Data Security and Privacy – Protected Information. Contractor acknowledges that its performance of services or activities under Contract may involve access to confidential information including, but not limited to, personally-identifiable information, protected health information, or individual financial information (collectively, “Protected Information”) that is subject to Federal, State or other laws restricting the use and disclosure of such information. Contractor agrees to comply with all applicable Federal and State laws restricting the access, use and disclosure of Protected Information.
a. Contractor agrees to hold County’s Protected Information, and any information derived from such information, in strictest confidence. Contractor shall not access, use or disclose Protected Information except as permitted or required by Contract or as otherwise authorized in writing by County, or applicable laws.
b. Contractor agrees to protect the privacy and security of County’s Protected Information according to all applicable laws and regulations, by commercially-acceptable standards, and no less rigorously than it protects its own confidential information, but in no case less than reasonable care. Contractor shall implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of County’s Protected Information.
c. Within 30 days of the termination, cancellation, expiration or other conclusion of Contract, Contractor shall return the Protected Information to County unless County requests in writing that such data be destroyed. Contractor shall certify in writing to County that such return or destruction has been completed.
d. Contractor agrees to include the requirements contained in paragraphs 10.20(a) through 10.20(d) inclusive, in all subcontractor contracts providing services under Contract.
