Safeguarding Protected Information. “Protected Information” means data, regardless of form, that has been designated as private, proprietary, protected, or confidential by law, policy, or the City. Protected Information includes, but is not limited to, employment records, protected health information, student records, education records, criminal justice information, personal financial records, research data, trade secrets, classified government information, other regulated data, and personally identifiable information as defined by §§ 24-73-101(4)(b) and 6-1- 716(1)(g)(I)(A), C.R.S., as amended. Protected Information shall not include public records that by law must be made available to the public pursuant to the Colorado Open Records Act § 24-72- 201, et seq., C.R.S. To the extent there is any uncertainty as to whether data constitutes Protected Information, the data in question shall be treated as Protected Information until a determination is made by the City or an appropriate legal authority. Unless the City provides security protection for the information it discloses to the Contractor, the Contractor shall implement and maintain reasonable security procedures and practices that are both appropriate to the nature of the Protected Information disclosed and that are reasonably designed to help safeguard Protected Information from unauthorized access, use, modification, disclosure, or destruction. Disclosure of Protected Information does not include disclosure to a third party under circumstances where the City retains primary responsibility for implementing and maintaining reasonable security procedures and practices appropriate to the nature of the Protected Information, and the City implements and maintains technical controls reasonably designed to safeguard Protected Information from unauthorized access, modification, disclosure, or destruction or effectively eliminate the third party's ability to access Protected Information, notwithstanding the third party's physical possession of Protected Information. If the Contractor has been contracted to maintain, store, or process personal information on the City’s behalf, the Contractor is a “Third-Party Service Provider” as defined by § 24-73-103(1)(i), C.R.S.
Appears in 2 contracts
Safeguarding Protected Information. “Protected Information” means data, regardless of form, that has been designated as private, proprietary, protected, or confidential by law, policy, or the City. Protected Information includes, but is not limited to, employment records, protected health information, student records, education records, criminal justice information, personal financial records, research data, trade secrets, classified government information, other regulated data, and personally identifiable information as defined by §§ 24-73-73- 101(4)(b) and 6-1- 1-716(1)(g)(I)(A), C.R.S., as amended. Protected Information shall not include public records that by law must be made available to the public pursuant to the Colorado Open Records Act § 2400-72- 20100-000, et seq., C.R.S. To the extent there is any uncertainty as to whether data constitutes Protected Information, the data in question shall be treated as Protected Information until a determination is made by the City or an appropriate legal authority. Unless the City provides security protection for the information it discloses to the Contractor, the Contractor shall implement and maintain reasonable security procedures and practices that are both appropriate to the nature of the Protected Information disclosed and that are reasonably designed to help safeguard Protected Information from unauthorized access, use, modification, disclosure, or destruction. Disclosure of Protected Information does not include disclosure to a third party under circumstances where the City retains primary responsibility for implementing and maintaining reasonable security procedures and practices appropriate to the nature of the Protected Information, and the City implements and maintains technical controls reasonably designed to safeguard Protected Information from unauthorized access, modification, disclosure, or destruction or effectively eliminate the third party's ability to access Protected Information, notwithstanding the third party's physical possession of Protected Information. If the Contractor has been contracted to maintain, store, or process personal information on the City’s behalf, the Contractor is a “Third-Third- Party Service Provider” as defined by § 24-73-103(1)(i), C.R.S.
Appears in 1 contract
Samples: Agreement
Safeguarding Protected Information. “Protected Information” means data, regardless of form, that has been designated as private, proprietary, protected, or confidential by law, policy, or the City. Protected Information includes, but is not limited to, employment records, protected health information, student records, education records, criminal justice information, personal financial records, research data, trade secrets, classified government information, other regulated data, and personally identifiable information as defined by §§ 24-73-101(4)(b) and 6-1- 716(1)(g)(I)(A), C.R.S., as amended. Protected Information shall not include public records that by law must be made available to the public pursuant to the Colorado Open Records Act § 24-72- 201, et seq., C.R.S. To the extent there is any uncertainty as to whether data constitutes Protected Information, the data in question shall be treated as Protected Information until a determination is made by the City or an appropriate legal authority. Unless the City provides security protection for the information it discloses to the ContractorSubrecipient, the Contractor Subrecipient shall implement and maintain reasonable security procedures and practices that are both appropriate to the nature of the Protected Information disclosed and that are reasonably designed to help safeguard Protected Information from unauthorized access, use, modification, disclosure, or destruction. Disclosure of Protected Information does not include disclosure to a third party under circumstances where the City retains primary responsibility for implementing and maintaining reasonable security procedures and practices appropriate to the nature of the Protected Information, and the City implements and maintains technical controls reasonably designed to safeguard Protected Information from unauthorized access, modification, disclosure, or destruction or effectively eliminate the third party's ability to access Protected Information, notwithstanding the third party's physical possession of Protected Information. If the Contractor Subrecipient has been contracted to maintain, store, or process personal information on the City’s behalf, the Contractor Subrecipient is a “Third-Party Service Provider” as defined by § 24-73-103(1)(i), C.R.S.
Appears in 1 contract
