Destruction of Information. Within thirty (30) days after Utility’s written demand, NYSERDA shall (and shall cause its Third-Party Representatives to) cease to access and Process Confidential Utility Information and shall at Utility’s option: (A) return such Confidential Utility Information to Utility in such manner, format, and timeframe as reasonably requested by Utility or, if not so directed by Utility, (B) shred, permanently erase and delete, degauss or otherwise modify so as to make unreadable, unreconstructible and indecipherable (“Destroy”) all copies of all Confidential Utility Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Information) that has come into NYSERDA’s or its Third-Party Representatives’ possession, including Destroying Confidential Utility Information from all systems, records, archives, and backups of NYSERDA and its Third-Party Representatives, and all subsequent access, use, and Processing of the Confidential Utility Information by NYSERDA and its Third-Party Representatives shall cease provided any items required to be maintained by governmental administrative rule or law or necessary for legitimate business or legal needs will not be destroyed until permitted and will remain subject to confidentiality during the retention period. NYSERDA agrees that upon a customer revocation of consent, NYSERDA and its Representatives warrant that it will no longer access Utility Confidential Utility Information and that it will Destroy any Confidential Utility Information in its or its Third-Party Representative’s possession. Notwithstanding the foregoing, NYSERDA and its Third-Party Representatives shall not be obligated to erase Confidential Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that NYSERDA and its Third-Party Representatives shall: (1) not have experienced an actual Data Security Incident;
Appears in 2 contracts
Samples: Data Security Memorandum of Understanding, Data Security Memorandum of Understanding
Destruction of Information. Within thirty (30) days after Utility’s written demand, NYSERDA NYPA shall (and shall cause its Third-Party Representatives to) cease to access and Process Confidential Customer Utility Information and shall at the Utility’s option: (A) return such Confidential Customer Utility Information to Utility in such manner, format, and timeframe as reasonably requested by Utility or, if not so directed by Utility, (B) shred, permanently erase and delete, degauss or otherwise modify so as to make unreadable, unreconstructible and indecipherable (“Destroy”) all copies of all Confidential Customer Utility Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Customer Utility Information) that has come into NYSERDANYPA’s or its Third-Party Representatives’ possession, including Destroying Confidential Customer Utility Information from all systems, records, archives, and backups of NYSERDA NYPA and its Third-Third- Party Representatives, and all subsequent access, use, and Processing of the Confidential Customer Utility Information by NYSERDA NYPA and its Third-Party Representatives shall cease cease, provided any items required to be maintained to meet reporting requirements as set forth by federal, state, and/or local laws, regulations, rules, NY state policies, or executive directives, by governmental administrative rule or law or necessary for legitimate business or legal needs will not be destroyed until permitted and will remain subject to confidentiality during the retention period. NYSERDA A Utility making a written demand of an NYPA for the return or destruction of Confidential Customer Utility Information will specify the reason for the demand. NYPA agrees that upon a customer revocation of consent, NYSERDA and its Representatives warrant NYPA warrants that it will no longer access through Utility Confidential Customer Utility Information and that it will Destroy any Confidential Customer Utility Information in its or its Third-Party Representative’s possession. Notwithstanding the foregoing, NYSERDA NYPA and its Third-Party Representatives shall not be obligated to erase Confidential Customer Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that NYSERDA NYPA and its Third-Party Representatives shall: (1) not have experienced an actual Data Security Incident;; (2) maintain Data Security Protections to limit access to or recovery of Confidential Customer Utility Information from such computer backup system and; (3) keep all such Confidential Customer Utility Information confidential in accordance with this Agreement. NYPA shall, upon request, certify to Utility that the destruction by NYPA and its Third-Party Representatives required by this Section has occurred by (A) having a duly authorized officer of NYPA complete, execute, and deliver to Utility a certification and (B) obtaining substantially similar certifications from its Third-Party Representatives and maintaining them on file. Compliance with this Section 8 shall not relieve NYPA from compliance with the other provisions of this Agreement. The written demand to Destroy or return Confidential Customer Utility Information pursuant to this Section may occur if the Utility has been notified of a potential or actual Data Security Incident and Utility has a reasonable belief of potential ongoing harm or the Confidential Customer Utility Information has been held for a period in excess of its retention period. The obligations under this Section shall survive any expiration of termination of this Agreement.
Appears in 1 contract
Samples: Data Security Agreement
Destruction of Information. Within thirty (30) days after Utility’s written demand, NYSERDA ESE shall (and shall cause its Third-Party Representatives to) cease to access and Process Confidential Customer Utility Information and shall at the Utility’s option: (A) return such Confidential Customer Utility Information to Utility in such manner, format, and timeframe as reasonably requested by Utility or, if not so directed by Utility, (B) shred, permanently erase and delete, degauss or otherwise modify so as to make unreadable, unreconstructible and indecipherable (“Destroy”) all copies of all Confidential Customer Utility Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Customer Utility Information) that has come into NYSERDAESE’s or its Third-Party Representatives’ possession, including Destroying Confidential Customer Utility Information from all systems, records, archives, and backups of NYSERDA ESE and its Third-Party Representatives, and all subsequent access, use, and Processing of the Confidential Customer Utility Information by NYSERDA ESE and its Third-Party Representatives shall cease provided any items required to be maintained by governmental administrative rule or law or necessary for legitimate business or legal needs will not be destroyed until permitted and will remain subject to confidentiality during the retention period. NYSERDA A Utility making a written demand of an ESE for the return or destruction of Confidential Customer Utility Information will specify the reason for the demand. ESE agrees that upon a customer revocation of consent, NYSERDA and its Representatives warrant ESE warrants that it will no longer access through Utility Confidential Customer Utility Information and that it will Destroy any Confidential Customer Utility Information in its or its Third-Party Representative’s possession. Notwithstanding the foregoing, NYSERDA ESE and its Third-Party Representatives shall not be obligated to erase Confidential Customer Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that NYSERDA ESE and its Third-Party Representatives shall: (1) not have experienced an actual Data Security Incident;
Appears in 1 contract
Samples: Data Security Agreement
Destruction of Information. Within thirty (30) days after Utility’s written demand, NYSERDA ESE shall (and shall cause its Third Third-Party Representatives to) cease to access and Process Confidential Utility Information and shall at the Utility’s option: (A) return such Confidential Utility Information to Utility in such manner, format, and timeframe as reasonably requested by Utility or, if not so directed by Utility, (B) shred, permanently erase and delete, degauss or otherwise modify so as to make unreadable, unreconstructible and indecipherable (“Destroy”) all copies of all Confidential Utility Information (including any and all extracts, compilations, studies, or other documents based upon, derived from, or containing Confidential Utility Information) that has come into NYSERDAESE’s or its Third Commented [PAC19R18]: Amended to address ESE comments regarding mutuality. Commented [PAC18]: Commented [PAC17]: Moved pursuant to ESE comments. Third-Party Representatives’ possession, including destroying Destroying Confidential Utility Information from all systems, records, archives, and backups of NYSERDA ESE and its Third Third-Party Representatives, and all subsequent access, use, and Processing of the Confidential Utility Information by NYSERDA ESE and its Third-Third Third- Party Representatives shall cease provided any items required to be maintained by governmental administrative rule or law or necessary for legitimate business or legal needs will not be destroyed until permitted and will remain subject to confidentiality during the retention period. NYSERDA ESE agrees that upon a customer revocation of consent, NYSERDA and its Representatives warrant ESE warrants that it will no longer access through Utility Confidential Utility Information and that it will Destroy any Confidential Utility Information in its or its Third-Party Representative’s possession. Notwithstanding the foregoing, NYSERDA ESE and its Third Third-Party Representatives shall not be obligated to erase Confidential Utility Information contained in an archived computer system backup maintained in accordance with their respective security or disaster recovery procedures, provided that NYSERDA ESE and its Third Third-Party Representatives shall: (1) not have experienced an actual Data Security Incident;, (2) not permitmaintain Data Security Protections to limit access to or recovery of Confidential Utility Information from such computer backup system and; (3) keep all such Confidential Utility Information confidential in accordance with this AddendumAgreement. ESE shall, upon request, certify to Utility that the destruction by ESE and its Third Third-Party Representatives required by this Section has occurred by (A) having a duly authorized officer of ESE complete, execute, and deliver to Utility a certification and (B) obtaining substantially similar certifications from its Third Third-Party Representatives and maintaining them on file. Compliance with this Section 8 shall not relieve ESE from compliance with the other provisions of this AddendumAgreement. The written demand to destroy Destroy or return Confidential Utility Information pursuant to this Section may occur if the ESE has been decertified pursuant to the UBP or UBP DERS UBP, the Utility has been notified of a potential or actual Data Security Incident and Utility has a reasonable belief of potential ongoing harm or the Confidential Utility Information has been held for a period in excess of its retention period. The obligations under this Section shall survive any expiration of termination of this AddendumAgreement. Subject to applicable federal, state and local laws, rules, regulations and orders, at ESE’s written demand and termination of electronic exchange of data with Utility, Utility will Destroy or return, at ESE’s option, Confidential ESE Information. Commented [PAC20]: No audit is needed. If it is need 30 day notice. Utility will conduct, want Staff or independent audit. Define SOC II. Want utility to pay for 3rd party. What are they auditing. Want to know the purpose, to understand compliance with Attestation. Add language upon good cause shown. Once annually for all utilities. Sole purpose of verifying compliance. Audit out of Attestation, only in one place. Confidentiality goes with audit.
Appears in 1 contract
Samples: Data Security Addendumagreement