Common use of SAFEGUARDING CONFIDENTIAL DATA Clause in Contracts

SAFEGUARDING CONFIDENTIAL DATA. Contractor shall use commercially reasonable efforts to safeguard data exchanged while servicing this Contract. (a) Confidential Data / Information (“Data”) shall include: (a) Purchaser’s data collected, used, processed, stored, or generate as the result of the use of the Services; (b) personally identifiable information (“PII”) collected, used, processed, stored, or generated as the result of the use of the Services, including without limitation, any information that identifies an individual, such as an individual’s social security number or other government issued identification number, date of birth, address, telephone number, biometric data, mother’s maiden name, email address, credit card information, or an individual’s name in combination with any other of the elements listed herein; and (c) protected health information (PHI) created, received, maintained or transmitted regarding the person or other individual utilizing Interpreter Services for translating needs (the “Client”), including the past, present, or future physical or mental health or conditions of Client, or the past, present, or future payment for provision of health care to Client, demographic information that identifies the Client or about which there is reasonable basis to believe can be used to identify the individual, information transmitted or held in any form or medium and includes Electronic Protected Health Information. Contractor shall not use or disclose any data concerning the Purchaser, the Client or Enterprise Service, or information which may be classified as confidential, for any purpose not directly related to administer this Contract, except with prior written consent of Enterprise Services, or as may be required by law. (b) Documents and Paper Management. Safeguard or shred any paper or documents containing Purchaser Data. (c) Contractor shall not use, publish, transfer, sell or otherwise disclose any Data gained by reason of this Contract for any purpose that is not directly connected with Contractor’s performance of the Services contemplated hereunder, except as provided by law; or, in the case of PII and PHI, with the prior written consent of the person or personal representative of the person who is the subject of the PII or PHI. (d) Contractor shall protect and maintain all Data gained by reason of this Contract against unauthorized use, access, disclosure, modification or loss. This duty requires the Contractor to employ commercially reasonable security measures to limiting or restricting access by, including but not limited to, the following means: (1) Allowing only the staff who have an authorized business requirement to view the Confidential Information. (2) Securing any computers, documents, or other physical media containing Confidential Information. (3) Ensuring the security of Confidential Information transmitted via fax (facsimile) by: ▪ Verifying the recipient phone number to prevent accidental transmittal of Confidential Information to unauthorized persons. ▪ Communicating with the intended recipient before transmission to ensure that the fax will be received only by an authorized person. ▪ Verifying post transmittal that the fax was received by the intended recipient. (4) When transporting records containing Confidential Information, outside a Secured Area, follow at least one or more of the following security procedures: ▪ Encrypt all Confidential Information ▪ Additional requirements by the Purchaser (5) Contractor shall return Data to Purchaser or, at Purchaser’s direction, destroy the Data employing secure methods and in accordance with NIST standards. If requested, Contractor shall certify in writing that secure measures were employed when destroying Data. Purchaser may require additional confirmation or alternate methods for destructing materials. (6) The compromise or potential compromise of Data must be reported to Purchaser Contact(s) immediately upon discovery. Contractor must also take actions to mitigate the risk of loss and comply with any notification or other requirements as required by Purchaser, or by law. (7) Contractor shall not record calls. Should a call get inadvertently recorded, the recording shall be destroyed immediately and Contractor shall notify Purchaser of the accidental recording and its destruction. Should Contractor conduct system updates, Contractor shall ensure that calls are not recorded.

SAFEGUARDING CONFIDENTIAL DATA. Contractor shall use commercially reasonable efforts to safeguard data exchanged while servicing this Contract. (a) Confidential Data / Information (“Data”) shall include: (a) Purchaser’s data collected, used, processed, stored, or generate as the result of the use of the Services; (b) personally identifiable information (“PII”) collected, used, processed, stored, or generated as the result of the use of the Services, including without limitation, any information that identifies an individual, such as an individual’s social security number or other government issued identification number, date of birth, address, telephone number, biometric data, mother’s maiden name, email address, credit card information, or an individual’s name in combination with any other of the elements listed herein; and (c) protected health information (PHI) created, received, maintained or transmitted regarding the person or other individual utilizing Interpreter Services for translating needs (the “Client”), including the past, present, or future physical or mental health or conditions of Clientclient, or the past, present, or future payment for provision of health care to Client, demographic information that identifies the Client client or about which there is reasonable basis to believe can be used to identify the individual, information transmitted or held in any form or medium and includes Electronic Protected Health Information. Contractor shall not use or disclose any data concerning the Purchaser, the Client or Enterprise Service, or information which may be classified as confidential, for any purpose not directly related to administer this Contract, except with prior written consent of Enterprise Services, or as may be required by law. (b) Documents and Paper Management. Safeguard or shred any paper or documents containing Purchaser Data. (c) Contractor shall not use, publish, transfer, sell or otherwise disclose any Data gained by reason of this Contract for any purpose that is not directly connected with Contractor’s performance of the Services contemplated hereunder, except as provided by law; or, in the case of PII and PHI, with the prior written consent of the person or personal representative of the person who is the subject of the PII or PHI. (d) Contractor shall protect and maintain all Data gained by reason of this Contract against unauthorized use, access, disclosure, modification or loss. This duty requires the Contractor to employ commercially reasonable security measures to limiting or restricting access by, including but not limited to, the following means: (1) Allowing only the staff who have an authorized business requirement to view the Confidential Information. (2) Securing any computers, documents, or other physical media containing Confidential Information. (3) Ensuring the security of Confidential Information transmitted via fax (facsimile) by: ▪ Verifying the recipient phone number to prevent accidental transmittal of Confidential Information to unauthorized persons. ▪ Communicating with the intended recipient before transmission to ensure that the fax will be received only by an authorized person. ▪ Verifying post transmittal that the fax was received by the intended recipient. (4) When transporting records containing Confidential Information, outside a Secured Area, follow at least one or more of the following security procedures: ▪ Encrypt all Confidential Information ▪ Additional requirements by the Purchaser (5) Contractor shall return Data to Purchaser or, at Purchaser’s direction, destroy the Data employing secure methods and in accordance with NIST standards. If requested, Contractor shall certify in writing that secure measures were employed when destroying Data. Purchaser may require additional confirmation or alternate methods for destructing materials. (6) The compromise or potential compromise of Data must be reported to Purchaser Contact(s) immediately upon discovery. Contractor must also take actions to mitigate the risk of loss and comply with any notification or other requirements as required by Purchaser, or by law. (7) Contractor shall not record calls. Should a call get inadvertently recorded, the recording shall be destroyed immediately and Contractor shall notify Purchaser of the accidental recording and its destruction. Should Contractor conduct system updates, Contractor shall ensure that calls are not recorded.

SAFEGUARDING CONFIDENTIAL DATA. Contractor shall use commercially reasonable efforts to safeguard data exchanged while servicing this Contract. (a) Confidential Data / Information (“Data”) shall include: (a) Purchaser’s data collected, used, processed, stored, or generate as the result of the use of the Services; (b) personally identifiable information (“PII”) collected, used, processed, stored, or generated as the result of the use of the Services, including without limitation, any information that identifies an individual, such as an individual’s social security number or other government issued identification number, date of birth, address, telephone number, biometric data, mother’s maiden name, email address, credit card information, or an individual’s name in combination with any other of the elements listed herein; and (c) protected health information (PHI) created, received, maintained or transmitted regarding the person or other individual utilizing Interpreter Services for translating needs (the “Client”), including the past, present, or future physical or mental health or conditions of Client, or the past, present, or future payment for provision of health care to Client, demographic information that identifies the Client or about which there is reasonable basis to believe can be used to identify the individual, information transmitted or held in any form or medium and includes Electronic Protected Health Information. Contractor shall not use or disclose any data concerning the Purchaser, the Client or Enterprise Service, or information which may be classified as confidential, for any purpose not directly related to administer this Contract, except with prior written consent of Enterprise Services, or as may be required by law. (b) Documents and Paper Management. Safeguard or shred any paper or documents containing Purchaser Data. (c) Contractor shall not use, publish, transfer, sell or otherwise disclose any Data gained by reason of this Contract for any purpose that is not directly connected with Contractor’s performance of the Services contemplated hereunder, except as provided by law; or, in the case of PII and PHI, with the prior written consent of the person or personal representative of the person who is the subject of the PII or PHI. (d) Contractor shall protect and maintain all Data gained by reason of this Contract against unauthorized use, access, disclosure, modification or loss. This duty requires the Contractor to employ commercially reasonable security measures to limiting or restricting access by, including but not limited to, the following means: (1) Allowing only the staff who have an authorized business requirement to view the Confidential Information. (2) Securing any computers, documents, or other physical media containing Confidential Information. (3) Ensuring the security of Confidential Information transmitted via fax (facsimile) by: ▪ Verifying the recipient phone number to prevent accidental transmittal of Confidential Information to unauthorized persons. ▪ Communicating with the intended recipient before transmission to ensure that the fax will be received only by an authorized person. ▪ Verifying post transmittal that the fax was received by the intended recipient.: (4) When transporting records containing Confidential Information, outside a Secured Area, follow at least one or more of the following security procedures: ▪ Encrypt all Confidential Information ▪ Additional requirements by the Purchaser (5) Contractor shall return Data to Purchaser or, at Purchaser’s direction, destroy the Data employing secure methods and in accordance with NIST standards. If requested, Contractor shall certify in writing that secure measures were employed when destroying Data. Purchaser may require additional confirmation or alternate methods for destructing materials. (6) The compromise or potential compromise of Data must be reported to Purchaser Contact(s) immediately upon discovery. Contractor must also take actions to mitigate the risk of loss and comply with any notification or other requirements as required by Purchaser, or by law. (7) Contractor shall not record calls. Should a call get inadvertently recorded, the recording shall be destroyed immediately and Contractor shall notify Purchaser of the accidental recording and its destruction. Should Contractor conduct system updates, Contractor shall ensure that calls are not recorded.

SAFEGUARDING CONFIDENTIAL DATA. Contractor shall use commercially reasonable efforts to safeguard data exchanged while servicing this Contract. (a) Confidential Data / Information (“Data”) shall include: (a) Purchaser’s data collected, used, processed, stored, or generate as the result of the use of the Services; (b) personally identifiable information (“PII”) collected, used, processed, stored, or generated as the result of the use of the Services, including without limitation, any information that identifies an individual, such as an individual’s social security number or other government issued identification number, date of birth, address, telephone number, biometric data, mother’s maiden name, email address, credit card information, or an individual’s name in combination with any other of the elements listed herein; and (c) protected health information (PHI) created, received, maintained or transmitted regarding the person or other individual utilizing Interpreter Services for translating needs (the “Client”), including the past, present, or future physical or mental health or conditions of Clientclient, or the past, present, or future payment for provision of health care to Client, demographic information that identifies the Client client or about which there is reasonable basis to believe can be used to identify the individual, information transmitted or held in any form or medium and includes Electronic Protected Health Information. Contractor shall not use or disclose any data concerning the Purchaser, the Client or Enterprise Service, or information which may be classified as confidential, for any purpose not directly related to administer this Contract, except with prior written consent of Enterprise Services, or as may be required by law. (b) Documents and Paper Management. Safeguard or shred any paper or documents containing Purchaser Data. (c) Contractor shall not use, publish, transfer, sell or otherwise disclose any Data gained by reason of this Contract for any purpose that is not directly connected with Contractor’s performance of the Services contemplated hereunder, except as provided by law; or, in the case of PII and PHI, with the prior written consent of the person or personal representative of the person who is the subject of the PII or PHI. (d) Contractor shall protect and maintain all Data gained by reason of this Contract against unauthorized use, access, disclosure, modification or loss. This duty requires the Contractor to employ commercially reasonable security measures to limiting or restricting access by, including but not limited to, the following means: (1) Allowing only the staff who have an authorized business requirement to view the Confidential Information. (2) Securing any computers, documents, or other physical media containing Confidential Information. (3) Ensuring the security of Confidential Information transmitted via fax (facsimile) by: ▪ Verifying the recipient phone number to prevent accidental transmittal of Confidential Information to unauthorized persons. ▪ Communicating with the intended recipient before transmission to ensure that the fax will be received only by an authorized person. ▪ Verifying post transmittal that the fax was received by the intended recipient. (4) When transporting records containing Confidential Information, outside a Secured Area, follow at least one or more of the following security procedures: ▪ Encrypt all Confidential Information ▪ Additional requirements by the Purchaser (5) Contractor shall return Data to Purchaser or, at Purchaser’s direction, destroy the Data employing secure methods and in accordance with NIST standards. If requested, Contractor shall certify in writing that secure measures were employed when destroying Data. Purchaser may require additional confirmation or alternate methods for destructing materials. (6) The compromise or potential compromise of Data must be reported to Purchaser Contact(s) immediately upon discovery. Contractor must also take actions to mitigate the risk of loss and comply with any notification or other requirements as required by Purchaser, or by law. (7) Contractor shall not record calls. Should a call get inadvertently recorded, the recording shall be destroyed immediately and Contractor shall notify Purchaser of the accidental recording and its destruction. Should Contractor conduct system updates, Contractor shall ensure that calls are not recorded.

SAFEGUARDING CONFIDENTIAL DATA. Contractor shall use commercially reasonable efforts to safeguard data exchanged while servicing this Master Contract. (a) Confidential Data / Information (“Data”) shall include: (a) Purchaser’s data collected, used, processed, stored, or generate as the result of the use of the Services; (b) personally identifiable information (“PII”) collected, used, processed, stored, or generated as the result of the use of the Services, including without limitation, any information that identifies an individual, such as an individual’s social security number or other government issued identification number, date of birth, address, telephone number, biometric data, mother’s maiden name, email address, credit card information, or an individual’s name in combination with any other of the elements listed herein; and (c) protected health information (PHI) created, received, maintained or transmitted regarding the person or other individual utilizing Interpreter Services for translating needs (the “Client”), including the past, present, or future physical or mental health or conditions of Clientclient, or the past, present, or future payment for provision of health care to Client, demographic information that identifies the Client client or about which there is reasonable basis to believe can be used to identify the individual, information transmitted or held in any form or medium and includes Electronic Protected Health Information. Contractor shall not use or disclose any data concerning the Purchaser, the Client or Enterprise Service, or information which may be classified as confidential, for any purpose not directly related to administer this Master Contract, except with prior written consent of Enterprise Services, or as may be required by law. (b) Documents and Paper Management. Safeguard or shred any paper or documents containing Purchaser Data. (c) Contractor shall not use, publish, transfer, sell or otherwise disclose any Data gained by reason of this Master Contract for any purpose that is not directly connected with Contractor’s performance of the Services contemplated hereunder, except as provided by law; or, in the case of PII and PHI, with the prior written consent of the person or personal representative of the person who is the subject of the PII or PHI. (d) Contractor shall protect and maintain all Data gained by reason of this Master Contract against unauthorized use, access, disclosure, modification or loss. This duty requires the Contractor to employ commercially reasonable security measures to limiting or restricting access by, including but not limited to, the following means: (1) Allowing only the staff who have an authorized business requirement to view the Confidential Information. (2) Securing any computers, documents, or other physical media containing Confidential Information. (3) Ensuring the security of Confidential Information transmitted via fax (facsimile) by: ▪ Verifying the recipient phone number to prevent accidental transmittal of Confidential Information to unauthorized persons. persons.‌ ▪ Communicating with the intended recipient before transmission to ensure that the fax will be received only by an authorized person. ▪ Verifying post transmittal that the fax was received by the intended recipient. (4) When transporting records containing Confidential Information, outside a Secured Area, follow at least one or more of the following security procedures: ▪ Encrypt all Confidential Information ▪ Additional requirements by the Purchaser (5) Contractor shall return Data to Purchaser or, at Purchaser’s direction, destroy the Data employing secure methods and in accordance with NIST standards. If requested, Contractor shall certify in writing that secure measures were employed when destroying Data. Purchaser may require additional confirmation or alternate methods for destructing materials. (6) The compromise or potential compromise of Data must be reported to Purchaser Contact(s) immediately upon discovery. Contractor must also take actions to mitigate the risk of loss and comply with any notification or other requirements as required by Purchaser, or by law. (7) Contractor shall not record calls. Should a call get inadvertently recorded, the recording shall be destroyed immediately and Contractor shall notify Purchaser of the accidental recording and its destruction. Should Contractor conduct system updates, Contractor shall ensure that calls are not recorded.