Personal Information; Information Security. (a) Each of the Transfer Agent and BFDS acknowledges that the Funds and CDI are subject to the requirements of Regulation S-P promulgated by the SEC, as from time to time amended, including 17 CFR 248.30 regarding procedures to safeguard customer records and information, including Customer Data, and the disposal of consumer report information and records. Each of the Funds, CSSI and CDI acknowledges that the Transfer Agent and BFDS are subject to 17 CFR 248.30(b) of Regulation S-P regarding the disposal of consumer report information and records. Accordingly, BFDS, as the designated service provider for the Transfer Agent, shall develop and maintain (in furtherance of all of the services provided under this Agreement) policies and procedures for safeguarding any Fund or CDI Customer Data received, processed, stored or disposed of by BFDS constituting customer records and information (including, without limitation, any Customer NPI and consumer report information) (collectively, "personal information"). BFDS shall cause such policies and procedures to be reasonably designed to (i) ensure the security and confidentiality of the personal information; (ii) protect against anticipated threats or hazards to the security and integrity of the personal information; and (iii) protect against unauthorized access to or use of the personal information that could result in substantial harm or inconvenience to any customer of a Fund or CDI, as applicable. From time to time, in accordance with its own review or in response changes in applicable law, BFDS shall revise such policies and procedures in order that the services provided by BFDS hereunder are consistent with any law, rule or regulation applicable to its transfer agency business. (b) At the request of a Fund, CSSI or CDI, as applicable, and not less than once during each year of the term of this Agreement, the Transfer Agent and/or BFDS shall meet with the Fund, CSSI and CDI, as applicable, and deliver to the Fund, CSSI and CDI a presentation regarding the policies and procedures in place under Section 7.7(a) of this Agreement. On an annual basis, BFDS shall provide to the Fund, CSSI and CDI, as applicable, upon request, an agreed upon procedures report (or any successor report) of a third party independent auditing firm that shall address, among other topics, BFDS' compliance with policies and procedures for safeguarding personal information including Customer Data. (c) In performing the Data Access Services or any other services under this Agreement, the Transfer Agent shall cause its services to be performed pursuant to the BFDS policies and procedures then in effect (as developed pursuant to Section 7.7(a) above). The Transfer Agent shall report to a Fund, CSSI or CDI, as applicable, as soon as practicable under the circumstances, any incidents occurring which involve the subject matter of those policies and procedures (including, but not limited to, the improper release of personal information, the unauthorized access to personal information, any unauthorized access to personal information or the discovery of a material weakness in the procedures in place under Section 7.7(a) that could subject personal information to unauthorized access or release) and cooperate with the Fund, CSSI or CDI, as applicable, in conducting any related investigation activities, regulatory examinations or remedial changes; provided, however, that any such remedial changes are reasonably acceptable to the Transfer Agent or BFDS, as applicable.
Appears in 8 contracts
Samples: Master Transfer Agency and Service Agreement (Calvert Cash Reserves), Master Transfer Agency and Service Agreement (Calvert Fund), Master Transfer Agency and Service Agreement (Calvert Variable Series Inc)