Business Practice Commitments Clause Samples
The Business Practice Commitments clause sets out the standards and obligations that parties must adhere to in conducting their business under the agreement. Typically, this clause requires each party to comply with applicable laws, maintain ethical standards, and follow industry best practices in their operations. For example, it may obligate parties to avoid corrupt practices, ensure fair dealing, or uphold environmental and labor standards. Its core function is to promote responsible and lawful business conduct, thereby reducing the risk of unethical or illegal behavior that could harm either party or the reputation of the business relationship.
Business Practice Commitments. Defendant will provide a confidential declaration to Settlement Class Counsel describing its information security improvements since the Security Incident and estimating the annual cost of those improvements. The cost of such improvements will be paid by Defendant separate and apart from all other settlement benefits.
Business Practice Commitments. As further consideration for the settlement and releases provided herein, Shift Digital agrees to take reasonable measures to further secure personal information within its custody and control and to maintain such measures already taken. Specifically, Shift Digital agrees that it has or will implement the following: (1) ensure that the default setting for all Microsoft Azure data storage containers is private; (2) conduct frequent enterprise-wide automated scans across its cloud computing platform to confirm that the access settings of all data storage containers are correct; (3) conduct periodic manual reviews of all Microsoft Azure data storage containers to ensure they are set to the correct access settings; (4) maintain role-based security protocols that limit permission to create Microsoft Azure data storage containers to a small number of designated users; (5) encrypt all application data within its control in Microsoft Azure at-rest and in-transit; (6) use Microsoft Azure Security Center tools, such as constant vulnerability scans, to proactively monitor security threats; (7) conduct annual third-party penetration testing of its applications and address any vulnerabilities as appropriate; (8) commission annual third-party assessments of its security programs and practices and update its programs and practices to address threats and vulnerabilities; (9) engage an outside service provider for Virtual Chief Information Security Officer Services and work to build a dedicated data security team; and (10) further develop and formalize its data classification protocols, risk management operations, and incident response procedures.
Business Practice Commitments. Although Defendant denies any wrongdoing or liability, Plaintiffs have received confidential assurances that the Defendant has already and is continuously implementing additional security enhancements including defensive tools and increased monitoring. Defendant has committed to maintain its additional security measures for a period of 3 years following the effective date of this Settlement.
Business Practice Commitments. 70. 23andMe, at its sole and separate expense, shall certify that it has adopted, paid for, and implemented and intends to maintain the following Business Practice Commitments related to information security to safeguard current users’ and Settlement Class Members’ Personal Information. The cost of the measures in this Section will not be paid from the Qualified Settlement Fund.
Business Practice Commitments. Metromile endeavors to take reasonable steps to secure personal information within its platform, including its online car insurance application process (“Online Quote Flow”). As part of those efforts, Metromile agrees that it has taken or will take the following measures (or measures that are better protective of customer data security). Metromile is responsible for all costs associated with implementing and maintaining these Business Practice Commitments, which costs are separate and apart from the Settlement Fund.
1) Set up mechanisms to block suspicious website traffic, including by configuring Metromile’s firewalls to block traffic from IP addresses exhibiting suspicious traffic patterns (e.g., abnormally repetitive quote requests from the same IP address).
2) Implement reCAPTCHA logging to block automated use of the Online Quote Flow.
3) Engage a third-party security auditor/penetration tester as well as internal security personnel to conduct penetration tests and audits on Metromile’s systems on a periodic basis, and address any problems or issues detected thereby on a risk- prioritized basis.
4) Periodically audit, test, and train Metromile’s security personnel regarding new or modified procedures corresponding with their job responsibilities.
5) Implement reasonably appropriate data segmentation by creating firewalls and access controls.
6) Conduct periodic computer system scanning and security checks.
7) Conduct periodic internal training and education to inform Metromile employees about the company’s security practices.
8) Protect endpoints with anti-malware software and local firewalls. The requirements of this ¶ 2.6 shall remain in place for three (3) years following the date the court approves the settlement.
Business Practice Commitments. Although ▇▇▇▇▇▇▇▇’▇ denies any wrongdoing or liability, Plaintiffs have received confidential assurances that the Christie’s has already and is continuously implementing additional security enhancements including defensive tools and increased monitoring. ▇▇▇▇▇▇▇▇’▇ has committed to maintain its additional security measures for a period of 3 years following the effective date of this Settlement. Claims must be submitted online or mailed by [deadline]. Use the address at the top of this form to mail your Claim Form. Please note: the settlement administrator may contact you to request additional documents to process your claim. Your [benefit language] may decrease depending on the number of claims filed. For more information and complete instructions visit [website]. Questions? Go to ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or call 1-XXX-XXX-XXXX
1. NAME (REQUIRED):
2. MAILING ADDRESS (REQUIRED): 3. PHONE NUMBER:
Business Practice Commitments. For a period of 3 years following the execution of a formal settlement agreement, Defendant commits to pay for, implement and continue certain data-security enhancements and business practices. Due to their confidential and sensitive nature, those enhancements and practices are not being publicly disclosed herein but have been shared with Plaintiff’s Counsel, who agrees to maintain the confidentiality of that information. Nothing in this provision prohibits Order Express from changing vendors for the identified business practices so long as a comparable product/service is maintained. Defendant agrees to provide a declaration detailing its business practice changes implemented after the Ransomware Attack.
Business Practice Commitments. Defendants will provide a confidential declaration to Settlement Class Counsel describing its information security enhancements since the Security Incident and estimating, to the extent reasonably calculable, the annual cost of those enhancements. The cost of such enhancements will be paid by Defendants separate and apart from all other settlement benefits.
Business Practice Commitments. PCS represents that it has adopted and implemented and will continue to implement significant data security measurements following the Data Breach, including those set forth in (a) through (e) below. Further, PCS agrees that, within thirty (30) days of the Effective Date, the subject personally identifiable information maintained on the subject server in connection with the Data Breach, and all related media and storage devices, will be destroyed, erased and/or sanitized, to the extent reasonably practicable, by PCS and/or its service provider.
a. Enhanced Cybersecurity Training and Awareness Program. Additional training on cybersecurity issues, including compliance with requirements for handling and transmitting sensitive data such as secure authentication, identification and storage of sensitive data, and awareness of how to protect against unintentional data exposures. Targeted training for and regular communications with employees who handle sensitive personal information.
b. Enhanced Data Security Policies. Creating, implementing, and training employees on new policies, protocols, and controls related to the ownership, review, and distribution of employee personal information and other private data.
c. Enhanced Security Measures. Implementing network and application upgrades, including strengthening password and multi-factor authentication requirements.
Business Practice Commitments. Citrix agrees to adopt and implement certain business practice commitments and remedial measures set forth in the declaration described below (“Business Practice Commitments”) for a period of at least three (3) years following the Effective Date, subject to the Modification provision set forth in Paragraph 69. These Business Practice Commitments are specific business practice commitments and remedial measures within the following general categories:
a. Enhanced Cybersecurity Training and Awareness Program.
b. Enhanced Data Security Policies.
c. Enhanced Security Measures.
d. Further Restricting Access to Personal Information.