Personally Identifiable Information (PII) Clause Samples

Personally Identifiable Information (PII). As previously referenced under SUBSECTION VII.D. RECORDKEEPING REQUIREMENTS and in accordance with 2 CFR 200.1 and 2 CFR 200.338, Personally Identifiable Information (PII) means information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. Protected PII means an individual’s first name or first initial and last name in combination with any one or more of types of information, including, but not limited to, social security number, passport number, credit card numbers, clearances, bank numbers, biometrics, date and place of birth, mother’s maiden name, criminal, medical and financial records, and educational transcripts. This does not include PII that is required by law to be disclosed. PII must always be safeguarded, even in instances of public records requests. No Federal awarding agency may place restrictions on the non-Federal entity that limits public access to the records of the non-Federal entity pertinent to a Federal award, except for protected PII or when the Federal awarding agency can demonstrate that such records will be kept confidential and would have been exempted from disclosure pursuant to the Freedom of Information Act (5 U.S.C. 552) or controlled unclassified information pursuant to Executive Order 13556 if the records had belonged to the Federal awarding agency. The SUBRECIPIENT certifies that they understand the PII definitions as noted above, and in accordance with their internal controls under 2 CFR 200.303, the SUBRECIPIENT must implement reasonable measures to safeguard Personally Identifiable Information (PII) and other sensitive data. These measures should form part of the SUBRECIPIENT's internal control framework to ensure compliance with federal regulations. The SUBRECIPIENT is responsible for maintaining appropriate safeguards to prevent unauthorized access, use, or disclosure of such information, consistent with cybersecurity best practices and the applicable federal, state, and local laws governing data protection. Additionally, the COUNTY, pursuant to the Federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a “covered entity,” as the law defines that term. Any “p...

Personally Identifiable Information (PII). If CONTRACTOR or any of its Subcontractors will or may receive PII under this CONTRACT, CONTRACTOR shall provide for the security of such PII, in a manner and form acceptable to the COUNTY, including, without limitation, non- disclosure requirements, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. CONTRACTOR shall be a “Third-Party Service Provider” as defined in C.R.S. § 24-73-101(1) (i) and shall maintain security procedures and practices consistent with C.R.S. §▇▇-▇▇-▇▇▇ and C.R.S. §▇▇-▇▇-▇▇▇. In the event CONTRACTOR incurs a data breach whereby it is reasonably believed that any of COUNTY’S PII either could have been, or was compromised, then CONTRACTOR shall immediately notify the COUNTY in writing and shall follow abide by C.R.S. § ▇▇-▇▇-▇▇▇ et seq.

Personally Identifiable Information (PII). A. “Personally Identifiable Information” (PII) means any information that identifies, relates to, describes, is reasonably capable of being associated with a particular individual or household, that is processed by Supplier pursuant to this Agreement, and that is deemed “personal data,” “personal information,” or the like under the Data Protection Laws. B. Data Protection Laws” means all applicable international, federal, state, provincial, and local laws, rules, regulations, directives, requirements, codes and industry standards and guidelines, relating to the privacy, confidentiality, integrity, protection, or security of PII. C. Any PII disclosed to Supplier or with which Supplier otherwise comes in contact while, as applicable, providing the Work will be deemed to be Confidential Information, regardless of whether it is labeled or designated as such. Supplier shall not: (i) use PII for any purpose other than as reasonably necessary to fulfill the terms of the Agreement; or (ii) make PII available to any employees, agents, subcontractors, or other party representatives except those with a need to know. D. Supplier shall implement appropriate measures to ensure the security and confidentiality of all PII in its and its subcontractors’ possession, including protecting against any threats or hazards to the security or integrity of the PII that Supplier should reasonably be able to anticipate, and against unauthorized access to or use of the PII. E. Notwithstanding any other provisions hereof, Supplier shall notify Purchaser within one (1) business day of becoming aware of any Breach of Security. “Breach of Security” shall mean unauthorized access to, acquisition of, or disclosure of, PII or any individual’s information which was held in the custody or control of Supplier or its subcontractors of any tier, agents or other representatives, or a reasonable belief by either party or its subcontractor of any tier, agent or representative that such unauthorized access, acquisition or disclosure has occurred. Supplier’s notice shall include the following: (i) date and time that Supplier discovered the Breach of Security and the date and time when the breach actually occurred, if discoverable; (ii) a detailed description of the Breach of Security; (iii) a list of the systems and data at risk, including a list of affected individuals; and (iv) a description of actions taken after the Breach of Security was discovered. Thereafter, Supplier shall provide Purchaser wi...

Personally Identifiable Information (PII). (The Privacy Act of 1974, E-Government Act of 2002 (P.L. 107-347), and AP Family – Authority and Purpose (Privacy Controls), NIST SP 800-53 rev. 4) Personally Identifiable Information (PII) is information used to distinguish or trace an individual’s identity, such as their name, Social Security Number, biometric records, alone or when combined with other personal or identifying information linked or linkable to a specific individual. An item such as date and place of birth, mother’s maiden name, or father’s surname is ▇▇▇, regardless of whether combined with other data.

Personally Identifiable Information (PII). Personally Identifiable Information (PII) is any data that could potentially be used to identify a particular person. For instance, this information could contain name and surname, house address, email address, birthday, phone number and geographic information. This is the type of information that must be taken into account to decide if the GDPR should be applied. Figure 29 depicts an example of PII.

Personally Identifiable Information (PII). If the Consultant or any of its Subconsultants will or may receive PII under this Agreement, Consultant shall provide for the security of such PII, in a manner and form acceptable to the County and PPRTA, including, without limitation, non-disclosure requirements, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. Consultant shall be a “Third-Party Service Provider” as defined in C.R.S. § 24-73-101(1) (i) and shall maintain security procedures and practices consistent with C.R.S. § ▇▇-▇▇-▇▇▇ and C.R.S. § ▇▇-▇▇-▇▇▇. In the event Consultant incurs a data breach whereby it is reasonably believed that any of County’s or PRTA’s PII either could have been, or was compromised, then Consultant shall immediately notify the County and PPRTA in writing and shall abide by C.R.S. § ▇▇-▇▇-▇▇▇ et seq.

Personally Identifiable Information (PII). Personal data or information that relates to a specific, identifiable, individual person, including Authority Personnel. For the avoidance of doubt, PII includes the following: (a) any government- issued identification numbers (e.g., Social Security, driver’s license, passport); (b) any financial account information, including account numbers, credit card numbers, debit card numbers, and other cardholder data; (c) CJIS; (d) Protected Health Information; (e) Biometric Information; (f) passwords or other access-related information associated with any user account; and (g) any other personal data defined as PII under the breach notification laws of the fifty states of the United States.

Personally Identifiable Information (PII). The following contract clause applies to all contracts and subawards regardless of dollar amount. Take reasonable measures to safeguard protected PII and other information DEA designates consistent with applicable Federal, state, and local laws regarding privacy and obligations of confidentiality.

Personally Identifiable Information (PII). As previously referenced under SUBSECTION VII.D. RECORDKEEPING REQUIREMENTS and in accordance with 2 CFR 200.1 and 2 CFR 200.338, Personally Identifiable Information (PII) means information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or Application # 300031 Project # DR10147 identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. Protected PII means an individual’s first name or first initial and last name in combination with any one or more of types of information, including, but not limited to, social security number, passport number, credit card numbers, clearances, bank numbers, biometrics, date and place of birth, mother’s maiden name, criminal, medical and financial records, and educational transcripts. This does not include PII that is required by law to be disclosed. PII must always be safeguarded, even in instances of public records requests. No Federal awarding agency may place restrictions on the non-Federal entity that limits public access to the records of the non-Federal entity pertinent to a Federal award, except for protected PII or when the Federal awarding agency can demonstrate that such records will be kept confidential and would have been exempted from disclosure pursuant to the Freedom of Information Act (5 U.S.C. 552) or controlled unclassified information pursuant to Executive Order 13556 if the records had belonged to the Federal awarding agency. The SUBRECIPIENT certifies that they understand the PII definitions as noted above, and in accordance with their internal controls under 2 CFR 200.303, the SUBRECIPIENT shall take reasonable measures to safeguard protected PII and other information HUD or the COUNTY designates as sensitive or the SUBRECIPIENT considers sensitive consistent with applicable Federal, state, and local laws regarding privacy and responsibility over confidentiality. Additionally, the COUNTY, pursuant to the Federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a “covered entity,” as the law defines that term. Any “personal health information” (PHI) as defined by the law that the COUNTY receives pursuant to this Agreement in connection with this project and its activities, as applicable, is subject to th...