Privacy, Confidentiality and Ownership of Information. The Commonwealth Office of Technology (COT) is the designated owner of all data and shall approve all access to that data. The vendor shall not have ownership of Commonwealth data at any time. The vendor shall be in compliance with privacy policies established by governmental agencies or by state or federal law. Privacy policy statements may be developed and amended from time to time by the Commonwealth and will be appropriately displayed on the Commonwealth portal (Xx.xxx). The vendor should provide sufficient security to protect the Commonwealth and COT data in network transit, storage, and cache. All data, including backups and archives, must be maintained at all times within the contiguous United States. All sensitive data, as defined in Enterprise Standards, must be encrypted in-transit and at rest.
Appears in 4 contracts
Samples: Attachment a Contract, Attachment a Contract, Attachment a Contract
