State Confidential Information means any and all State Records not subject to disclosure under CORA. State Confidential Information shall include, but is not limited to, PII, PHI, PCI, Tax Information, CJI, and State personnel records not subject to disclosure under CORA. State Confidential Information shall not include information or data concerning individuals that is not deemed confidential but nevertheless belongs to the State, which has been communicated, furnished, or disclosed by the State to Contractor which (i) is subject to disclosure pursuant to CORA; (ii) is already known to Contractor without restrictions at the time of its disclosure to Contractor; (iii) is or subsequently becomes publicly available without breach of any obligation owed by Contractor to the State; (iv) is disclosed to Contractor, without confidentiality obligations, by a third party who has the right to disclose such information; or (v) was independently developed without reliance on any State Confidential Information.
Confidential Data used in connection with their businesses. “Personal Data” means (i) a natural person’s name, street address, telephone number, e-mail address, photograph, social security number or tax identification number, driver’s license number, passport number, credit card number, bank information, or customer or account number; (ii) any information which would qualify as “personally identifying information” under the Federal Trade Commission Act, as amended; (iii) “personal data” as defined by GDPR; (iv) any information which would qualify as “protected health information” under the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (collectively, “HIPAA”); (v) any “personal information” as defined by the California Consumer Privacy Act (“CCPA”); and (vi) any other piece of information that allows the identification of such natural person, or his or her family, or permits the collection or analysis of any data related to an identified person’s health or sexual orientation. There have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems, Confidential Data, and Personal Data and to the protection of such IT Systems, Confidential Data, and Personal Data from unauthorized use, access, misappropriation or modification.