{"component": "clause", "props": {"groups": [{"samples": [{"hash": "5JtvdntQgWA", "uri": "/contracts/5JtvdntQgWA#data-encryption", "label": "Contract for Services", "score": 36.4551849365, "published": true}, {"hash": "lAW4ZqpPy49", "uri": "/contracts/lAW4ZqpPy49#data-encryption", "label": "Contract for Services", "score": 36.4455909729, "published": true}, {"hash": "1G9jWaZAVzJ", "uri": "/contracts/1G9jWaZAVzJ#data-encryption", "label": "Contract for Services", "score": 36.3458938599, "published": true}], "size": 96, "snippet_links": [{"key": "county-data", "type": "clause", "offset": [13, 24]}, {"key": "the-contractor-shall", "type": "clause", "offset": [26, 46]}, {"key": "public-data", "type": "clause", "offset": [63, 74]}, {"key": "if-the-contractor", "type": "clause", "offset": [149, 166]}, {"key": "personally-identifiable", "type": "definition", "offset": [184, 207]}, {"key": "confidential-information", "type": "definition", "offset": [221, 245]}, {"key": "social-security-number", "type": "definition", "offset": [298, 320]}, {"key": "date-of-birth", "type": "definition", "offset": [322, 335]}, {"key": "license-number", "type": "clause", "offset": [346, 360]}, {"key": "financial-data", "type": "definition", "offset": [362, 376]}, {"key": "tax-information", "type": "definition", "offset": [392, 407]}, {"key": "consistent-with", "type": "clause", "offset": [494, 509]}, {"key": "as-specified", "type": "clause", "offset": [543, 555]}, {"key": "technology-security-requirements", "type": "clause", "offset": [595, 627]}], "snippet": "2.1. For all COUNTY data, The CONTRACTOR shall encrypt all non-public data in transit regardless of the transit mechanism.\n2.2. For all COUNTY data, if the CONTRACTOR stores sensitive personally identifiable or otherwise confidential information, this data shall be encrypted at rest. Examples are social security number, date of birth, driver\u2019s license number, financial data, federal/state tax information, and hashed passwords.\n2.3. For all COUNTY data, the CONTRACTOR\u2019S encryption shall be consistent with validated cryptography standards as specified in National Institute of Standards and Technology Security Requirements as outlined at \u2587\u2587\u2587\u2587://\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf", "hash": "0fd7ad80adede41c413464c7231dbd3e", "id": 1}, {"samples": [{"hash": "9KklbtnkSz4", "uri": "/contracts/9KklbtnkSz4#data-encryption", "label": "Professional Services", "score": 26.5414104462, "published": true}, {"hash": "iq5UooOYZa6", "uri": "/contracts/iq5UooOYZa6#data-encryption", "label": "Professional Services", "score": 26.5153999329, "published": true}, {"hash": "eJGRj6Ubs0U", "uri": "/contracts/eJGRj6Ubs0U#data-encryption", "label": "Professional Services", "score": 26.508556366, "published": true}], "size": 91, "snippet_links": [{"key": "contractor-must", "type": "clause", "offset": [0, 15]}, {"key": "data-at-rest", "type": "clause", "offset": [34, 46]}, {"key": "in-compliance-with", "type": "definition", "offset": [63, 81]}, {"key": "publication-140", "type": "clause", "offset": [87, 102]}, {"key": "applicable-law", "type": "clause", "offset": [108, 122]}, {"key": "encryption-keys", "type": "clause", "offset": [180, 195]}, {"key": "contractor-will", "type": "clause", "offset": [226, 241]}, {"key": "by-contractor", "type": "clause", "offset": [348, 361]}, {"key": "performance-of-this-contract", "type": "clause", "offset": [379, 407]}], "snippet": "Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.", "hash": "a76199879e04cd960130775778cac6a2", "id": 2}, {"samples": [{"hash": "fD0pxxD5TUJ", "uri": "/contracts/fD0pxxD5TUJ#data-encryption", "label": "Sinkhole Stabilization Services Agreement", "score": 29.5196857452, "published": true}, {"hash": "62xPWBPqmTn", "uri": "/contracts/62xPWBPqmTn#data-encryption", "label": "Field Inspection Services Agreement", "score": 29.5112628937, "published": true}, {"hash": "eHPi65B3Yz", "uri": "/contracts/eHPi65B3Yz#data-encryption", "label": "Field Inspection Services Agreement", "score": 29.5108757019, "published": true}], "size": 91, "snippet_links": [{"key": "vendor-staff", "type": "definition", "offset": [11, 23]}, {"key": "electronic-data", "type": "clause", "offset": [41, 56]}, {"key": "citizens-confidential-information", "type": "definition", "offset": [87, 120]}, {"key": "consistent-with", "type": "clause", "offset": [167, 182]}, {"key": "industry-standards", "type": "definition", "offset": [183, 201]}], "snippet": "Vendor and Vendor Staff will encrypt all electronic data and communications containing Citizens Confidential Information using a strong cryptographic protocol that is consistent with industry standards.", "hash": "e35e4884615192721b4f46039841f246", "id": 3}, {"samples": [{"hash": "8Bf1aJP6Hvf", "uri": "/contracts/8Bf1aJP6Hvf#data-encryption", "label": "Claims Legal Services Agreement", "score": 34.451423645, "published": true}, {"hash": "4LHUbVjg6Cj", "uri": "/contracts/4LHUbVjg6Cj#data-encryption", "label": "Claims Legal Services Agreement", "score": 34.4131011963, "published": true}, {"hash": "89XpwjuFNR8", "uri": "/contracts/89XpwjuFNR8#data-encryption", "label": "Claims Legal Services Agreement", "score": 33.5569190979, "published": true}], "size": 74, "snippet_links": [{"key": "services-for", "type": "clause", "offset": [25, 37]}, {"key": "the-contract", "type": "definition", "offset": [49, 61]}, {"key": "electronic-data", "type": "clause", "offset": [80, 95]}, {"key": "citizens-confidential-information", "type": "definition", "offset": [126, 159]}, {"key": "consistent-with", "type": "clause", "offset": [206, 221]}, {"key": "industry-standards", "type": "definition", "offset": [222, 240]}], "snippet": "Firm and those providing services for Firm under the Contract, will encrypt all electronic data and communications containing Citizens Confidential Information using a strong cryptographic protocol that is consistent with industry standards.", "hash": "6dba54251b99b35cf8c6d9c6c903f868", "id": 4}, {"samples": [{"hash": "2UeMA48w9uY", "uri": "/contracts/2UeMA48w9uY#data-encryption", "label": "Consulting Agreement", "score": 34.4979667664, "published": true}, {"hash": "aJtiFkkGIPX", "uri": "/contracts/aJtiFkkGIPX#data-encryption", "label": "Consulting Agreement", "score": 33.8940238953, "published": true}, {"hash": "5yImNkiXYyl", "uri": "/contracts/5yImNkiXYyl#data-encryption", "label": "Consultant Services Agreement", "score": 32.4969902039, "published": true}], "size": 15, "snippet_links": [{"key": "the-consultant-shall", "type": "clause", "offset": [4, 24]}, {"key": "county-data", "type": "clause", "offset": [48, 59]}, {"key": "data-at-rest", "type": "clause", "offset": [163, 175]}, {"key": "consistent-with", "type": "clause", "offset": [218, 233]}, {"key": "as-specified", "type": "clause", "offset": [267, 279]}, {"key": "technology-security-requirements", "type": "clause", "offset": [319, 351]}], "snippet": "3.1 The Consultant shall encrypt all non-public County data in transit regardless of the transit mechanism.\n3.2 The Consultant shall encrypt all non-public County data at rest.\n3.3 The Consultant\u2019s encryption shall be consistent with validated cryptography standards as specified in National Institute of Standards and Technology Security Requirements.", "hash": "42e7912570223b8b19e17cbf64e14f53", "id": 6}, {"samples": [{"hash": "hx9IYB9WDav", "uri": "/contracts/hx9IYB9WDav#data-encryption", "label": "Statewide Contract", "score": 34.922252655, "published": true}, {"hash": "koLMRp4NJTu", "uri": "/contracts/koLMRp4NJTu#data-encryption", "label": "Statewide Contract", "score": 34.9085655212, "published": true}, {"hash": "cYIoShORm8P", "uri": "/contracts/cYIoShORm8P#data-encryption", "label": "Statewide Contract", "score": 34.9085655212, "published": true}], "size": 14, "snippet_links": [{"key": "contractor-shall", "type": "clause", "offset": [0, 16]}, {"key": "ensure-security", "type": "clause", "offset": [17, 32]}, {"key": "operating-systems", "type": "definition", "offset": [102, 119]}, {"key": "data-transfer", "type": "definition", "offset": [242, 255]}, {"key": "version-2", "type": "definition", "offset": [345, 354]}, {"key": "ssl-certificates", "type": "definition", "offset": [402, 418]}, {"key": "signed-by", "type": "clause", "offset": [437, 446]}, {"key": "trusted-third-party", "type": "definition", "offset": [449, 468]}, {"key": "data-at-rest", "type": "clause", "offset": [569, 581]}, {"key": "the-application", "type": "clause", "offset": [607, 622]}, {"key": "united-states-of-america", "type": "clause", "offset": [709, 733]}, {"key": "data-transmission", "type": "definition", "offset": [752, 769]}, {"key": "support-services", "type": "definition", "offset": [780, 796]}, {"key": "hosted-site", "type": "definition", "offset": [815, 826]}, {"key": "disaster-recovery", "type": "clause", "offset": [838, 855]}], "snippet": "Contractor shall ensure security by installing firewalls and anti-virus software on computers, ensure operating systems are updated, encrypt information and email exchanges, safeguard any information stored in computers before disposing. All Data transfer must be encrypted using 256 bit (or higher) TLS 1.2 (or higher) for HTTP traffic and SSH version 2 for any batch or real-time non-http transfers. SSL certificates must be SHA 2 and signed by a trusted third party; no self-signed certificates. Data shall be encrypted when at rest in vendor storage. Decryption of data at rest must be under control of the application and not a storage platform. All Data must be stored and transmitted in the contiguous United States of America only. No offshore data transmission (e.g. for support services) or storage (e.g. hosted site or backup, disaster recovery).", "hash": "6ff9bdb9e06f809906dd3f378b88cc73", "id": 7}, {"samples": [{"hash": "jHCBzN5Nn14", "uri": "/contracts/jHCBzN5Nn14#data-encryption", "label": "Standard Terms and Conditions", "score": 33.0453300476, "published": true}, {"hash": "GDmlbRckV6", "uri": "/contracts/GDmlbRckV6#data-encryption", "label": "Standard Terms and Conditions", "score": 30.0315914154, "published": true}, {"hash": "gpCpalEo2i3", "uri": "/contracts/gpCpalEo2i3#data-encryption", "label": "Standard Terms and Conditions", "score": 27.7677879333, "published": true}], "size": 14, "snippet_links": [{"key": "agrees-to", "type": "clause", "offset": [7, 16]}, {"key": "backup-data", "type": "definition", "offset": [31, 42]}, {"key": "recovery-process", "type": "clause", "offset": [80, 96]}], "snippet": "Vendor agrees to store any FIU backup data as part of its designated backup and recovery process in encrypted form, using no less than 128-bit key;", "hash": "623d85a34b6d82b061d5c654a8964a42", "id": 8}, {"samples": [{"hash": "cLkQayam6re", "uri": "/contracts/cLkQayam6re#data-encryption", "label": "Investment Management Agreement", "score": 35.9863548279, "published": true}, {"hash": "2kQ3XgQouki", "uri": "/contracts/2kQ3XgQouki#data-encryption", "label": "Investment Managers Services Agreement", "score": 35.9082298279, "published": true}, {"hash": "hxk7HGFeNNh", "uri": "/contracts/hxk7HGFeNNh#data-encryption", "label": "Agreement for Comprehensive Adjusting Services", "score": 35.4028129578, "published": true}], "size": 52, "snippet_links": [{"key": "vendor-staff", "type": "definition", "offset": [11, 23]}, {"key": "data-at-rest", "type": "clause", "offset": [46, 58]}, {"key": "consistent-with", "type": "clause", "offset": [120, 135]}, {"key": "industry-standards", "type": "definition", "offset": [136, 154]}], "snippet": "Vendor and Vendor Staff will encrypt Citizens Data at rest and in transit using a strong cryptographic protocol that is consistent with industry standards.", "hash": "d403b3eab42ef0c6f18a8d91d0d4f171", "id": 5}, {"samples": [{"hash": "kPHIjbJJg8G", "uri": "/contracts/kPHIjbJJg8G#data-encryption", "label": "Purchase Order Agreement", "score": 31.2090492249, "published": true}, {"hash": "gJnViV4fJXV", "uri": "/contracts/gJnViV4fJXV#data-encryption", "label": "Purchase Order Agreement", "score": 29.0945510864, "published": true}, {"hash": "8gwEl5aS6yO", "uri": "/contracts/8gwEl5aS6yO#data-encryption", "label": "Purchase Order Agreement", "score": 28.8996868134, "published": true}], "size": 14, "snippet_links": [{"key": "agrees-to", "type": "clause", "offset": [9, 18]}, {"key": "public-information", "type": "clause", "offset": [33, 51]}, {"key": "recovery-processes", "type": "clause", "offset": [124, 142]}, {"key": "applicable-legislation", "type": "definition", "offset": [306, 328]}, {"key": "computing-device", "type": "definition", "offset": [378, 394]}, {"key": "portable-storage-medium", "type": "definition", "offset": [402, 425]}], "snippet": "Supplier agrees to store all Non-Public Information and any backup of that information as part of its designated backup and recovery processes in encrypted form, using a commercially supported encryption solution. Supplier further agrees that any and all Non-Public Information, as defined herein or under applicable legislation or regulations, stored on any portable or laptop computing device or any portable storage medium is likewise encrypted.", "hash": "585f49cee473aed05a0c0eb348eb07d6", "id": 9}, {"samples": [{"hash": "53aCRr4XS5b", "uri": "/contracts/53aCRr4XS5b#data-encryption", "label": "Data Processing Addendum", "score": 35.4943618774, "published": true}, {"hash": "5LNt9joWHGm", "uri": "/contracts/5LNt9joWHGm#data-encryption", "label": "Data Processing Addendum", "score": 35.3582191467, "published": true}, {"hash": "8KJCKX4MyXJ", "uri": "/contracts/8KJCKX4MyXJ#data-encryption", "label": "Data Processing Addendum", "score": 35.257724762, "published": true}], "size": 13, "snippet_links": [{"key": "services-use", "type": "clause", "offset": [10, 22]}, {"key": "encryption-practices", "type": "clause", "offset": [41, 61]}, {"key": "customer-data", "type": "clause", "offset": [73, 86]}, {"key": "tls-certificates", "type": "definition", "offset": [198, 214]}, {"key": "in-connection-with", "type": "clause", "offset": [292, 310]}, {"key": "provision-of-the", "type": "clause", "offset": [315, 331]}, {"key": "to-ensure", "type": "clause", "offset": [382, 391]}, {"key": "forward-secrecy", "type": "clause", "offset": [562, 577]}, {"key": "amazon-web-services", "type": "clause", "offset": [595, 614]}, {"key": "encryption-key", "type": "definition", "offset": [697, 711]}, {"key": "access-to", "type": "definition", "offset": [919, 928]}, {"key": "third-party-services", "type": "definition", "offset": [929, 949]}, {"key": "for-example", "type": "definition", "offset": [951, 962]}, {"key": "data-exports", "type": "clause", "offset": [987, 999]}], "snippet": "The Braze Services use industry-accepted encryption practices to protect Customer Data and communications during transmissions between a customer's network and the Braze Services, including 256-bit TLS Certificates and 4096-bit RSA public keys at a minimum. Braze audits the TLS ciphers used in connection with the provision of the Braze Services with third-party security auditors to ensure that anonymous or weak ciphers are not used. These audits also confirm that the Braze Services do not allow client renegotiation, support downgrade attack protection and forward secrecy. Data shipped to Amazon Web Services is encrypted in transit and at-rest using AES-256 encryption via Amazon\u2019s managed encryption key process. Data shipped to Rackspace is encrypted in transit and at-rest using AES-256 encryption via Rackspace\u2019s managed encryption key process. Where use of the Braze Services requires a customer to provide access to third party services (for example, AWS S3 credentials for data exports), \u2587\u2587\u2587\u2587\u2587 performs additional encryption of that information.", "hash": "647e3f56ed5eddefc14a4fb8a4a37664", "id": 10}], "next_curs": "ClgSUmoVc35sYXdpbnNpZGVyY29udHJhY3RzcjQLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IhhkYXRhLWVuY3J5cHRpb24jMDAwMDAwMGEMogECZW4YACAA", "clause": {"children": [["certification", "Certification"], ["stored-data", "Stored Data"], ["transmitted-data", "Transmitted Data"], ["encryption-of-transmitted-data", "Encryption of Transmitted Data"], ["encrypted-storage", "Encrypted Storage"]], "size": 693, "title": "Data Encryption", "parents": [["security-and-confidentiality", "Security and Confidentiality"], ["signatures", "SIGNATURES"], ["certification", "Certification"], ["government-data-practices-and-intellectual-property", "Government Data Practices and Intellectual Property"], ["minnesota-rule-5000", "Minnesota Rule 5000"]], "id": "data-encryption", "related": [["encryption", "Encryption", "Encryption"], ["workstation-encryption", "Workstation Encryption", "Workstation Encryption"], ["workstation-laptop-encryption", "Workstation/Laptop encryption", "Workstation/Laptop encryption"], ["encrypt-or-encryption", "Encrypt or Encryption", "Encrypt or Encryption"], ["data-use", "Data Use", "Data Use"]], "related_snippets": [], "updated": "2025-12-31T05:33:30+00:00", "also_ask": ["What minimum encryption standards should be mandated to ensure legal and industry compliance?", "How can the clause address evolving encryption technologies and future-proof obligations?", "What are the key risks if encryption requirements are vaguely defined or omitted?", "How does this clause compare to statutory or regulatory encryption mandates (e.g., GDPR, HIPAA)?", "What evidence is needed to prove compliance or breach of encryption obligations in court?"], "drafting_tip": "Specify encryption standards, mandate encryption in transit and at rest, and require regular updates to protocols to ensure data security and regulatory compliance.", "explanation": "A Data Encryption clause requires that all sensitive or confidential data be protected through the use of encryption technologies during storage and transmission. In practice, this means that any personal information, financial records, or proprietary business data must be encoded using industry-standard encryption methods, such as AES or TLS, to prevent unauthorized access. The core function of this clause is to safeguard data privacy and security, reducing the risk of data breaches and ensuring compliance with legal or regulatory requirements."}, "json": true, "cursor": ""}}