Protection of Personally Identifiable Information. Except as otherwise provided by law, information or data that personally identifies an individual or individuals shall be protected in accordance with California Civil Code Sections 1798, et seq., and other relevant State or Federal statutes and regulations. The Parties shall comply with California Civil Code Sections 1798, et seq. and other relevant State or Federal statutes and regulations in safeguarding all such information or data which comes into their possession under this agreement in perpetuity, and shall not release or publish any such information or data except as permitted by law.
Protection of Personally Identifiable Information. Vendor shall safeguard and protect from disclosure at all times, and shall cause its employees, officers, agents, contractors, subcontractors and other representatives to safeguard and protect from disclosure at all times, all information about applicants for HEAP or ECIP benefits or members of Eligible Households receiving HEAP or ECIP benefits that could be used to determine or trace the identity of such applicants or members of Eligible Households, including but not limited to the information described in Section 15.A above (―Personally Identifiable Information‖). Vendor shall, without limitation, take the following steps to safeguard and protect Personally Identifiable Information from disclosure:
1. Put measures in place to prevent the loss, theft, misappropriation or inadvertent disclosure of Personally Identifiable Information, such as removing documents that contain Personally Identifiable Information from printers or fax machines, not leaving paperwork containing Personally Identifiable Information on desks or other work areas unattended, placing paperwork containing Personally Identifiable Information in a locked file at the end of the business day, and shredding documents containing Personally Identifiable Information that are no longer needed (unless required to be retained pursuant to this Agreement).
2. Encrypt all Personally Identifiable Information contained on computers, laptops, and other electronic devices or media used, in whole or in part, in providing services under or administering this Agreement, whether such Personally Identifiable Information is contained in spreadsheets, e-mails, attachments, or otherwise.
3. Send e-mail attachments only if encrypted or only through a secure e-mail server.
4. Make employees, officers, agents, contractors, subcontractors and other representatives of Vendor aware that the responsibility to safeguard and protect Personally Identifiable Information applies at all times, whether or not they are at a work location during normal business hours.
5. Limit disclosure of Personally Identifiable Information to only those persons who have a direct need to know the Personally Identifiable Information in order to provide deliveries of Home Energy and other services to Eligible Households under this Agreement, and advise them to take steps to safeguard and protect Personally Identifiable Information from inadvertent disclosure and not to disclose any Personally Identifiable Information to other persons. The prov...
Protection of Personally Identifiable Information. Care Solace does not own any of the student data or District-created data within its products. The data disclosed by the District, including Student PII within the products are property of, and under the control of the District, except for such data or Student PII that Care Solace receives directly from a student and/or student’s family. Care Solace cannot disclose any personally identifiable information (PII) from any of Care Solace software applications, except as otherwise permitted by this Agreement or as authorized in writing by a parent, guardian, or “eligible student” (as defined by XXXXX). Students who wish to retain possession and control their own data content should contact the District. If the District is unable to fulfill the request of the student, Care Solace shall provide reasonable assistance at the direction of the District and at no expense. Each Party agrees that it will use PII from education records only to meet the purpose or purposes of the Agreement. Under no circumstances will PII be shared with entities outside of the District, except as otherwise permitted by this Agreement, unless the requesting agency is the original custodian of said data, there is an applicable exception, and/or consent to release data is provided by the parent or student. In addition, students thirteen (13) and under are permitted to use this product through students’ accounts, with parental consent/authorization. All PII will be physically and virtually protected from breaches by way of physically securing the servers on which the data resides and utilizing technologies such as encryption and firewalls. Data will be encrypted in transmission and in storage using SSL (Secure Sockets Layer) and stored at no less than 128-bit level encryption. Each Party will perform internal privacy audits and maintain compliance with all federal and state regulations regarding privacy, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA), The Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act ("COPPA"), and Nevada Revised Statute 392.029, as applicable to such party. Each Party shall not use the shared data in any manner not permitted by appropriate governing federal and state regulations. Access to the information received by the District pursuant to this Agreement shall be limited to those with a need to access it for the specific purposes detailed in this Agreement. Each Party agrees to ...
Protection of Personally Identifiable Information. With respect to all Personally Identifiable Information described in Section 2.14(p) of the Disclosure Schedule, the Company has at all times taken reasonable steps (including, without limitation, implementing and monitoring compliance with adequate measures with respect to technical and physical security) to ensure that the Personally Identifiable Information is protected against loss and against unauthorized access, use, modification, disclosure or other misuse. To the Knowledge of the Company, there has been no unauthorized access to or other misuse of that Personally Identifiable Information.
Protection of Personally Identifiable Information. Information determined to be Personally Identifiable Information (PII) must be protected in accordance with relevant statutes, Office of Management and Budget (OMB) guidelines, and DOL and HHS regulations and policies. HHS Privacy Act regulations are found at 45 C.F.R. pt. 5b, and HHS policies regarding PII may be found at xxxx://xxx.XXX.xxx. DOL Privacy Act regulations are found at 29 C.F.R. pt. 71, and may be found at xxxx://xxx.XXX.xxx. For this MOU, all parties agree that PII must be protected in accordance with the Privacy Act of 1974, OMB Circular No. A-130, “Management of Federal Information Resources,” and each Agency’s regulations and policies. Transmission of data between Agencies will be in accordance with agreed-upon protocols which will, at a minimum, include the following requirements:
1. Data stored on removable media (CD, DVD, USB Flash Drives, etc.) must be protected using encryption products that are Federal Information Processing Standards (FIPS) 140-2 certified.
2. Passwords used in conjunction with FIPS 140-2 certified encryption must meet the current HHS password requirements (which at this time include a minimum of 8 characters with at least one uppercase letter, one lowercase letter, one numeral (numbers 0-9), and one special character (!@#$&)).
3. Transmission of removable media must be sent by express overnight service with signature and tracking required.
4. Data files containing PII that are being sent by e-mail must be encrypted with FIPS 140-2 certified encryption products.
5. Passwords used to encrypt data files must be sent separately from the encrypted data file (i.e., separate e-mail, telephone call, or separate letter).
6. Web sites established for the submission of information that includes PII must use FIPS 140-2 certified encryption methods.
7. Remote access to systems and databases that contain PII must use two-factor authentication for logon access control.
8. In addition to other reporting requirements, the loss, or suspected loss, of PII must be reported immediately upon discovery to:
(a) For HHS, the HHS PII Breach Response Team (xxxx://xxx.xxx.xxx/ocio/policy/20080001.003.html) and the DOL PII Breach Response Team.
(b) For DOL, the DOL PII Breach Response Team (xxxx://xxx.xxx.xxx/owcp/procedure-manual/privacy.pdf) and the HHS PII Breach Response Team.
Protection of Personally Identifiable Information. With respect to all Personally Identifiable Information, the Company and each of its Subsidiaries has at all times taken all commercially reasonable steps (including, without limitation, implementing and monitoring compliance with industry standard measures with respect to technical and physical security) to ensure that the Personally Identifiable Information is protected against damage, loss and against unauthorized access, use, modification, disclosure or other misuse. There has been no unauthorized access to or other misuse of that Personally Identifiable Information.
Protection of Personally Identifiable Information. The Company has at all times taken all steps reasonably necessary (including implementing and monitoring compliance with adequate measures with respect to technical and physical security) to ensure that all Personally Identifiable Information is protected against loss and against unauthorized access, use, modification, disclosure or other misuse. There has been no unauthorized access to or other misuse of that Personally Identifiable Information from employees of the Company. To the Knowledge of the Key Employees, there has been no unauthorized access to or other misuse of that Personally Identifiable Information from third parties. (r) Bugs and Defects. Schedule 4.18(r) of the Disclosure Schedules sets forth the Company’s current (as of the date hereof) list of known material bugs maintained by its development or quality control groups with respect to the Company Products and Company Technology. The Company has disclosed in writing to Buyer all information relating to any errors, bugs or defects with respect to any of the Company Products and Company Technology which adversely affects, or may reasonably be expected to materially and adversely affect, the value, functionality or fitness for the intended purpose of such Company Products or Company Technology. Without limiting the generality of the foregoing and unless specified otherwise in Schedule 4.18(r) of the Disclosure Schedules, (i) there have been and are no material defects, malfunctions or nonconformities in any of the Company Products and Company Technology; (ii) there have been, and are, no claims asserted against the Company or any of its customers or distributors related to the Company Products or Company Technology; and (iii) the Company has not been or is required to recall any Company Products or Company Technology.
Protection of Personally Identifiable Information. The Family Educational Rights and Privacy Act (“FERPA”) prohibits District school officials from disclosing personally identifiable information (“PII”) from education records of District students and families to third parties without parental consent. All users of the District’s system must comply with FERPA. Users should ensure that communications that include or attach confidential information are only sent to the intended recipients. Personal information such as home and school addresses, telephone numbers and full name should remain confidential when communicating on the system. Students should never reveal such information without permission from their teacher or other adult. Students should never make appointments to meet people in person that they have contacted on the system without District and parent permission. Students should notify their teacher or other adult whenever they come across information or messages that are dangerous, inappropriate, or make them feel uncomfortable. All staff and students (collectively “user” or “users”) will be assigned a Kettle Moraine School District (KMSD) Google Apps for Education account and will be accessing other Online Academic Service(s). A KMSD Google Apps for Education account allows staff and students to use Google Mail, Google Docs, and other Google applications and products for collaboration, communication, research and sharing. Online Academic Services include, but are not limited to, Google Apps for Education, Moodle, web-based math and literacy assessment software, skill-building games, content-focused video tutorials, and all other online digital resources. KMSD cannot and does not guarantee the security of electronic files located on Google systems or any other Online Academic Service system. It is the responsibility of the user to backup important documents or files. KMSD cannot assure that users will not be exposed to unsolicited information. Electronic communications are protected by the same laws and policies and are subject to the same limitations as other types of media. When creating, using or storing messages on the system, the user should consider both the personal ramifications and the impact on the District should the messages be disclosed or released to other parties. Extreme caution should be used when committing confidential information to the electronic messages, as confidentiality cannot be guaranteed. All electronic communications are subject to monitoring (see Privacy and Monitor...
Protection of Personally Identifiable Information. (a) With respect to any SpinCo Personally Identifiable Information, Merger Sub shall, and shall cause the Acquired Entities to, at all times implement and maintain reasonable and appropriate privacy measures and administrative, physical and technical security measures to safeguard the confidentiality, integrity, and availability of such SpinCo Personally Identifiable Information. Such privacy and security measures shall be compliant with applicable Law and applicable privacy policies and customer and consumer notifications. Merger Sub shall, and shall cause the Acquired Entities to, limit access to such SpinCo Personally Identifiable Information to those of its and the Acquired Entities’ Representatives who have a specific need for such access in order for Merger Sub and the Acquired Entities to perform their respective obligations and exercise their respective rights and remedies under this Agreement or to otherwise perform a legitimate business purpose, and shall not transfer or give access to any third party (other than any such Representative for such purposes) without the other party’s approval (not to be unreasonably withheld, conditioned or delayed).
(b) With respect to any Merger Sub Personally Identifiable Information, SpinCo shall, and shall cause the SpinCo Entities to, at all times implement and maintain reasonable and appropriate privacy measures and administrative, physical and technical security measures to safeguard the confidentiality, integrity, and availability of such Merger Sub Personally Identifiable Information. Such privacy and security measures shall be compliant with applicable Law and applicable privacy policies and customer and consumer notifications. SpinCo shall, and shall cause the SpinCo Entities to, limit access to such Merger Sub Personally Identifiable Information to those of its and the SpinCo Entities’ Representatives who have a specific need for such access in order for SpinCo and the SpinCo Entities to perform their respective obligations and exercise their respective rights and remedies under this Agreement or to otherwise perform a legitimate business purpose, and shall not transfer or give access to any third party (other than any such Representative for such purposes) without the other party’s approval (not to be unreasonably withheld, conditioned or delayed).
Protection of Personally Identifiable Information. Subrecipient agrees to treat as confidential all personally identifiable information created, obtained, or maintained during the Approved Services. "Personally identifiable information" refers to information or data which identifies or describes an individual. Personally identifiable information includes without limitation the individual's name; the names of the individual's family members; the individual's address; any personal identified such as the individual's social security number, driver ' s license number, employee number, or biometric record; other indirect identifies such as the individual 's date of birth, place of bi1th, or mother's maiden name; and other information that, alone or in combination, is linked or linkable to a specific individual that would allow a reasonable person without personal knowledge of the individual to identify the individual with reasonable certainty. Subrecipient shall protect and secure all personally identifiable information , and in the event of a breach to notify individuals affected and TEACH-FOR-ALL of such breach and the measures taken to prevent additional breaches, in accordance with all applicable federal, state, and local Subaward Agreement I 9 laws, including without limitation laws which regulate the use of funds allocated under the Authorizing Xxxxxxx and Implementing Regulations.
