Common use of Information Governance Clause in Contracts

Information Governance. 49.1 The Service Provider warrants and undertakes as follows: 49.1.1 the Service Provider shall in relation to this Agreement comply with the Data Protection Act 1998 (hereafter the "DPA"), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (hereafter the "PECED") and all relevant, subordinate or successor legislation relating to each of them including, without limitation, the Eight Data Protection Principles set out in the DPA; 49.1.2 the Service Provider acknowledges that TfL will rely upon the Service Provider to enable TfL to comply with its obligations under the Freedom of Information Xxx 0000 (hereafter the "FOIA"), the Environmental Information Regulations 2004 (hereafter the "EIRs") and the Reuse of Public Sector Information Regulations 2005 (hereafter the "RPSI") in relation to the Services and this Agreement and that the processes and procedures set out in this Agreement with which the Service Provider is required to comply are important for the purposes of ensuring such compliance; 49.1.3 if there is dispute over what is required for compliance with the DPA and the other named Acts and Regulations, the Service Provider will comply with written instructions from TfL’s legal advisers, except where it is illegal for the Service Provider to do so; and 49.1.4 the Service Provider agrees to provide promptly all reasonable additional information and co-operate fully with any investigations by TfL in relation to complaints under the DPA, FOIA, EIRs, RPSI, PECED and Computer Xxxxxx Xxx 0000, including investigations relating to complaints by the Information Commissioner’s Office, the Information Tribunal and the Courts. 49.2 The Service Provider shall: 49.2.1 take and implement appropriate technical and organisational security measures, that are necessary or appropriate to ensure a level of security to preserve the security and confidentiality of any Personal Data collected and/or processed by it and are satisfactory to TfL from time to time, against unauthorised or unlawful Processing of TfL Personal Data and against accidental loss, destruction of, or damage to such Personal Data including but not limited to the Security Policy and the Security Plan and shall procure its Sub-Contractors to do the same; 49.2.2 without prejudice to Clause 49.2.1, wherever the Service Provider uses any mobile or portable device for the transmission or storage of TfL Personal Data, ensure that each such device encrypts TfL Personal Data; 49.2.3 provide TfL with such information as TfL may from time to time require to satisfy itself of compliance by the Service Provider (and/or any authorised sub- contractor) with Clauses 49.2.1 and 49.