Information Security and Privacy. Information security is concerned with ensuring that only data is protected against unauthorised use. When such information is personally identifiable or sensitive, privacy concerns must be addressed in respect to collection, storage, usage and retention. Security must be considered for processes on the management and control plane where outcomes of such processes result in permissions to access data plane. Cross-layer management and control potentially includes commercially sensitive (e.g. number of users accessing a content resource), personally identifiable (e.g. Xxxxx is interested in comedy films) and sensitive information (x.x. Xxxx visited location X, Y and Z between 10:00 and 11:00).
Information Security and Privacy. 1.1. Consultant understands and agrees that, in the performance of the services under this Agreement, Consultant may have access to private or confidential information owned or controlled by City and that such information may contain confidential or proprietary details, the disclosure of which to third parties may be damaging to City.
1.2. Consultant’s provision of Hosted Services requires Consultant to collect information that may include confidential and private information from/or about third parties.
1.2.1. Consultant is not authorized by the Agreement to collect, store, disclose or otherwise handle data that is regulated or otherwise recognized by City as privacy data.
1.2.2. Consultant is authorized by the Agreement to collect, store, disclose or otherwise handle data that is regulated or otherwise recognized by City as Health Insurance Portability and Accountability Act (“HIPAA”) regulated data (including records and metadata). City, Consultant, and Consultant’s third-parties (Party) have obligations to protect the privacy and provide for the security of protected health information disclosed to Consultant and their third-parties under this Contract pursuant to HIPAA, the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), and regulations promulgated thereunder including 45 CFR Sections 160 and 164. City and Consultant agree to comply with the Business Associate Addendum (BAA), attached as Exhibit C and made a part of this Contract.
1.2.3. Consultant is authorized by the Agreement to collect, store, disclose or otherwise handle data that is regulated or otherwise recognized by City as privacy data but not Health Insurance Portability and Accountability Act (“HIPAA”) regulated data (including records and metadata). Vendor shall retain data only for deliberate, documented purposes. Vendor shall ensure that the longest retention period any privacy data is subject to dictates the end of that data’s business purpose defined by City and this Agreement
1.3. Consultant will store the information on a secure remote server using reasonable safeguards in accordance with the Security Standards of the Agreement codified in DATA SECURITY (Section 2 below) and Consultant’s published on-line privacy policies and in compliance with applicable laws, codes of practice, and other legal obligations associated with the collection, use, and disclosure of personal information. Consultant shall exercise the same standard of care to protect...
Information Security and Privacy. 9.1 This contract is for services that require Contractor Personnel to have access to FDIC facilities and/or FDIC information (“access” includes access to FDIC information in hard copy (paper) format or electronic format via FDIC information systems). Therefore, Contractor shall adhere to the following:
Information Security and Privacy. 2.1. Vendor will install and maintain a VPN connection for use in troubleshooting and updating the payment application hardware and operating system.
2.2. Vendor will install software provided by the City to interface with the City’s existing credit card clearinghouse service. Changes to the clearinghouse interface will be quoted separately.
2.3. Vendor must provide the City’s technical project lead with the administrator’s user name and password and a user list for all password protected computers, systems and equipment located in City property, offices and facilities.
2.4. Vendor must cooperate with the City in the instances regarding enterVo(Credit Pay) related audits. Additionally, Vendor must provide any required information or documentation for PCI audit only for items identified in attachment titled “Xxxxxxx & Xxxxxxxx PCI Responsibility Matrix”.
2.5. City data must remain confidential. City data cannot be used by the Vendor for reasons other than system implementation, maintenance, updates or troubleshooting services unless approved in writing by the City of San Xxxx.
2.6. Where such items are included in the Vendor’s Scope of Work, the Vendor must have an incident response plan in effect that covers processes and procedures for incidents such as, but not limited to,:
Information Security and Privacy. Consumers’ attention is specifically drawn to the provisions of this clause 5 in compliance with the requirements of section 49(1)(a).
5.1 In order to use the software the User shall make use of a username, password or other security mechanism as Med-e-Mass may prescribe from time to time. The User shall forthwith notify Med-e-Mass in writing of any unauthorised or fraudulent use of such username, password or security mechanism. The User indemnifies and shall hold Med-e-Mass and its representatives harmless, from any claims, losses, damages and expenses incurred or caused by any unauthorised or fraudulent use of the User’s username, password or security mechanism.
5.2 The User shall bear all the risks involved in the use of Internet applications, including the risks of exposure of sensitive or confidential information to persons for whom it was not intended, hacking, viruses, exposure to contaminated files and objectionable material, spamming, electronic fraud and other security risks. Med-e-Mass shall not be liable for any intrusion or hack to the software nor for any unauthorised access to the information or data stored or communicated by the User or any other person using the software or the services. It is the User’s own responsibility to ensure that only authorised persons have access to such information or data through adequate information security standards and procedures to be implemented and monitored by the User.
5.3 Med-e-Mass does not guarantee the non-exposure of personal information and, notwithstanding the terms of Med-e-Mass’s privacy policy, the User assumes the risk of any breaches of privacy.
5.4 The User gives Med-e-Mass permission to use data extracted from the System for comparative or commercial purposes as long as the identity of the User, a patient or member is not disclosed.
Information Security and Privacy. 4.1 Where the User is required to make use of a username, password or other security mechanism in order to use the software, the User shall notify Med-e-Mass in writing of any unauthorised or fraudulent use of such username, password or security mechanism. The User indemnifies and shall hold Med-e-Mass and its representatives harmless, from any claims, losses, damages and expenses caused by any unauthorised or fraudulent use of the User’s username, password or security mechanism.
4.2 Where the User is required to connect to the Internet in order to make use of the software, the User shall bear all the risks involved in the use of Internet applications, including the risks of exposure of sensitive or confidential information to persons for whom it was not intended, hacking, viruses, exposure to contaminated files and objectionable material, spamming, electronic fraud and other security risks. Med-e-Mass shall not be liable for any intrusion or hack to the software nor for any unauthorised access to the information or data stored or communicated by the User or any other person using the software or the services. It is the User’s own responsibility to ensure that only authorised persons have access to such information or data through adequate information security standards and procedures to be implemented and monitored by the User.
4.3 Med-e-Mass does not guarantee the non-exposure of personal information and, notwithstanding the terms of Med-e-Mass’s privacy policy, the User assumes the risk of any breaches of privacy.
4.4 The User gives Med-e-Mass permission to use data extracted from the HEALTH ONE system for comparative or commercial purposes as long as the identity of the User, the patient and member is not disclosed.
Information Security and Privacy. In accordance with Massachusetts regulation 201 CMR 17.00, if Contractor receives, stores, maintains, processes, or otherwise is permitted access to personal information through its provision of services under this Agreement, it shall comply with the provisions in the addendum attached hereto as Exhibit C.
Information Security and Privacy. (a) The Company acknowledges that the Purchaser is required to comply with the information security standards required by the Xxxxx-Xxxxx-Xxxxxx Act (15 U.S.C. 6801, 6805(b)(1)), as amended, and the regulations issued thereunder (12 C.F.R. Part 40) (collectively, the “GLB Act”) and with other statutory and regulatory requirements (collectively, “Privacy Laws”) as well as its internal information security program for information protection. If applicable, the Company shall make commercially reasonable efforts to assist the Purchaser to so comply and to conform to its own policies for information protection with applicable Privacy Laws, as amended from time to time. At the Purchaser’s request, the Company shall make commercially reasonable modifications to its information security program or to the procedures and practices thereunder to conform to the Purchaser’s security requirements as they exist from time to time.
(b) Within thirty (30) calendar days of the Purchaser’s written request, the Company shall deliver to the Purchaser’s information protection department a copy of its written information security program. The program shall be designed to:
(i) Ensure the security, integrity and confidentiality of Confidential Information;
(ii) Protect against any anticipated threats or hazards to the security or integrity of such Confidential Information;
(iii) Protect against unauthorized access to or use of such Confidential Information that could result in substantial harm or inconvenience to the person that is the subject of such information; and
(iv) Ensure the proper disposal of such Confidential Information.
Information Security and Privacy. Provides security incident response, digital forensics, and investigative services. Performs risk assessments on internal and third party solutions deemed mission critical and/or that handle sensitive information. Consultation available for security and privacy related matters. Also provides support for vulnerability management and security awareness training/outreach in the School of Medicine community.
Information Security and Privacy. 9.1 Privacy. Customer shall execute the Data Processing Addendum (“DPA”) available here and incorporated herein by this reference. Failure by Customer to execute the DPA may be grounds for Aircall to terminate the Services and/or the Agreement immediately and with no liability to Aircall. Aircall takes its Customer’s privacy seriously and shall use information provided by Customer in accordance with the terms contained herein and in the Site’s privacy policy available at https:/ xxxxxxx.xx/xxxxxxx/ (the “Aircall Privacy Policy”). The Customer acknowledges and agrees that it may place any inquiry or other type of communication related to information security and/or privacy (including, but not limited to, requests for personal data access or deletion) at xxxxxxx@xxxxxxx.xx or at Aircall’s customer support portal. Such inquiries will be handled by Aircall in accordance with the applicable laws.
