Data Protection and Privacy Requirements Clause Samples

Data Protection and Privacy Requirements. 1. Web Services Employers must practice proper Internet security; this means using HTTP over SSL/TLS (also known as HTTPS) when accessing DHS information resources such as E-Verify [NIST SP 800-95]. Internet security practices like this are necessary because Simple Object Access Protocol (SOAP), which provides a basic messaging framework on which Web Services can be built, allows messages to be viewed or modified by attackers as messages traverse the Internet and is not independently designed with all the necessary security protocols for E-Verify use. 2. In accordance with DHS standards, the Web Services Employer agrees to maintain physical, electronic, and procedural safeguards to appropriately protect the information shared under this MOU against loss, theft, misuse, unauthorized access, and improper disclosure, copying use, modification or deletion. 3. Any data transmission requiring encryption shall comply with the following standards: • Products using FIPS 197 Advanced Encryption Standard (AES) algorithms with at least 256-bit encryption that has been validated under FIPS 140-2. • NSA Type 2 or Type 1 encryption. 4. User ID Management (Set Standard): All information exchanged between the parties under this MOU will be done only through authorized Web Services Employer representatives identified above. 5. The Web Services Employer agrees to use the E-Verify browser instead of its own interface if it has not yet upgraded its interface to comply with the Federal Acquisition Regulation (FAR) system changes. In addition, Web Services Employers whose interfaces do not support the Form I-9 from 2/2/2009 or 8/7/2009 agree to use the E-Verify browser until the system upgrade is completed. 6. The Web Services Employer agrees to use the E-Verify browser instead of its own interface if it has not completed updates to its system to the satisfaction of DHS or its assignees within six months from the date DHS notifies the Web Services Employer of the system update. The Web Services Employer can resume use of its interface once it is up-to-date, unless the Web Services Employer has been suspended or terminated from continued use of the system.
View SourceView Similar (7)
Data Protection and Privacy Requirements. 1. Web Services Employers must practice proper Internet security; this means using HTTP over SSL/TLS (also known as HTTPS) when accessing DHS information resources such as E-Verify [NIST SP 800-95]. Internet security practices like this are necessary because Simple Object Access Protocol (SOAP), which provides a basic messaging framework on which Web Services can be built, allows messages to be viewed or modified by attackers as messages traverse the Internet and is not independently designed with all the necessary security protocols for E-Verify use. 2. In accordance with DHS standards, the Web Services Employer agrees to maintain physical, electronic, and procedural safeguards to appropriately protect the information shared under this MOU against loss, theft, misuse, unauthorized access, and improper disclosure, copying use, modification or deletion. 3. Any data transmission requiring encryption shall comply with the following standards: • Products using FIPS 197 Advanced Encryption Standard (AES) algorithms with at least 256-bit encryption that has been validated under FIPS 140-2. • NSA Type 2 or Type 1 encryption.
View Source
Data Protection and Privacy Requirements. Web Services E-Verify Employer Agents must practice proper Internet security; this means using HTTP over SSL/TLS (also known as HTTPS) when accessing DHS information resources such as E-Verify [NIST SP 800-95]. Internet security practices like this are necessary because Simple Object Access Protocol (SOAP), which provides a basic messaging framework on which Web Services can be built, allows messages to be viewed or modified by attackers as messages traverse the Internet and is not independently designed with all the necessary security protocols for E-Verify use.
View Source
Data Protection and Privacy Requirements 
View SourceView Similar (18)

Related to Data Protection and Privacy Requirements

  • DATA PROTECTION AND PRIVACY 14.1 In addition to Supplier’s obligations under Sections 6, 9, 10, and 15, Supplier will comply with this Section 14 when processing Accenture Personal Data. "Accenture Personal Data" means personal data owned, licensed, or otherwise controlled or processed by Accenture including personal data processed by Accenture on behalf of its clients. “Accenture Data” means all information, data and intellectual property of Accenture or its clients or other suppliers, collected, stored, hosted, processed, received and/or generated by Supplier in connection with providing the Deliverables to Accenture, including Accenture Personal Data.

  • Data Protection and Privacy: Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.

  • Compliance with Data Privacy Laws The Company and its Subsidiaries are, and at all prior times were, in compliance with all applicable state and federal data privacy and security laws and regulations, including without limitation HIPAA, and the Company and its Subsidiaries have taken commercially reasonable actions to prepare to comply with, and since May 25, 2018, have been and currently are in compliance with, the GDPR (EU 2016/679) (collectively, the “Privacy Laws”) except in each case, where such would not, either individually or in the aggregate, reasonably be expected to result in a Material Adverse Effect. To ensure compliance with the Privacy Laws, the Company and its Subsidiaries have in place, comply with, and take appropriate steps reasonably designed to ensure compliance in all material respects with their policies and procedures relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data (the “Policies”). The Company and its Subsidiaries have at all times made all disclosures to users or customers required by applicable laws and regulatory rules or requirements, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable laws and regulatory rules or requirements in any material respect. The Company further certifies that neither it nor any Subsidiary: (i) has received notice of any actual or potential liability under or relating to, or actual or potential violation of, any of the Privacy Laws, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, remediation, or other corrective action pursuant to any Privacy Law; or (iii) is a party to any order, decree, or agreement that imposes any obligation or liability under any Privacy Law.

  • Privacy and Data Protection 8.1 The Receiving Party undertakes to comply with South Africa’s general privacy protection in terms Section 14 of the ▇▇▇▇ of Rights in connection with this Bid and shall procure that its personnel shall observe the provisions of such Act [as applicable] or any amendments and re-enactments thereof and any regulations made pursuant thereto. 8.2 The Receiving Party warrants that it and its Agents have the appropriate technical and organisational measures in place against unauthorised or unlawful processing of data relating to the Bid and against accidental loss or destruction of, or damage to such data held or processed by them.

  • Data Protection All personal data contained in the agreement shall be processed in accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data. Such data shall be processed solely in connection with the implementation and follow-up of the agreement by the sending institution, the National Agency and the European Commission, without prejudice to the possibility of passing the data to the bodies responsible for inspection and audit in accordance with EU legislation (Court of Auditors or European Antifraud Office (▇▇▇▇)). The participant may, on written request, gain access to his personal data and correct any information that is inaccurate or incomplete. He/she should address any questions regarding the processing of his/her personal data to the sending institution and/or the National Agency. The participant may lodge a complaint against the processing of his personal data with the [national supervising body for data protection] with regard to the use of these data by the sending institution, the National Agency, or to the European Data Protection Supervisor with regard to the use of the data by the European Commission.