Common use of Protection of County Data Clause in Contracts

Protection of County Data. If CONTRACTOR will be processing and storing the COUNTY’s data in an offsite location, such as a cloud service site, cloud storage site, hosted application site, or hosted storage site, CONTRACTOR shall guarantee that such data is encrypted using an encryption algorithm that meets the current US Department of Defense minimum requirements in order to protect COUNTY data against a breach of protected data if lost or stolen. All offsite cloud applications and storage systems utilized by CONTRACTOR shall be located in the United States, which includes any backup and failover facilities. Application and storage solutions in any foreign location is prohibited. All desktop and laptop computers, as well other similar type computer systems, used by CONTRACTOR shall be encrypted using the same encryption algorithm described above. All data in transit shall require the same encryption. Storage of COUNTY data on removable portable storage is prohibited. Upon termination of this agreement, CONTRACTOR shall purge all COUNTY data from all CONTRACTOR systems using a forensic grade deletion that conforms to US Department of Defense DoD 5220.22-M (E) standards. CONTRACTOR shall reimburse the COUNTY for all associated costs of a breach, including but not limited to reporting costs and associated penalties the COUNTY must bear.