Common use of Security and Safeguarding Information Clause in Contracts

Security and Safeguarding Information. (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (“FTC”) (the “Safeguards Rule”). Additionally, state specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that: (i) It will use commercially reasonable efforts to safeguard and protect the confidentiality of any Confidential Information and agrees, warrants, and represents that it has or will implement and maintain appropriate safeguards designed to safeguard and protect the confidentiality of any Confidential Information. (ii) It will not disclose or use Confidential Information provided except for the purposes as set in the Agreement, including as permitted under the Act and its implementing regulations, or other applicable law. (iii) It acknowledges that the providing party is required by the Safeguards Rule to take reasonable steps to assure itself that its service providers maintain sufficient procedures to detect and respond to security breaches, and maintain reasonable procedures to discover and respond to widely-known security failures by its service providers. It agrees to furnish to the providing party that appropriate documentation to provide such assurance. (iv) It understands that the FTC may, from time to time, issue amendments to and interpretations of its regulations implementing the provisions of the Act, and that pursuant to its regulations, either or both of the parties hereto may be required to modify their policies and procedures regarding the collection, use, protection, and/or dissemination of Non-Public Personal Information. Additionally, states may issue amendments to and interpretations of existing regulations, or may issue new regulations, which both of the parties hereto may be required to modify their policies and procedures. To the extent such regulations are so amended or interpreted, each party hereto agrees to use reasonable efforts to adjust the Agreement in order to comply with any such new requirements. (v) By the signing of this Agreement, each party certifies that it has a written, comprehensive information security program that is in compliance with federal and state laws that are applicable to its respective organization and the types of Confidential Information it receives. (b) The Asset Representations Reviewer represents and warrants that it has, and will continue to have, adequate administrative, technical, and physical safeguards designed to (i) protect the security, confidentiality and integrity of Non-Public Personal Information, (ii) ensure against anticipated threats or hazards to the security or integrity of Non-Public Personal Information, (iii) protect against unauthorized access to or use of Non-Public Personal Information and (iv) otherwise comply with its obligations under this Agreement. These safeguards include a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection and data transmission protection) and physical security measures. (c) Asset Representations Reviewer will promptly notify Servicer in the event it becomes aware of any unauthorized or suspected acquisition of data or Confidential Information that compromises the security, confidentiality or integrity of Servicer’s Confidential Information, whether internal or external. The disclosure will include the date and time of the breach along with specific information compromised along with the monitoring logs, to the extent then known. The Asset Representations Reviewer will use commercially reasonable efforts to take remedial action to resolve such breach. (d) The Asset Representations Reviewer will cooperate with and provide information to the Issuer and the Servicer regarding the Asset Representations Reviewer’s compliance with this Section 4.9.

Security and Safeguarding Information. (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (the “FTC”) (the “Safeguards Rule”). Additionally, state State specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state State specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state State specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that: (i) It will use commercially reasonable efforts to safeguard and protect the confidentiality of any Confidential Information and agrees, warrants, and represents that it has or will implement and maintain appropriate safeguards designed to safeguard and protect the confidentiality of any Confidential Information. (ii) It will not disclose or use Confidential Information provided except for the purposes as set in the Agreement, including as permitted under the Act and its implementing regulations, or other applicable law. (iii) It acknowledges that the providing party is required by the Safeguards Rule to take reasonable steps to assure itself that its service providers maintain sufficient procedures to detect and respond to security breaches, and maintain reasonable procedures to discover and respond to widely-known security failures by its service providers. It agrees to furnish to the providing party that appropriate documentation to provide such assurance. (iv) It understands that the FTC may, from time to time, issue amendments to and interpretations of its regulations implementing the provisions of the Act, and that pursuant to its regulations, either or both of the parties hereto may be required to modify their policies and procedures regarding the collection, use, protection, and/or dissemination of Non-Public Personal Information. Additionally, states States may issue amendments to and interpretations of existing regulations, or may issue new regulations, which both of the parties hereto may be required to modify their policies and procedures. To the extent such regulations are so amended or interpreted, each party hereto agrees to use reasonable efforts to adjust the Agreement in order to comply with any such new requirements. (v) By the signing of this Agreement, each party certifies that it has a written, comprehensive information security program that is in compliance with federal and state State laws that are applicable to its respective organization and the types of Confidential Information it receives. (b) The Asset Representations Reviewer represents and warrants that it has, and will continue to have, adequate administrative, technical, and physical safeguards designed to (i) protect the security, confidentiality and integrity of Non-Public Personal Information, (ii) ensure against anticipated threats or hazards to the security or integrity of Non-Public Personal Information, (iii) protect against unauthorized access to or use of Non-Public Personal Information and (iv) otherwise comply with its obligations under this Agreement. These safeguards include a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection and data transmission protection) and physical security measures. (c) The Asset Representations Reviewer will promptly notify the Servicer in the event it becomes aware of any unauthorized or suspected acquisition of data or Confidential Information that compromises the security, confidentiality or integrity of Servicer’s Confidential Information, whether internal or external. The disclosure will include the date and time of the breach along with specific information compromised along with the monitoring logs, to the extent then known. The Asset Representations Reviewer will use commercially reasonable efforts to take remedial action to resolve such breach. (d) The Asset Representations Reviewer will cooperate with and provide information to the Issuer and the Servicer regarding the Asset Representations Reviewer’s compliance with this Section 4.9.

Security and Safeguarding Information. (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (the “FTC”) (the “Safeguards Rule”). Additionally, state specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that: (i) It will use commercially reasonable efforts to safeguard and protect the confidentiality of any Confidential Information and agrees, warrants, and represents that it has or will implement and maintain appropriate safeguards designed to safeguard and protect the confidentiality of any Confidential Information. (ii) It will not disclose or use Confidential Information provided except for the purposes as set in the Agreement, including as permitted under the Act and its implementing regulations, or other applicable law. (iii) It acknowledges that the providing party is required by the Safeguards Rule to take reasonable steps to assure itself that its service providers maintain sufficient procedures to detect and respond to security breaches, and maintain reasonable procedures to discover and respond to widely-known security failures by its service providers. It agrees to furnish to the providing party that appropriate documentation to provide such assurance. (iv) It understands that the FTC may, from time to time, issue amendments to and interpretations of its regulations implementing the provisions of the Act, and that pursuant to its regulations, either or both of the parties hereto may be required to modify their policies and procedures regarding the collection, use, protection, and/or dissemination of Non-Public Personal Information. Additionally, states may issue amendments to and interpretations of existing regulations, or may issue new regulations, which both of the parties hereto may be required to modify their policies and procedures. To the extent such regulations are so amended or interpreted, each party hereto agrees to use reasonable efforts to adjust the Agreement in order to comply with any such new requirements. (v) By the signing of this Agreement, each party certifies that it has a written, comprehensive information security program that is in compliance with federal and state laws that are applicable to its respective organization and the types of Confidential Information it receives. (b) The Asset Representations Reviewer represents and warrants that it has, and will continue to have, adequate administrative, technical, and physical safeguards designed to (i) protect the security, confidentiality and integrity of Non-Public Personal Information, (ii) ensure against anticipated threats or hazards to the security or integrity of Non-Public Personal Information, (iii) protect against unauthorized access to or use of Non-Public Personal Information and (iv) otherwise comply with its obligations under this Agreement. These safeguards include a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection and data transmission protection) and physical security measures. (c) The Asset Representations Reviewer will promptly notify the Servicer in the event it becomes aware of any unauthorized or suspected acquisition of data or Confidential Information that compromises the security, confidentiality or integrity of Servicer’s Confidential Information, whether internal or external. The disclosure will include the date and time of the breach along with specific information compromised along with the monitoring logs, to the extent then known. The Asset Representations Reviewer will use commercially reasonable efforts to take remedial action to resolve such breach. (d) The Asset Representations Reviewer will cooperate with and provide information to the Issuer and the Servicer regarding the Asset Representations Reviewer’s compliance with this Section 4.9.

Security and Safeguarding Information. (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (“FTC”) (the “Safeguards Rule”). Additionally, state specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that: (i) It will use commercially reasonable efforts to safeguard and protect the confidentiality of any Confidential Information and agrees, warrants, and represents that it has or will implement and maintain appropriate safeguards designed to safeguard and protect the confidentiality of any Confidential Information. (ii) It will not disclose or use Confidential Information provided except for the purposes as set in the Agreement, including as permitted under the Act and its implementing regulations, or other applicable law. (iii) It acknowledges that the providing party is required by the Safeguards Rule to take reasonable steps to assure itself that its service providers maintain sufficient procedures to detect and respond to security breaches, and maintain reasonable procedures to discover and respond to widely-known security failures by its service providers. It agrees to furnish to the providing party that appropriate documentation to provide such assurance. (iv) It understands that the FTC may, from time to time, issue amendments to and interpretations of its regulations implementing the provisions of the Act, and that pursuant to its regulations, either or both of the parties hereto may be required to modify their policies and procedures regarding the collection, use, protection, and/or dissemination of Non-Public Personal Information. Additionally, states may issue amendments to and interpretations of existing regulations, or may issue new regulations, which both of the parties hereto may be required to modify their policies and procedures. To the extent such regulations are so amended or interpreted, each party hereto agrees to use reasonable efforts to adjust the Agreement in order to comply with any such new requirements. (v) By the signing of this Agreement, each party certifies that it has a written, comprehensive information security program that is in compliance with federal and state laws that are applicable to its respective organization and the types of Confidential Information it receives. (b) The Asset Representations Reviewer represents and warrants that it has, and will continue to have, adequate administrative, technical, and physical safeguards designed to (i) protect the security, confidentiality and integrity of Non-Public Personal Information, (ii) ensure against anticipated threats or hazards to the security or integrity of Non-Public Personal Information, (iii) protect against unauthorized access to or use of Non-Public Personal Information and (iv) otherwise comply with its obligations under this Agreement. These safeguards include a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection and data transmission protection) and physical security measures. (c) The Asset Representations Reviewer will promptly notify Servicer in the event it becomes aware of any unauthorized or suspected acquisition of data or Confidential Information that compromises the security, confidentiality or integrity of Servicer’s Confidential Information, whether internal or external. The disclosure will include the date and time of the breach along with specific information compromised along with the monitoring logs, to the extent then known. The Asset Representations Reviewer will use commercially reasonable efforts to take remedial action to resolve such breachbreach and provide the Servicer with such further information and assistance as may be reasonably requested. (d) The Asset Representations Reviewer will cooperate with and provide information to the Issuer and the Servicer regarding the Asset Representations Reviewer’s compliance with this Section 4.9. The Asset Representations Reviewer, the Issuer and the Servicer agree to modify Section 4.8 and this Section 4.9 as necessary for any party to comply with applicable law.

Security and Safeguarding Information. (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (the “FTC”) (the “Safeguards Rule”). Additionally, state specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that: (i) It will use commercially reasonable efforts to safeguard and protect the confidentiality of any Confidential Information and agrees, warrants, and represents that it has or will implement and maintain appropriate safeguards designed to safeguard and protect the confidentiality of any Confidential Information. (ii) It will not disclose or use Confidential Information provided except for the purposes as set in the Agreement, including as permitted under the Act and its implementing regulations, or other applicable law. (iii) It acknowledges that the providing party is required by the Safeguards Rule to take reasonable steps to assure itself that its service providers maintain sufficient procedures to detect and respond to security breaches, and maintain reasonable procedures to discover and respond to widely-known security failures by its service providers. It agrees to furnish to the providing party that appropriate documentation to provide such assurance. (iv) It understands that the FTC may, from time to time, issue amendments to and interpretations of its regulations implementing the provisions of the Act, and that pursuant to its regulations, either or both of the parties hereto may be required to modify their policies and procedures regarding the collection, use, protection, and/or dissemination of Non-Public Personal Information. Additionally, states may issue amendments to and interpretations of existing regulations, or may issue new regulations, which both of the parties hereto may be required to modify their policies and procedures. To the extent such regulations are so amended or interpreted, each party hereto agrees to use reasonable efforts to adjust the Agreement in order to comply with any such new requirements. (v) By the signing of this Agreement, each party certifies that it has a written, comprehensive information security program that is in compliance with federal and state laws that are applicable to its respective organization and the types of Confidential Information it receives. (b) The Asset Representations Reviewer represents and warrants that it has, and will continue to have, adequate administrative, technical, and physical safeguards designed to (i) protect the security, confidentiality and integrity of Non-Public Personal Information, (ii) ensure against anticipated threats or hazards to the security or integrity of Non-Public Personal Information, (iii) protect against unauthorized access to or use of Non-Public Personal Information and (iv) otherwise comply with its obligations under this Agreement. These safeguards include a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection and data transmission protection) and physical security measures. (c) Asset Representations Reviewer will promptly notify Servicer in the event it becomes aware of any unauthorized or suspected acquisition of data or Confidential Information that compromises the security, confidentiality or integrity of Servicer’s Confidential Information, whether internal or external. The disclosure will include the date and time of the breach along with specific information compromised along with the monitoring logs, to the extent then known. The Asset Representations Reviewer will use commercially reasonable efforts to take remedial action to resolve such breach. (d) The Asset Representations Reviewer will cooperate with and provide information to the Issuer and the Servicer regarding the Asset Representations Reviewer’s compliance with this Section 4.9.protections

Security and Safeguarding Information. (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (the “FTC”) (the “Safeguards Rule”). Additionally, state specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that: (i) It will use commercially reasonable efforts to safeguard and protect the confidentiality of any Confidential Information and agrees, warrants, and represents that it has or will implement and maintain appropriate safeguards designed to safeguard and protect the confidentiality of any Confidential Information. (ii) It will not disclose or use Confidential Information provided except for the purposes as set in the Agreement, including as permitted under the Act and its implementing regulations, or other applicable law. (iii) It acknowledges that the providing party is required by the Safeguards Rule to take reasonable steps to assure itself that its service providers maintain sufficient procedures to detect and respond to security breaches, and maintain reasonable procedures to discover and respond to widely-known security failures by its service providers. It agrees to furnish to the providing party that appropriate documentation to provide such assurance. (iv) It understands that the FTC may, from time to time, issue amendments to and interpretations of its regulations implementing the provisions of the Act, and that pursuant to its regulations, either or both of the parties hereto may be required to modify their policies and procedures regarding the collection, use, protection, and/or dissemination of Non-Public Personal Information. Additionally, states may issue amendments to and interpretations of existing regulations, or may issue new regulations, which both of the parties hereto may be required to modify their policies and procedures. To the extent such regulations are so amended or interpreted, each party hereto agrees to use reasonable efforts to adjust the Agreement in order to comply with any such new requirements. (v) By the signing of this Agreement, each party certifies that it has a written, comprehensive information security program that is in compliance with federal and state laws that are applicable to its respective organization and the types of Confidential Information it receives. (b) The Asset Representations Reviewer represents and warrants that it has, and will continue to have, adequate administrative, technical, and physical safeguards designed to (i) protect the security, confidentiality and integrity of Non-Public Personal Information, (ii) ensure against anticipated threats or hazards to the security or integrity of Non-Public Personal Information, (iii) protect against unauthorized access to or use of Non-Public Personal Information and (iv) otherwise comply with its obligations under this Agreement. These safeguards include a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection and data transmission protection) and physical security measures. (c) Asset Representations Reviewer will promptly notify Servicer in the event it becomes aware of any unauthorized or suspected acquisition of data or Confidential Information that compromises the security, confidentiality or integrity of Servicer’s Confidential Information, whether internal or external. The disclosure will include the date and time of the breach along with specific information compromised along with the monitoring logs, to the extent then known. The Asset Representations Reviewer will use commercially reasonable efforts to take remedial action to resolve such breach. (d) The Asset Representations Reviewer will cooperate with and provide information to the Issuer and the Servicer regarding the Asset Representations Reviewer’s compliance with this Section 4.9.

Security and Safeguarding Information. (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the XxxxxGxxxx-Xxxxx-Xxxxxx Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (“FTC”) (the “Safeguards Rule”). Additionally, state specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that: (i) It will use commercially reasonable efforts to safeguard and protect the confidentiality of any Confidential Information and agrees, warrants, and represents that it has or will implement and maintain appropriate safeguards designed to safeguard and protect the confidentiality of any Confidential Information. (ii) It will not disclose or use Confidential Information provided except for the purposes as set in the Agreement, including as permitted under the Act and its implementing regulations, or other applicable law. (iii) It acknowledges that the providing party is required by the Safeguards Rule to take reasonable steps to assure itself that its service providers maintain sufficient procedures to detect and respond to security breaches, and maintain reasonable procedures to discover and respond to widely-known security failures by its service providers. It agrees to furnish to the providing party that appropriate documentation to provide such assurance. (iv) It understands that the FTC may, from time to time, issue amendments to and interpretations of its regulations implementing the provisions of the Act, and that pursuant to its regulations, either or both of the parties hereto may be required to modify their policies and procedures regarding the collection, use, protection, and/or dissemination of Non-Public Personal Information. Additionally, states may issue amendments to and interpretations of existing regulations, or may issue new regulations, which both of the parties hereto may be required to modify their policies and procedures. To the extent such regulations are so amended or interpreted, each party hereto agrees to use reasonable efforts to adjust the Agreement in order to comply with any such new requirements. (v) By the signing of this Agreement, each party certifies that it has a written, comprehensive information security program that is in compliance with federal and state laws that are applicable to its respective organization and the types of Confidential Information it receives. (b) The Asset Representations Reviewer represents and warrants that it has, and will continue to have, adequate administrative, technical, and physical safeguards designed to (i) protect the security, confidentiality and integrity of Non-Public Personal Information, (ii) ensure against anticipated threats or hazards to the security or integrity of Non-Public Personal Information, (iii) protect against unauthorized access to or use of Non-Public Personal Information and (iv) otherwise comply with its obligations under this Agreement. These safeguards include a written data security plan, employee training, information access controls, restricted disclosures, systems protections (e.g., intrusion protection, data storage protection and data transmission protection) and physical security measures. (c) Asset Representations Reviewer will promptly notify Servicer in the event it becomes aware of any unauthorized or suspected acquisition of data or Confidential Information that compromises the security, confidentiality or integrity of Servicer’s Confidential Information, whether internal or external. The disclosure will include the date and time of the breach along with specific information compromised along with the monitoring logs, to the extent then known. The Asset Representations Reviewer will use commercially reasonable efforts to take remedial action to resolve such breach. (d) The Asset Representations Reviewer will cooperate with and provide information to the Issuer and the Servicer regarding the Asset Representations Reviewer’s compliance with this Section 4.9.