Common use of Security and Privacy Compliance Clause in Contracts

Security and Privacy Compliance. 2.1. Developer shall keep all GLO Data received under the Contract and any documents related thereto strictly confidential. 2.2. Developer shall comply with all applicable federal and state privacy and data protection laws, as well as all other applicable regulations. 2.3. Developer shall implement administrative, physical, and technical safeguards to protect GLO Data that are no less rigorous than accepted industry practices including, without limitation, the guidelines in the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework Version 1. 1. All such safeguards shall comply with applicable data protection and privacy laws. 2.4. Developer will legally bind any contractor(s)/subcontractor(s) to the same requirements stated herein and obligations stipulated in the Contract and documents related thereto. Developer shall ensure that the requirements stated herein are imposed on any contractor/subcontractor of Developer’s subcontractor(s). 2.5. With the exception of contractors and subcontractors as they are addressed in Section 2.4, Developer will not share GLO Data with any third parties, except as necessary for Developer’s performance under the Contract and upon the express written consent of the GLO’s Information Security Officer or his/her authorized designee. 2.6. Developer will ensure that initial privacy and security training, and annual training, thereafter, is completed by its employees or contractor/subcontractors that have access to GLO Data or who create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle PII and/or SPI on behalf of the GLO. Developer shall maintain and, upon request, provide documentation of training completion.