Common use of Business Practice Commitments Clause in Contracts

Business Practice Commitments. Metromile endeavors to take reasonable steps to secure personal information within its platform, including its online car insurance application process (“Online Quote Flow”). As part of those efforts, Metromile agrees that it has taken or will take the following measures (or measures that are better protective of customer data security). Metromile is responsible for all costs associated with implementing and maintaining these Business Practice Commitments, which costs are separate and apart from the Settlement Fund. 1) Set up mechanisms to block suspicious website traffic, including by configuring Metromile’s firewalls to block traffic from IP addresses exhibiting suspicious traffic patterns (e.g., abnormally repetitive quote requests from the same IP address). 2) Implement reCAPTCHA logging to block automated use of the Online Quote Flow. 3) Engage a third-party security auditor/penetration tester as well as internal security personnel to conduct penetration tests and audits on Metromile’s systems on a periodic basis, and address any problems or issues detected thereby on a risk- prioritized basis. 4) Periodically audit, test, and train Metromile’s security personnel regarding new or modified procedures corresponding with their job responsibilities. 5) Implement reasonably appropriate data segmentation by creating firewalls and access controls. 6) Conduct periodic computer system scanning and security checks. 7) Conduct periodic internal training and education to inform Metromile employees about the company’s security practices. 8) Protect endpoints with anti-malware software and local firewalls. The requirements of this ¶ 2.6 shall remain in place for three (3) years following the date the court approves the settlement.