Common use of Data Compliance Clause in Contracts

Data Compliance. In connection with its provision of the Services under this Agreement, the Service Provider shall comply with applicable data security and privacy laws (including any applicable laws pertaining to Service Provider’s handling of Personally Identifiable Information (PII), notification of security breaches, social security number protection. With respect to Service Provider’s Ethernet Dedicated Internet Services, Ethernet Transport Services and Business Internet Services provided hereunder, Service Provider shall adhere to the standards set forth in: X Publicly available information ▪ NIST 800-171 X Confidential Personally Identifiable Information (PII) ▪ State law on Notification of Security Breaches ▪ State Law on Social Security Number Protection ▪ State law on the Protection of Personal Information ▪ National Institute of Standards & Technology: NIST SP 800-53 Revision 4 “Moderate” risk controls ▪ Privacy Act of 1974, 5 U.S.C. 552a. X Payment Card Information ▪ Payment Card Industry Data Security Standard (PCI DSS) v 3.2 The maximum dollar amount payable under this contract is not intended as any form of a guaranteed amount. The Service Provider will be paid for products or services actually delivered or performed, as specified in Attachment A, up to the maximum allowable amount specified on page 1 of this contract.