Unautorized Disclosure and Incident Reporting Remediation and Privacy and Security Breach Notificatons Sample Clauses

Open Split View

Download

Share

Cite

Unautorized Disclosure and Incident Reporting Remediation and Privacy and Security Breach Notificatons 

Sample 1

Save

Copy

Related to Unautorized Disclosure and Incident Reporting Remediation and Privacy and Security Breach Notificatons

• Confidentiality and Safeguarding of University Records; Press Releases; Public Information Under this Agreement, Contractor may (1) create, (2) receive from or on behalf of University, or (3) have access to, records or record systems (collectively, University Records). Among other things, University Records may contain social security numbers, credit card numbers, or data protected or made confidential or sensitive by Applicable Laws. [Option (Include if University Records are subject to FERPA.): Additional mandatory confidentiality and security compliance requirements with respect to University Records subject to the Family Educational Rights and Privacy Act, 20 United States Code (USC) §1232g (FERPA) are addressed in Section 12.41.] [Option (Include if University is a HIPAA Covered Entity and University Records are subject to HIPAA.): Additional mandatory confidentiality and security compliance requirements with respect to University Records subject to the Health Insurance Portability and Accountability Act and 45 Code of Federal Regulations (CFR) Part 160 and subparts A and E of Part 164 (collectively, HIPAA) are addressed in Section 12.26.] Contractor represents, warrants, and agrees that it will: (1) hold University Records in strict confidence and will not use or disclose University Records except as (a) permitted or required by this Agreement, (b) required by Applicable Laws, or (c) otherwise authorized by University in writing; (2) safeguard University Records according to reasonable administrative, physical and technical standards (such as standards established by the National Institute of Standards and Technology and the Center for Internet Security [Option (Include if Section 12.39 related to Payment Card Industry Data Security Standards is not include in this Agreement.):, as well as the Payment Card Industry Data Security Standards]) that are no less rigorous than the standards by which Contractor protects its own confidential information; (3) continually monitor its operations and take any action necessary to assure that University Records are safeguarded and the confidentiality of University Records is maintained in accordance with all Applicable Laws and the terms of this Agreement; and (4) comply with University Rules regarding access to and use of University’s computer systems, including UTS165 at xxxx://xxx.xxxxxxxx.xxx/board-of-regents/policy-library/policies/uts165-information-resources-use-and-security-policy. At the request of University, Contractor agrees to provide University with a written summary of the procedures Contractor uses to safeguard and maintain the confidentiality of University Records.

• Reporting of Unauthorized Disclosure The Contractor shall immediately report to the State any unauthorized disclosure of confidential information.

• IDENTIFYING INFORMATION AND PRIVACY NOTIFICATION (a) FEDERAL EMPLOYER IDENTIFICATION NUMBER and/or FEDERAL SOCIAL SECURITY NUMBER. As a condition to NYSERDA’s obligation to pay any invoices submitted by Contractor pursuant to this Agreement, Contractor shall provide to NYSERDA its Federal employer identification number or Federal social security number, or both such numbers when the Contractor has both such numbers. Where the Contractor does not have such number or numbers, the Contractor must give the reason or reasons why the payee does not have such number or numbers.

• NEPOTISM DISCLOSURE A. In this section the term “relative” means:

• Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard.

• Confidentiality of Contractor Information The Contractor acknowledges and agrees that this Contract and any and all Contractor information obtained by the State in connection with this Contract are subject to the State of Vermont Access to Public Records Act, 1 V.S.A. § 315 et seq. The State will not disclose information for which a reasonable claim of exemption can be made pursuant to 1 V.S.A. § 317(c), including, but not limited to, trade secrets, proprietary information or financial information, including any formulae, plan, pattern, process, tool, mechanism, compound, procedure, production data, or compilation of information which is not patented, which is known only to the Contractor, and which gives the Contractor an opportunity to obtain business advantage over competitors who do not know it or use it. The State shall immediately notify Contractor of any request made under the Access to Public Records Act, or any request or demand by any court, governmental agency or other person asserting a demand or request for Contractor information. Contractor may, in its discretion, seek an appropriate protective order, or otherwise defend any right it may have to maintain the confidentiality of such information under applicable State law within three business days of the State’s receipt of any such request. Contractor agrees that it will not make any claim against the State if the State makes available to the public any information in accordance with the Access to Public Records Act or in response to a binding order from a court or governmental body or agency compelling its production. Contractor shall indemnify the State for any costs or expenses incurred by the State, including, but not limited to, attorneys’ fees awarded in accordance with 1 V.S.A. § 320, in connection with any action brought in connection with Contractor’s attempts to prevent or unreasonably delay public disclosure of Contractor’s information if a final decision of a court of competent jurisdiction determines that the State improperly withheld such information and that the improper withholding was based on Contractor’s attempts to prevent public disclosure of Contractor’s information. The State agrees that (a) it will use the Contractor information only as may be necessary in the course of performing duties, receiving services or exercising rights under this Contract; (b) it will provide at a minimum the same care to avoid disclosure or unauthorized use of Contractor information as it provides to protect its own similar confidential and proprietary information; (c) except as required by the Access to Records Act, it will not disclose such information orally or in writing to any third party unless that third party is subject to a written confidentiality agreement that contains restrictions and safeguards at least as restrictive as those contained in this Contract; (d) it will take all reasonable precautions to protect the Contractor’s information; and (e) it will not otherwise appropriate such information to its own use or to the use of any other person or entity. Contractor may affix an appropriate legend to Contractor information that is provided under this Contract to reflect the Contractor’s determination that any such information is a trade secret, proprietary information or financial information at time of delivery or disclosure.

• COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.

• CONFIDENTIALITY AND NON-DISCLOSURE; SECURITY BREACH REPORTING 2.1 For purposes of this Contract, confidential information will not include information or material which (a) enters the public domain (other than as a result of a breach of this Contract); (b) was in the receiving party’s possession prior to its receipt from the disclosing party; (c) is independently developed by the receiving party without the use of confidential information; (d) is obtained by the receiving party from a third party under no obligation of confidentiality to the disclosing party; or (e) is not exempt from disclosure under applicable State law.

• Confidentiality and Safeguarding Information 1. Each Party may have access to confidential information made available by the other. The provisions of the Florida Public Records Act, Chapter 119, F.S., and other applicable state and federal laws will govern disclosure of any confidential information received by the State of Florida.

• Data Breach Notification Seller will promptly notify Buyer of any actual or potential exposure or misappropriation of Buyer data ("breach") that comes to Seller's attention. Seller will cooperate with Xxxxx and in investigating any such breach, at Xxxxxx's expense. Seller will likewise cooperate with Buyer and, as applicable, with law enforcement agencies in any effort to notify injured or potentially injured parties, and such cooperation will be at Seller's expense, except to the extent that the breach was caused by Xxxxx. The remedies and obligations set forth in this subsection are in addition to any others Buyer may have, including, but not limited to, any requirements in the “Privacy, Confidentiality, and Security” provisions of this Agreement.