Privacy, Confidentiality and Ownership of Information. The Commonwealth is the designated owner of all Commonwealth data and shall approve all access to that data. The Vendor shall not have ownership of Commonwealth data at any time. The vendor shall not profit from or share Commonwealth data. The Vendor shall be in compliance with privacy policies established by governmental agencies or by state or federal law. Privacy notice statements may be developed and amended from time to time by the Commonwealth and will be appropriately displayed on the Commonwealth portal (Xx.xxx). The Vendor should provide sufficient security to protect the Commonwealth and COT data in network transit, storage, and cache. All Commonwealth data, including backups and archives, must be maintained at all times within the contiguous United States. All Commonwealth data, classified as sensitive or higher, as defined in Enterprise Standards, must be encrypted in-transit and at rest.
Appears in 7 contracts
Samples: Master Agreement, Master Agreement, Master Agreement
