Privacy and Security Requirements. The parties to the CPA Agreement are required to protect the Confidential Information in accordance with applicable direction and guidelines from the Treasury Board of Canada, or their equivalent in the case of the CPA, with respect to the protection of “Protected B” data, including guidance from CSE (ITSG-33) which aligns with the ISO 27001 framework. Further as a federal government institution, the CPA acknowledges that the Trust is subject to the Access to Information Act (Canada) and the Privacy Act (Canada) and therefore the CPA agrees to submit to whatever reasonable measures are necessary in order to ensure that the Trust can comply with these laws and their related regulations, policies, and directives (“ATIP Legislation”). As such, the CPA agrees: (i) to protect any Personal Information that it may access through the course of providing CPA Services under this CPA Agreement in a manner that is compatible with provisions of ATIP Legislation; and (ii) that it has in place appropriate privacy protection measures to safeguard all the Confidential Information that it has access to under this CPA Agreement. More specifically, the CPA shall, as required by the provisions of Section 12.10 of this CPA Agreement, comply with the security requirements described below at all times.
Privacy and Security Requirements. Blue Shield must adhere to the terms and conditions in the Information Privacy and Security Requirements which are incorporated as Exhibit E to this Agreement.
Privacy and Security Requirements. If the Contractor is a “Business Associate” as defined at 45 C.F.R. § 160.103, it must comply with the privacy and security requirements for functioning as a “business associate” of the Department or as a “covered entity” under HIPAA and HITECH. In addition to executing this Contract, the Contractor must execute the Business Associate Agreement attached to this Contract as Attachment 6.
Privacy and Security Requirements. (a) Business Associate will implement appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to Electronic Protected Health Information, to prevent Use or Disclosure of Protected Health Information other than as permitted in this Agreement.
(b) To the extent Business Associate carries out one or more obligations of Covered Entity under the HIPAA Rule, Business Associate shall comply with the applicable provisions of the HIPAA Rule as if such Use or Disclosure were made by Covered Entity.
(c) In accordance with 45 CFR §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, Business Associate agrees to ensure any Subcontractors that create, receive, maintain or transmit Protected Health Information on behalf of Business Associate agree to the same restrictions, conditions, and requirements that apply to Business Associate with respect to such information.
Privacy and Security Requirements. (Continued)
Privacy and Security Requirements. (a) Xxxxxx+Gyr, including its staff or any individual otherwise acting on behalf of the company, shall access and Process Customer’s Personal Data only on a need-to-know basis and only to the extent necessary to perform this Support Agreement or Customer’s further written instructions.
(b) Xxxxxx+Gyr shall use technical and organizational measures that meet industry standards to ensure the security and confidentiality of Customer’s Personal Data in order to prevent, among other things, accidental, unauthorized or unlawful destruction, modification, disclosure, access or loss.
(c) Xxxxxx+Gyr shall notify Customer no later than 72 hours after being made aware of any suspected or actual Security Breach involving any Customer’s Personal Data. Xxxxxx+Gyr shall also provide Customer with a description of the Security Breach, the type of data that was the subject of the Security Breach, the identity of each affected person, and any other information Customer may reasonably request concerning such affected persons and the details of the breach, as soon as such information can be collected or otherwise becomes available. Xxxxxx+Xxx agrees to promptly to take action, at its own expense, to investigate the Security Breach and to identify, prevent and mitigate the effects of any such Security Breach, and to carry out any recovery or other action (e.g., mailing statutory notices) necessary to remedy the Security Breach. The content of any filings, communications, notices, press releases, or reports related to any Security Breach (“Notices”) will be approved by Xxxxxx+Gyr prior to any publication or communication thereof to any third party. Xxxxxx+Gyr shall pay for or reimburse Customer for all costs, losses and expenses relating to any Security Breach, including without limitation, the cost of Notices, legal fees and any credit monitoring services if applicable.
(d) Upon termination of this Support Agreement, for whatever reason, Xxxxxx+Gyr shall stop the Processing of Customer’s Personal Data, unless instructed otherwise by Customer, and these undertakings shall remain in force until such time as Xxxxxx+Gyr no longer possesses Customer’s Personal Data.
Privacy and Security Requirements. All visitors to the Premises, including but not limited to employees, officers, contractors, or vendors of the Lessor or other building tenants shall read and sign the most current DHHS Privacy & Security Safeguards Attestation, which is attached hereto as Exhibit E – 2024 Privacy Security Attestation Form and incorporated herein by reference as if set forth in full, before entering the Premises.
Privacy and Security Requirements. Contractor and its employees, agents and subcontractors shall comply with laws, regulations, and plicies governing access to and use of Agency Data, Privacy and Security Requirements, as they are stated elsewhere in this Contract, and as such laws, regulations, and policies are updated or otherwise made available to Contractor.
Privacy and Security Requirements. Contractor’s obligations under this Contract include the requirements of this exhibit.
Privacy and Security Requirements. Customer will comply with all applicable laws concerning the Enformion Products, including without limitation applicable laws regulating how an organization manages, protects and distributes confidential information and laws restricting the collection, use, disclosure, processing and free movement of personal information (collectively, the “Privacy Regulations”). The Privacy Regulations include, to the extent applicable, the Federal “Privacy of Consumer Financial Information” Regulation (12 CFP Part 40) and Interagency Guidelines Establishing Information Security Standards (App B to 12 CFR Part 30), as amended from time to time, issued pursuant to the GLBA. Customer expressly agrees that it will comply with the use requirements applicable pursuant to the GLBA and similar laws, including without limitation each of the permissible use requirements set forth on Exhibit C attached hereto. Customer will maintain all appropriate administrative, physical and technological processes and equipment to store and protect the Enformion Products in a secure manner, including without limitation, maintaining an information security program that is designed to protect information processing system(s) and media containing the Enformion Products from internal and external security threats, and the Enformion Products from unauthorized use or disclosure. In addition and to the extent applicable, Customer specifically agrees to comply with each of the security requirements set forth on Exhibit B attached hereto. Enformion may, from time to time, provide written notice to Customer of updates to the security requirements set forth on Exhibit B, and Customer will comply with the updated security requirements following a mutually agreed upon and reasonable period of time. Customer acknowledges and agrees that Customer has an ongoing obligation to protect and preserve the confidentiality, privacy, security and integrity of the Enformion Products, and the standards embodied in this Agreement are merely minimum standards of conduct for Customer in furtherance of the foregoing continuing obligation.
