Data Protection Controls Clause Samples

Data Protection Controls. The Contractor shall protect data and information provided by the University to Contractor (“University Data”) to commercially acceptable standards and no less rigorously than it protects its own confidential information. The Contractor shall develop, implement, maintain, and use appropriate administrative, technical, and physical security measures to preserve the confidentiality, integrity, and availability of University Data. The Contractor will not provide any University Data to any sub-contractor or agent without the prior express written permission of the University or as otherwise provided under the Purchase Order. Contractor shall return to the University all University Data, and shall not retain a copy, upon termination, cancellation, expiration, or other conclusion of the Purchase Order. Unless the University requests that the University Data be destroyed, the Contractor shall retain any University Data only as long as needed for the specified purpose and shall securely dispose of any University Data when there is no longer a business need to retain the data. The Contractor agrees to: (i) notify the University immediately if any breach of security, confidentiality, or integrity of the University Data occurs; and (ii) assist the University in any subsequent investigation and notification processes.