Data Incidents. If Apple becomes aware that Personal Data has been altered, deleted, or lost as a result of any unauthorized access to the Service (a “Data Incident”), Apple will notify Institution without undue delay if required by law, and Apple will take reasonable steps to minimize harm and secure the data. Notification of, or response to, a Data Incident by Apple will not be construed as an acknowledgment by Apple of any responsibility or liability with respect to a Data Incident. Institution is responsible for complying with applicable incident notification laws and fulfilling any third-party obligations related to Data Incident(s). Apple will not access the contents of Personal Data in order to identify information subject to any specific legal requirements. Apple shall use industry-standard measures to safeguard Personal Data during the transfer, processing, and storage of Personal Data as part of the Service. As part of these measures, Apple will use commercially reasonable efforts to encrypt Personal Data at rest and in transit; ensure the ongoing confidentiality, integrity, availability and resilience of the Service; in the event of an issue, restore the availability of Personal Data in a timely manner; and regularly test, assess, and evaluate the effectiveness of such measures. Apple will take appropriate steps to ensure compliance with security procedures by its employees, contractors and Sub-processors, and Apple shall ensure that any persons authorized to process such Personal Data comply with applicable laws regarding the confidentiality and security of Personal Data with regards to the Service. Encrypted Personal Data may be stored at Apple’s geographic discretion. To the extent Apple is acting as a data processor, Apple will assist You with ensuring Your compliance, if applicable, with the following:
