PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended.
13 A. DEFINITIONS
IDENTIFYING INFORMATION AND PRIVACY NOTIFICATION (a) FEDERAL EMPLOYER IDENTIFICATION NUMBER and/or FEDERAL SOCIAL SECURITY NUMBER. As a condition to NYSERDA’s obligation to pay any invoices submitted by Contractor pursuant to this Agreement, Contractor shall provide to NYSERDA its Federal employer identification number or Federal social security number, or both such numbers when the Contractor has both such numbers. Where the Contractor does not have such number or numbers, the Contractor must give the reason or reasons why the payee does not have such number or numbers.
Identifying Information and Privacy NOTIFICATION (a) Identification Number(s). Every invoice or New York State Claim for Payment submitted to a New York State agency by a payee, for payment for the sale of goods or services or for transactions (e.g., leases, easements, licenses, etc.) related to real or personal property must include the payee's identification number. The number is any or all of the following: (i) the payee’s Federal employer identification number, (ii) the payee’s Federal social security number, and/or (iii) the payee’s Vendor Identification Number assigned by the Statewide Financial System. Failure to include such number or numbers may delay payment. Where the payee does not have such number or numbers, the payee, on its invoice or Claim for Payment, must give the reason or reasons why the payee does not have such number or numbers.
Identifying Information Issuer and Broker acknowledge that a portion of the identifying information set forth on Exhibit A is being requested by NCPS in connection with the USA Patriot Act, Pub.L.107-56 (the “Act”). To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. For a non-individual person such as a business entity, a charity, a Trust, or other legal entity, we ask for documentation to verify its formation and existence as a legal entity. We may also ask to see financial statements, licenses, identification and authorization documents from individuals claiming authority to represent the entity or other relevant documentation.
Privacy and Personal Information (a) This clause 14 applies where this agreement amounts to a “service arrangement” under the Information Privacy Act 2009 (Qld).
(b) For the purpose of this clause 14, Personal Information has the meaning given in the Information Privacy Act 2009 (Qld).
(c) If the Recipient collects or has access to Personal Information in order to undertake the Activity, the Recipient must:
(i) comply with Parts 1 and 3 of Chapter 2 of the Information Privacy Act 2009 (Qld) in relation to the discharge of its obligations under this agreement (including its obligations regarding Reports), as if the Recipient was the Department;
(ii) ensure that Personal Information is protected against loss and against unauthorised access, use, modification, disclosure or other misuse;
(iii) not use Personal Information other than for the purposes of undertaking the Activity, unless required or authorised by law;
(iv) not disclose Personal Information without the consent of the Department, unless required or authorised by law;
(v) not transfer Personal Information outside of Australia without the consent of the Department;
(vi) ensure that access to Personal Information is restricted to those of the Recipient's employees and officers who require access in order to perform their duties;
(vii) ensure that the Recipient's officers and employees do not access, use or disclose Personal Information other than in the performance of their duties;
(viii) ensure that the Recipient's subcontractors who have access to Personal Information comply with obligations the same as those imposed on the the Recipient under this clause 14;
(ix) fully co-operate with the Department to enable the Department to respond to applications for access to, or amendment of a document containing an individual’s Personal Information and to privacy complaints; and
(x) comply with such other privacy and security measures as the Department reasonably advises the Recipient in writing from time to time.
(d) The Recipient must immediately notify the Department on becoming aware of any breach, suspected breach or complaint alleging something that would, if proved, be a breach of clause 14(c) and provide full details of the breach, suspected breach or complaint.
(e) On request by the Department, the Recipient must obtain from its Representatives engaged for the purposes of this agreement, an executed deed of privacy in a form acceptable to the Department.
Customer Identification Program Notice To help the U.S. government fight the funding of terrorism and money laundering activities, U.S. Federal law requires each financial institution to obtain, verify, and record certain information that identifies each person who initially opens an account with that financial institution on or after October 1, 2003. Certain of PNC’s affiliates are financial institutions, and PNC may, as a matter of policy, request (or may have already requested) the Fund’s name, address and taxpayer identification number or other government-issued identification number, and, if such party is a natural person, that party’s date of birth. PNC may also ask (and may have already asked) for additional identifying information, and PNC may take steps (and may have already taken steps) to verify the authenticity and accuracy of these data elements.
User Information Any user or usage data or information collected via Station’s digital properties or related to Station’s digital properties, or any information collected from websites operated by Station’s affiliates under this Agreement, shall be the property of Station and/or such affiliates. Advertiser shall have no rights in such information by virtue of this Agreement.
Line Information Database LIDB is a transaction-oriented database accessible through Common Channel Signaling (CCS) networks. For access to LIDB, ONS must purchase appropriate signaling links pursuant to Section 10 of this Attachment. LIDB contains records associated with End User Line Numbers and Special Billing Numbers. LIDB accepts queries from other Network Elements and provides appropriate responses. The query originator need not be the owner of LIDB data. LIDB queries include functions such as screening billed numbers that provides the ability to accept Collect or Third Number Billing calls and validation of Telephone Line Number based non-proprietary calling cards. The interface for the LIDB functionality is the interface between BellSouth’s CCS network and other CCS networks. LIDB also interfaces to administrative systems.
Personally Identifiable Information (PII); Security a. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee must provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. Grantee shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof.
b. If Grantee or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Agreement, Grantee shall provide Florida Housing with insurance information for stand-alone cyber liability coverage, including the limits available and retention levels. If Grantee does not carry stand-alone cyber liability coverage, Grantee agrees to indemnify costs related to notification, legal fees, judgments, settlements, forensic experts, public relations efforts, and loss of any business income related to this Agreement.
c. Grantee agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines.
d. Grantee agrees at all times to maintain reasonable network security that, at a minimum, includes a network firewall.
e. Grantee agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up to date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) Grantee agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules.
f. Grantee agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES.
g. If Grantee reasonably suspects that a cybersecurity event or breach of security has occurred, they must notify Florida Housing’s Contract Administrator within 48 hours.
h. In the event of a breach of PII or other sensitive data, Grantee must abide by provisions set forth in Section 501.171, Fla. Stat. Additionally, Grantee must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; Grantee’s corrective action plan; and the timelines associated with the corrective action plan.
Privacy of Customer Information Company Customer Information in the possession of the Agent, other than information independently obtained by the Agent and not derived in any manner from or using information obtained under or in connection with this Agreement, is and shall remain confidential and proprietary information of the Companies. Except in accordance with this Section 10.10, the Agent shall not use any Company Customer Information for any purpose, including the marketing of products or services to, or the solicitation of business from, Customers, or disclose any Company Customer Information to any Person, including any of the Agent’s employees, agents or contractors or any third party not affiliated with the Agent. The Agent may use or disclose Company Customer Information only to the extent necessary (i) for examination and audit of the Agent’s activities, books and records by the Agent’s regulatory authorities, (ii) to protect or exercise the Agent’s, the Custodian’s and the Lenders’ rights and privileges or (iii) to carry out the Agent’s, the Custodian’s and the Lenders’ express obligations under this Agreement and the other Facilities Papers (including providing Company Customer Information to Approved Investors), and for no other purpose; provided that the Agent may also use and disclose the Company Customer Information as expressly permitted by the relevant Company in writing, to the extent that such express permission is in accordance with the Privacy Requirements. The Agent shall take commercially reasonable steps to ensure that each Person to which the Agent intends to disclose Company Customer Information, before any such disclosure of information, agrees to keep confidential any such Company Customer Information and to use or disclose such Company Customer Information only to the extent necessary to protect or exercise the Agent’s, the Custodian’s and the Lenders’ rights and privileges, or to carry out the Agent’s, the Custodian’s and the Lenders’ express obligations, under this Agreement and the other Facilities Papers (including providing Company Customer Information to Approved Investors). The Agent agrees to maintain an Information Security Program and to assess, manage and control risks relating to the security and confidentiality of Company Customer Information pursuant to such program in the same manner as the Agent does so in respect of their own customers’ information, and shall implement the standards relating to such risks in the manner set forth in the Interagency Guidelines Establishing Standards for Safeguarding Company Customer Information set forth in 12 CFR Parts 30, 208, 211, 225, 263, 308, 364, 568 and 570. Without limiting the scope of the foregoing sentence, the Agent shall use at least the same physical and other security measures to protect all Company Customer Information in the Agent’s possession or control as the Agent uses for their own customers’ confidential and proprietary information.
