Common use of Personally Identifiable Information (PII); Security Clause in Contracts

Personally Identifiable Information (PII); Security. 1. If the Bond Counsel or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Contract, the Bond Counsel shall provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. The Bond Counsel shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors, and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof. 2. The Bond Counsel agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines. 3. The Bond Counsel agrees at all times to maintain reasonable network security that, at a minimum, includes a network firewall. 4. The Bond Counsel agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up-to-date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) The Bond Counsel agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules. 5. The Bond Counsel agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES. 6. In the event of a breach of PII or other sensitive data, the Bond Counsel must abide by provisions set forth in section 501.171, Fla. Stat. Additionally, the Bond Counsel must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; the Bond Counsel’s corrective action plan; and the timelines associated with the corrective action plan.

Personally Identifiable Information (PII); Security. 1. If the Bond Counsel TBA Program Administrator or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Contract, the Bond Counsel TBA Program Administrator shall provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. The Bond Counsel TBA Program Administrator shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors, and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof. 2. If the TBA Program Administrator or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Contract, the TBA Program Administrator shall be covered at all times by separate (standalone) cyber liability insurance coverage and shall provide to Florida Housing, at its written request, information for such cyber liability insurance coverage, including the limits available and retention levels. 3. The Bond Counsel TBA Program Administrator agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines. 34. The Bond Counsel TBA Program Administrator agrees at all times to maintain reasonable network security that, at a minimum, includes a network firewall. 45. The Bond Counsel TBA Program Administrator agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up-to-date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) The Bond Counsel TBA Program Administrator agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules. 56. The Bond Counsel TBA Program Administrator agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES. 67. If the TBA Program Administrator reasonably suspects that a cybersecurity event or breach of security has occurred, they must notify Florida Housing’s Contract Administrator within 72 hours. 8. In the event of a breach of PII or other sensitive data, the Bond Counsel TBA Program Administrator must abide by provisions set forth in section 501.171, Fla. Stat. Additionally, the Bond Counsel TBA Program Administrator must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; the Bond CounselTBA Program Administrator’s corrective action plan; and the timelines associated with the corrective action plan.

Personally Identifiable Information (PII); Security. 1. If the Bond Counsel Real Estate Broker or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Contract, the Bond Counsel Real Estate Broker shall provide for the security of such PII, in a form acceptable to Florida Housing, without limitation, non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections and audits. The Bond Counsel Real Estate Broker shall take full responsibility for the security of all data in its possession or in the possession of its subcontractors, and shall hold Florida Housing harmless for any damages or liabilities resulting from the unauthorized disclosure of loss thereof. 2. If the Real Estate Broker or any of its subcontractors may or will create, receive, store or transmit PII under the terms of this Contract, the Real Estate Broker shall provide Florida Housing with insurance information for stand-alone cyber liability coverage, including the limits available and retention levels. If the Real Estate Broker does not carry stand-alone cyber liability coverage, the Real Estate Broker agrees to indemnify costs related to notification, legal fees, judgments, settlements, forensic experts, public relations efforts, and loss of any business income related to this Contract. 3. The Bond Counsel Real Estate Broker agrees to maintain written policies and procedures for PII and/or data classification. This plan must include disciplinary processes for employees that violate these guidelines. 34. The Bond Counsel Real Estate Broker agrees at all times to maintain reasonable network security at all times that, at a minimum, includes a network firewall. 45. The Bond Counsel Real Estate Broker agrees to protect and maintain the security of data with protection security measures that include maintaining secure environments that are patched and up-to-date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, Common Vulnerabilities and Exposures (CVE) database, etc.) The Bond Counsel Real Estate Broker agrees that PII shall be appropriately destroyed based on the format stored upon the expiration of any applicable retention schedules. 56. The Bond Counsel Real Estate Broker agrees that any and all transmission or exchange of system application data with Florida Housing and/or any other parties shall take place via secure Advanced Encryption Standards (AES), e.g. HTTPS, FTPS, SFTP or equivalent means. All data stored as a part of backup and recovery processes shall be encrypted, using AES. 67. If the Real Estate Broker reasonably suspects that a cybersecurity event or breach of security has occurred, they must notify Florida Housing’s Contract Administrator within 48 hours. 8. In the event of a breach of PII or other sensitive data, the Bond Counsel Real Estate Broker must abide by provisions set forth in section 501.171, Fla. Stat. Additionally, the Bond Counsel Real Estate Broker must immediately notify Florida Housing in writing of the breach and any actions taken in response to such a breach. As the information becomes available the statement must include, at a minimum, the date(s) and number of records affected by unauthorized access, distribution, use, modification or disclosure of PII; the Bond CounselReal Estate Broker’s corrective action plan; and the timelines associated with the corrective action plan.