Common use of FRAUD AND SECURITY MANAGEMENT Clause in Contracts

FRAUD AND SECURITY MANAGEMENT. The Provider must put in place and maintain appropriate counter fraud and security management arrangements. The Provider must take all reasonable steps, in accordance with good industry practice, to prevent Fraud by Staff and the Provider in connection with the receipt of monies from the Authority. The Provider must notify the Authority immediately if it has reason to suspect that any Fraud has occurred or is occurring or is likely to occur. If the Provider or its Staff commits Fraud in relation to this or any other contract with the Authority, the Authority may terminate this Contract by written notice to the Provider with immediate effect (and terminate any other contract the Provider has with the Authority) and recover from the Provider the amount of any Loss suffered by the Authority resulting from the termination, including the cost reasonably incurred by the Authority of making other arrangements for the supply of the Services for the remainder of the term of this Contract had it not been terminated. CONFIDENTIALITY Other than as allowed in this Contract, Confidential Information is owned by the Party that discloses it (the “Disclosing Party”) and the Party that receives it (the “Receiving Party”) has no right to use it. Subject to Clauses B36.3. and B36.4., the Receiving Party agrees: to use the Disclosing Party’s Confidential Information only in connection with the Receiving Party’s performance under this Contract; not to disclose the Disclosing Party’s Confidential Information to any third party or to use it to the detriment of the Disclosing Party; and to maintain the confidentiality of the Disclosing Party’s Confidential Information and to return it immediately on receipt of written demand from the Disclosing Party. The Receiving Party may disclose the Disclosing Party’s Confidential Information: in connection with any dispute resolution under clause B30. (Dispute Resolution); in connection with any litigation between the Parties; to comply with the Law; to its staff, consultants and sub-contractors, who shall in respect of such Confidential Information be under a duty no less onerous than the Receiving Party’s duty set out in clause B36.2.; to comply with a regulatory bodies request. The obligations in clause B36.1. and clause B36.2. will not apply to any Confidential Information which: is in or comes into the public domain other than by breach of this Contract; the Receiving Party can show by its records was in its possession before it received it from the Disclosing Party; or the Receiving Party can prove that it obtained or was able to obtain from a source other than the Disclosing Party without breaching any obligation of confidence. The Receiving Party shall indemnify the Disclosing Party and shall keep the Disclosing Party indemnified against Losses and Indirect Losses suffered or incurred by the Disclosing Party as a result of any breach of this clause B36.. The Parties acknowledge that damages would not be an adequate remedy for any breach of this clause B36. by the Receiving Party, and in addition to any right to damages the Disclosing Party shall be entitled to the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of this clause B36.. This clause B36. shall not limit the Public Interest Disclosure Act 1998 in any way whatsoever. The obligations in clause B36.1. and clause B36.2.B shall not apply where the Confidential Information is related to an item of business at a board meeting of the Authority or of any committee, sub-committee or joint committee of the Authority or is related to an executive decision of the Authority and it is not reasonably practicable for that item of business to be transacted or that executive decision to be made without reference to the Confidential Information, provided that the Confidential Information is exempt information within the meaning of Section 101 of the Local Government Act 1972 (as amended), the Authority shall consider properly whether or not to exercise its powers under Part V of that Act or (in the case of executive decisions) under the Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012 to prevent the disclosure of that Confidential Information and in doing so shall give due weight to the interests of the Provider and where reasonably practicable shall consider any representations made by the Provider.

FRAUD AND SECURITY MANAGEMENT. The Provider must put in place and maintain appropriate counter fraud and security management arrangements. The Provider must take all reasonable steps, in accordance with good industry practice, to prevent Fraud by Staff and the Provider in connection with the receipt of monies from the Authority. The Provider must notify the Authority immediately if it has reason to suspect that any Fraud has occurred or is occurring or is likely to occur. If the Provider or its Staff commits Fraud in relation to this or any other contract with the Authority, the Authority may terminate this Contract by written notice to the Provider with immediate effect (and terminate any other contract the Provider has with the Authority) and recover from the Provider the amount of any Loss suffered by the Authority resulting from the termination, including the cost reasonably incurred by the Authority of making other arrangements for the supply of the Services for the remainder of the term of this Contract had it not been terminated. CONFIDENTIALITY Other than as allowed in this Contract, Confidential Information is owned by the Party that discloses it (it, the “Disclosing Party”) Party and the Party that receives it (it, the “Receiving Party”) Party has no right to use it. Subject to Clauses B36.3. 40.3 and B36.4.40.4, the Receiving Party agrees: to use the Disclosing Party’s Confidential Information only in connection with the Receiving Party’s performance under this Contract; not to disclose the Disclosing Party’s Confidential Information to any third party or to use it to the detriment of the Disclosing Party; and to maintain the confidentiality of the Disclosing Party’s Confidential Information and to return it immediately on receipt of written demand from the Disclosing Party. The Receiving Party may disclose the Disclosing Party’s Confidential Information: in connection with any dispute resolution under clause B30. 34 (Dispute Resolution); in connection with any litigation between the Parties; to comply with the Law; to its staff, consultants and sub-contractors, who shall in respect of such Confidential Information be under a duty no less onerous than the Receiving Party’s duty set out in clause B36.2.40.2; to comply with a regulatory bodies request. The obligations in clause B36.1. 40.1 and clause B36.2. 40.2 will not apply to any Confidential Information which: is in or comes into the public domain other than by breach of this Contract; the Receiving Party can show by its records was in its possession before it received it from the Disclosing Party; or the Receiving Party can prove that it obtained or was able to obtain from a source other than the Disclosing Party without breaching any obligation of confidence. The Receiving Party shall indemnify the Disclosing Party and shall keep the Disclosing Party indemnified against Losses and Indirect Losses suffered or incurred by the Disclosing Party as a result of any breach of this clause B36.. 40. The Parties acknowledge that damages would not be an adequate remedy for any breach of this clause B36. 40 by the Receiving Party, and in addition to any right to damages the Disclosing Party shall be entitled to the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of this clause B36.. 40. This clause B36. 40 shall not limit the Public Interest Disclosure Act 1998 Xxxxxxxx Xxxxxxxxxx Xxx 0000 in any way whatsoever. The obligations in clause B36.1. 40.1 and clause B36.2.B 40.2 shall not apply where the Confidential Information is related to an item of business at a board meeting of the Authority or of any committee, sub-committee or joint committee of the Authority or is related to an executive decision of the Authority and it is not reasonably practicable for that item of business to be transacted or that executive decision to be made without reference to the Confidential Information, provided that the Confidential Information is exempt information within the meaning of Section 101 of the Local Government Act 1972 (as amended), the Authority shall consider properly whether or not to exercise its powers under Part V v of that Act or (in the case of executive decisions) under the Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012 2000 as amended to prevent the disclosure of that Confidential Information and in doing so shall give due weight to the interests of the Provider and where reasonably practicable shall consider any representations made by the Provider.

FRAUD AND SECURITY MANAGEMENT. The Provider must put in place and maintain appropriate counter fraud and security management arrangements. The Provider must take all reasonable steps, in accordance with good industry practice, to prevent Fraud by Staff and the Provider in connection with the receipt of monies from the Authority. The Provider must notify the Authority immediately if it has reason to suspect that any Fraud has occurred or is occurring or is likely to occur. If the Provider or its Staff commits Fraud in relation to this or any other contract with the Authority, the Authority may terminate this Contract by written notice to the Provider with immediate effect (and terminate any other contract the Provider has with the Authority) and recover from the Provider the amount of any Loss suffered by the Authority resulting from the termination, including the cost reasonably incurred by the Authority of making other arrangements for the supply of the Services for the remainder of the term of this Contract had it not been terminated. CONFIDENTIALITY Other than as allowed in this Contract, Confidential Information is owned by the Party that discloses it (the “Disclosing Party”) and the Party that receives it (the “Receiving Party”) has no right to use it. Subject to Clauses B36.3. B35.3 and B36.4B35.4., the Receiving Party agrees: to use the Disclosing Party’s Confidential Information only in connection with the Receiving Party’s performance under this Contract; not to disclose the Disclosing Party’s Confidential Information to any third party or to use it to the detriment of the Disclosing Party; and to maintain the confidentiality of the Disclosing Party’s Confidential Information and to return it immediately on receipt of written demand from the Disclosing Party. The Receiving Party may disclose the Disclosing Party’s Confidential Information: in connection with any dispute resolution under clause B30B29. (Dispute Resolution); in connection with any litigation between the Parties; to comply with the Law; to its staff, consultants and sub-contractors, who shall in respect of such Confidential Information be under a duty no less onerous than the Receiving Party’s duty set out in clause B36.2B35.2.; to comply with a regulatory bodies request. The obligations in clause B36.1B35.1. and clause B36.2B35.2. will not apply to any Confidential Information which: is in or comes into the public domain other than by breach of this Contract; the Receiving Party can show by its records was in its possession before it received it from the Disclosing Party; or the Receiving Party can prove that it obtained or was able to obtain from a source other than the Disclosing Party without breaching any obligation of confidence. The Receiving Party shall indemnify the Disclosing Party and shall keep the Disclosing Party indemnified against Losses and Indirect Losses suffered or incurred by the Disclosing Party as a result of any breach of this clause B36B35.. The Parties acknowledge that damages would not be an adequate remedy for any breach of this clause B36B35. by the Receiving Party, and in addition to any right to damages the Disclosing Party shall be entitled to the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of this clause B36B35.. This clause B36B35. shall not limit the Public Interest Disclosure Act 1998 Xxxxxxxx Xxxxxxxxxx Xxx 0000 in any way whatsoever. The obligations in clause B36.1B35.1. and clause B36.2.B B35.2. shall not apply where the Confidential Information is related to an item of business at a board meeting of the Authority or of any committee, sub-committee or joint committee of the Authority or is related to an executive decision of the Authority and it is not reasonably practicable for that item of business to be transacted or that executive decision to be made without reference to the Confidential Information, provided that the Confidential Information is exempt information within the meaning of Section 101 of the Local Government Act 1972 (as amended), the Authority shall consider properly whether or not to exercise its powers under Part V of that Act or (in the case of executive decisions) under the Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012 to prevent the disclosure of that Confidential Information and in doing so shall give due weight to the interests of the Provider and where reasonably practicable shall consider any representations made by the Provider.

FRAUD AND SECURITY MANAGEMENT. The Provider must put in place and maintain appropriate counter fraud and security management arrangements. The Provider must take all reasonable steps, in accordance with good industry practice, to prevent Fraud by Staff and the Provider in connection with the receipt of monies from the AuthorityCommissioned Service. The Provider must notify the Authority Commissioned Service immediately if it has reason to suspect that any Fraud has occurred or is occurring or is likely to occur. If the Provider or its Staff commits Fraud in relation to this or any other contract with the AuthorityCommissioned Service, the Authority Commissioned Service may terminate this Contract by written notice to the Provider with immediate effect (and terminate any other contract the Provider has with the AuthorityCommissioned Service) and recover from the Provider the amount of any Loss suffered by the Authority Commissioned Service resulting from the termination, including the cost reasonably incurred by the Authority Commissioned Service of making other arrangements for the supply of the Services for the remainder of the term of this Contract had it not been terminated. CONFIDENTIALITY Other than as allowed in this Contract, Confidential Information is owned by the Party that discloses it (the “Disclosing Party”) and the Party that receives it (the “Receiving Party”) has no right to use it. Subject to Clauses B36.3. B35.3 and B36.4B35.4., the Receiving Party agrees: to use the Disclosing Party’s Confidential Information only in connection with the Receiving Party’s performance under this Contract; not to disclose the Disclosing Party’s Confidential Information to any third party or to use it to the detriment of the Disclosing Party; and to maintain the confidentiality of the Disclosing Party’s Confidential Information and to return it immediately on receipt of written demand from the Disclosing Party. The Receiving Party may disclose the Disclosing Party’s Confidential Information: in connection with any dispute resolution under clause B30B29. (Dispute Resolution); in connection with any litigation between the Parties; to comply with the Law; to its staff, consultants and sub-contractors, who shall in respect of such Confidential Information be under a duty no less onerous than the Receiving Party’s duty set out in clause B36.2B35.2.; to comply with a regulatory bodies request. The obligations in clause B36.1B35.1. and clause B36.2B35.2. will not apply to any Confidential Information which: is in or comes into the public domain other than by breach of this Contract; the Receiving Party can show by its records was in its possession before it received it from the Disclosing Party; or the Receiving Party can prove that it obtained or was able to obtain from a source other than the Disclosing Party without breaching any obligation of confidence. The Receiving Party shall indemnify the Disclosing Party and shall keep the Disclosing Party indemnified against Losses and Indirect Losses suffered or incurred by the Disclosing Party as a result of any breach of this clause B36B35.. The Parties acknowledge that damages would not be an adequate remedy for any breach of this clause B36B35. by the Receiving Party, and in addition to any right to damages the Disclosing Party shall be entitled to the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of this clause B36B35.. This clause B36B35. shall not limit the Public Interest Disclosure Act 1998 in any way whatsoever. The obligations in clause B36.1B35.1. and clause B36.2.B B35.2. shall not apply where the Confidential Information is related to an item of business at a board meeting of the Authority Commissioned Service or of any committee, sub-committee or joint committee of the Authority Commissioned Service or is related to an executive decision of the Authority Commissioned Service and it is not reasonably practicable for that item of business to be transacted or that executive decision to be made without reference to the Confidential Information, provided that the Confidential Information is exempt information within the meaning of Section 101 of the Local Government Act 1972 (as amended), the Authority Commissioned Service shall consider properly whether or not to exercise its powers under Part V of that Act or (in the case of executive decisions) under the Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012 to prevent the disclosure of that Confidential Information and in doing so shall give due weight to the interests of the Provider and where reasonably practicable shall consider any representations made by the Provider. DATA PROTECTION The Parties, including staff and sub-contractors acknowledge their respective duties under the DPA and GDPR and shall give all reasonable assistance to each other where appropriate or necessary to comply with such duties. To the extent that the Parties to this contract are acting as Joint Controllers, they shall, in particular, but without limitation: put in place appropriate technical and organisational measures against any unauthorised or unlawful processing of such Personal Data, and against the accidental loss or destruction of or damage to such Personal Data having regard to the state of technical development and the level of harm that may be suffered by a Data Subject whose Personal Data is affected by such unauthorised or unlawful processing or by its loss, damage or destruction; take reasonable steps to ensure the reliability of Staff who will have access to such Personal Data, and ensure that such Staff are properly trained in protecting Personal Data; This Service Contract builds into it the Data Sharing Agreement, which defines the security controls that the Parties will adhere to and the responsibilities that the Parties owe to each other. Each Party is to ensure compliance with applicable data protection laws at all times for the duration of this contract.

FRAUD AND SECURITY MANAGEMENT. The Provider must put in place and maintain appropriate counter fraud and security management arrangements. The Provider must take all reasonable steps, in accordance with good industry practice, to prevent Fraud by Staff and the Provider in connection with the receipt of monies from the AuthorityCommissioned Service. The Provider must notify the Authority Commissioned Service immediately if it has reason to suspect that any Fraud has occurred or is occurring or is likely to occur. If the Provider or its Staff commits Fraud in relation to this or any other contract with the AuthorityCommissioned Service, the Authority Commissioned Service may terminate this Contract by written notice to the Provider with immediate effect (and terminate any other contract the Provider has with the AuthorityCommissioned Service) and recover from the Provider the amount of any Loss suffered by the Authority Commissioned Service resulting from the termination, including the cost reasonably incurred by the Authority Commissioned Service of making other arrangements for the supply of the Services for the remainder of the term of this Contract had it not been terminated. CONFIDENTIALITY Other than as allowed in this Contract, Confidential Information is owned by the Party that discloses it (the “Disclosing Party”) and the Party that receives it (the “Receiving Party”) has no right to use it. Subject to Clauses B36.3. B35.3 and B36.4B35.4., the Receiving Party agrees: to use the Disclosing Party’s Confidential Information only in connection with the Receiving Party’s performance under this Contract; not to disclose the Disclosing Party’s Confidential Information to any third party or to use it to the detriment of the Disclosing Party; and to maintain the confidentiality of the Disclosing Party’s Confidential Information and to return it immediately on receipt of written demand from the Disclosing Party. The Receiving Party may disclose the Disclosing Party’s Confidential Information: in connection with any dispute resolution under clause B30B29. (Dispute Resolution); in connection with any litigation between the Parties; to comply with the Law; to its staff, consultants and sub-contractors, who shall in respect of such Confidential Information be under a duty no less onerous than the Receiving Party’s duty set out in clause B36.2B35.2.; to comply with a regulatory bodies request. The obligations in clause B36.1B35.1. and clause B36.2B35.2. will not apply to any Confidential Information which: is in or comes into the public domain other than by breach of this Contract; the Receiving Party can show by its records was in its possession before it received it from the Disclosing Party; or the Receiving Party can prove that it obtained or was able to obtain from a source other than the Disclosing Party without breaching any obligation of confidence. The Receiving Party shall indemnify the Disclosing Party and shall keep the Disclosing Party indemnified against Losses and Indirect Losses suffered or incurred by the Disclosing Party as a result of any breach of this clause B36B35.. The Parties acknowledge that damages would not be an adequate remedy for any breach of this clause B36B35. by the Receiving Party, and in addition to any right to damages the Disclosing Party shall be entitled to the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of this clause B36B35.. This clause B36B35. shall not limit the Public Interest Disclosure Act 1998 Xxxxxxxx Xxxxxxxxxx Xxx 0000 in any way whatsoever. The obligations in clause B36.1B35.1. and clause B36.2.B B35.2. shall not apply where the Confidential Information is related to an item of business at a board meeting of the Authority Commissioned Service or of any committee, sub-committee or joint committee of the Authority Commissioned Service or is related to an executive decision of the Authority Commissioned Service and it is not reasonably practicable for that item of business to be transacted or that executive decision to be made without reference to the Confidential Information, provided that the Confidential Information is exempt information within the meaning of Section 101 of the Local Government Act 1972 (as amended), the Authority Commissioned Service shall consider properly whether or not to exercise its powers under Part V of that Act or (in the case of executive decisions) under the Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012 to prevent the disclosure of that Confidential Information and in doing so shall give due weight to the interests of the Provider and where reasonably practicable shall consider any representations made by the Provider. DATA PROTECTION The Parties, including staff and sub-contractors acknowledge their respective duties under the DPA and GDPR and shall give all reasonable assistance to each other where appropriate or necessary to comply with such duties. To the extent that the Parties to this contract are acting as Joint Controllers, they shall, in particular, but without limitation: put in place appropriate technical and organisational measures against any unauthorised or unlawful processing of such Personal Data, and against the accidental loss or destruction of or damage to such Personal Data having regard to the state of technical development and the level of harm that may be suffered by a Data Subject whose Personal Data is affected by such unauthorised or unlawful processing or by its loss, damage or destruction; take reasonable steps to ensure the reliability of Staff who will have access to such Personal Data, and ensure that such Staff are properly trained in protecting Personal Data; This Service Contract builds into it the Data Sharing Agreement, which defines the security controls that the Parties will adhere to and the responsibilities that the Parties owe to each other. Each Party is to ensure compliance with applicable data protection laws at all times for the duration of this contract.

FRAUD AND SECURITY MANAGEMENT. The Provider must put in place and maintain appropriate counter fraud and security management arrangements. The Provider must take all reasonable steps, in accordance with good industry practice, to prevent Fraud by Staff and the Provider in connection with the receipt of monies from the Authority. The Provider must notify the Authority immediately if it has reason to suspect that any Fraud has occurred or is occurring or is likely to occur. If the Provider or its Staff commits Fraud in relation to this or any other contract with the Authority, the Authority may terminate this Contract by written notice to the Provider with immediate effect (and terminate any other contract the Provider has with the Authority) and recover from the Provider the amount of any Loss suffered by the Authority resulting from the termination, including the cost reasonably incurred by the Authority of making other arrangements for the supply of the Services for the remainder of the term of this Contract had it not been terminated. CONFIDENTIALITY Other than as allowed in this Contract, Confidential Information is owned by the Party that discloses it (the “Disclosing Party”) and the Party that receives it (the “Receiving Party”) has no right to use it. Subject to Clauses B36.3. Error: Reference source not found and B36.4B35.4., the Receiving Party agrees: to use the Disclosing Party’s Confidential Information only in connection with the Receiving Party’s performance under this Contract; not to disclose the Disclosing Party’s Confidential Information to any third party or to use it to the detriment of the Disclosing Party; and to maintain the confidentiality of the Disclosing Party’s Confidential Information and to return it immediately on receipt of written demand from the Disclosing Party. The Receiving Party may disclose the Disclosing Party’s Confidential Information: in connection with any dispute resolution under clause B30B29. (Dispute Resolution); in connection with any litigation between the Parties; to comply with the Law; to its staff, consultants and sub-contractors, who shall in respect of such Confidential Information be under a duty no less onerous than the Receiving Party’s duty set out in clause B36.2B35.2.; to comply with a regulatory bodies request. The obligations in clause B36.1B35.1. and clause B36.2B35.2. will not apply to any Confidential Information which: is in or comes into the public domain other than by breach of this Contract; the Receiving Party can show by its records was in its possession before it received it from the Disclosing Party; or the Receiving Party can prove that it obtained or was able to obtain from a source other than the Disclosing Party without breaching any obligation of confidence. The Receiving Party shall indemnify the Disclosing Party and shall keep the Disclosing Party indemnified against Losses and Indirect Losses suffered or incurred by the Disclosing Party as a result of any breach of this clause B36B35.. The Parties acknowledge that damages would not be an adequate remedy for any breach of this clause B36B35. by the Receiving Party, and in addition to any right to damages the Disclosing Party shall be entitled to the remedies of injunction, specific performance and other equitable relief for any threatened or actual breach of this clause B36B35.. This clause B36B35. shall not limit the Public Interest Disclosure Act 1998 Xxxxxxxx Xxxxxxxxxx Xxx 0000 in any way whatsoever. The obligations in clause B36.1B35.1. and clause B36.2.B B35.2. shall not apply where the Confidential Information is related to an item of business at a board meeting of the Authority or of any committee, sub-committee or joint committee of the Authority or is related to an executive decision of the Authority and it is not reasonably practicable for that item of business to be transacted or that executive decision to be made without reference to the Confidential Information, provided that the Confidential Information is exempt information within the meaning of Section 101 of the Local Government Act 1972 (as amended), the Authority shall consider properly whether or not to exercise its powers under Part V of that Act or (in the case of executive decisions) under the Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012 to prevent the disclosure of that Confidential Information and in doing so shall give due weight to the interests of the Provider and where reasonably practicable shall consider any representations made by the Provider. DATA PROTECTION The Parties, including staff and sub-contractors acknowledge their respective duties under the DPA and shall give all reasonable assistance to each other where appropriate or necessary to comply with such duties. To the extent that the Provider is acting as a Data Processor on behalf of the Authority, the Provider shall, in particular, but without limitation: only process such Personal Data as is necessary to perform its obligations under this Contract, and only in accordance with any instruction given by the Authority under this Contract; put in place appropriate technical and organisational measures against any unauthorised or unlawful processing of such Personal Data, and against the accidental loss or destruction of or damage to such Personal Data having regard to the specific requirements in clause Error: Reference source not found below, the state of technical development and the level of harm that may be suffered by a Data Subject whose Personal Data is affected by such unauthorised or unlawful processing or by its loss, damage or destruction; take reasonable steps to ensure the reliability of Staff who will have access to such Personal Data, and ensure that such Staff are properly trained in protecting Personal Data; provide the Authority with such information as the Authority may reasonably require to satisfy itself that the Provider is complying with its obligations under the DPA; promptly notify the Authority of any requests for disclosure of or access to the Personal Data; Promptly notify the Authority of any breach of the security measures required to be put in place pursuant to this clause B36.; ensure it does not knowingly or negligently do or omit to do anything which places the Authority in breach of the Authority’s obligations under the DPA. To the extent that any Authority data is held and/or processed by the Provider, the Provider shall supply that Authority data to the Authority as requested by the Authority. The Provider and the Authority shall ensure that Personal Data is safeguarded at all times in accordance with the Law.