider will provide prompt notification to the Client of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Exhibit.