Common use of STUDENT DATA PRIVACY AND SECURITY Clause in Contracts

STUDENT DATA PRIVACY AND SECURITY. The YMCA acknowledges its obligation to comply with the Idaho Data Accountability Act, Idaho Code Section 33-133. The YMCA covenants and represents to the WASD as follows: a. The YMCA agrees that all information regarding services provided pursuant to this Agreement, including, but not limited to, the student’s identity and the nature of services rendered, shall be confidential and comply with all federal and state laws; b. The YMCA represents and warrants that it has in place Administrative Security, Physical Security, and Logical Security controls to protect from a Data Breach or Unauthorized Data Disclosure; c. The YMCA agrees to restrict access to Personally Identifiable Information (PII) to only authorized staff who require such access to perform their assigned duties; d. The YMCA is prohibited from using Student Data and PII for secondary uses including, but not limited to, sales, marketing, or advertising; e. Regardless of any provisions elsewhere in this Agreement, the YMCA agrees to indemnify and hold harmless the WASD from any liability, including, but not limited to, costs, fines, expenses, and attorney fees, resulting from the YMCA’s performance of the services provided under this Agreement and/or non-compliance with state and federal law regarding Student Data Privacy and Security; and f. The YMCA represents and warrants that it has an appropriate records retention schedule and/or policy for the destruction of data that is consistent with the WASD’s record retention policy.