{"component": "clause", "props": {"groups": [{"snippet_links": [{"key": "provider-agrees-to", "type": "clause", "offset": [4, 22]}, {"key": "technical-safeguards", "type": "definition", "offset": [61, 81]}, {"key": "student-data", "type": "definition", "offset": [102, 114]}, {"key": "unauthorized-access", "type": "definition", "offset": [120, 139]}, {"key": "the-provider-shall", "type": "clause", "offset": [201, 219]}, {"key": "adhere-to", "type": "clause", "offset": [220, 229]}, {"key": "applicable-law", "type": "definition", "offset": [234, 248]}, {"key": "relating-to", "type": "definition", "offset": [249, 260]}, {"key": "based-on", "type": "definition", "offset": [341, 349]}, {"key": "nationally-recognized-standards", "type": "definition", "offset": [361, 392]}, {"key": "further-detail", "type": "clause", "offset": [596, 610]}, {"key": "security-programs", "type": "definition", "offset": [615, 632]}, {"key": "in-addition-to-the", "type": "clause", "offset": [666, 684]}, {"key": "to-the-dpa", "type": "clause", "offset": [774, 784]}, {"key": "information-of", "type": "clause", "offset": [794, 808]}, {"key": "an-employee-who", "type": "clause", "offset": [809, 824]}, {"key": "concerns-or-questions", "type": "clause", "offset": [872, 893]}], "size": 4355, "samples": [{"hash": "ecFHpQxbaRS", "uri": "/contracts/ecFHpQxbaRS#data-security", "label": "Student Data Privacy Agreement", "score": 36.5523605347, "published": true}, {"hash": "fDMej6SZQEZ", "uri": "/contracts/fDMej6SZQEZ#data-security", "label": "Student Data Privacy Agreement", "score": 36.550994873, "published": true}, {"hash": "2pSk1TwCCJX", "uri": "/contracts/2pSk1TwCCJX#data-security", "label": "Student Data Privacy Agreement", "score": 36.5318260193, "published": true}], "snippet": "The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit \u201cF\u201d. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit \u201cH\u201d. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit \u201cF\u201d. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who \u2587\u2587\u2587 may contact if there are any data security concerns or questions.", "hash": "2b3cb4f54d79fe6b6932f60dd987f0b4", "id": 1}, {"snippet_links": [{"key": "provider-agrees-to", "type": "clause", "offset": [4, 22]}, {"key": "data-security-measures", "type": "definition", "offset": [54, 76]}, {"key": "consistent-with", "type": "definition", "offset": [78, 93]}, {"key": "standards-and-technology", "type": "clause", "offset": [103, 127]}, {"key": "best-practices", "type": "clause", "offset": [128, 142]}, {"key": "student-data", "type": "definition", "offset": [155, 167]}, {"key": "unauthorized-disclosure", "type": "clause", "offset": [173, 196]}, {"key": "unauthorized-person", "type": "definition", "offset": [218, 237]}, {"key": "general-security", "type": "clause", "offset": [243, 259]}, {"key": "duties-of-provider", "type": "clause", "offset": [260, 278]}, {"key": "further-detail", "type": "clause", "offset": [313, 327]}, {"key": "security-programs", "type": "definition", "offset": [332, 349]}, {"key": "not-limited", "type": "clause", "offset": [424, 435]}], "size": 1465, "samples": [{"hash": "kt7JQIg0dpr", "uri": "/contracts/kt7JQIg0dpr#data-security", "label": "Wisconsin Student Data Privacy Agreement", "score": 36.4154777527, "published": true}, {"hash": "fWkSaQovY3", "uri": "/contracts/fWkSaQovY3#data-security", "label": "Wisconsin Student Data Privacy Agreement", "score": 36.3936386108, "published": true}, {"hash": "ebAPRst2stE", "uri": "/contracts/ebAPRst2stE#data-security", "label": "Wisconsin Student Data Privacy Agreement", "score": 36.2464866638, "published": true}], "snippet": "The Provider agrees to abide by and maintain adequate data security measures, consistent with industry standards and technology best practices, to protect Student Data from unauthorized disclosure or acquisition by an unauthorized person. The general security duties of Provider are set forth below. Provider may further detail its security programs and measures in Exhibit \u201cF\u201d hereto. These measures shall include, but are not limited to:", "hash": "d97620338a3aaffee4ad0ed3a0a8307a", "id": 2}, {"snippet_links": [{"key": "the-operator", "type": "clause", "offset": [0, 12]}, {"key": "agrees-to", "type": "clause", "offset": [13, 22]}, {"key": "data-security-measures", "type": "definition", "offset": [54, 76]}, {"key": "consistent-with", "type": "definition", "offset": [78, 93]}, {"key": "standards-and-technology", "type": "clause", "offset": [103, 127]}, {"key": "best-practices", "type": "clause", "offset": [128, 142]}, {"key": "protect-data", "type": "clause", "offset": [147, 159]}, {"key": "unauthorized-disclosure", "type": "clause", "offset": [165, 188]}, {"key": "unauthorized-person", "type": "definition", "offset": [210, 229]}, {"key": "general-security", "type": "clause", "offset": [235, 251]}, {"key": "duties-of-operator", "type": "clause", "offset": [252, 270]}, {"key": "further-detail", "type": "clause", "offset": [307, 321]}, {"key": "security-programs", "type": "definition", "offset": [326, 343]}, {"key": "not-limited", "type": "clause", "offset": [409, 420]}], "size": 384, "samples": [{"hash": "8zEW9frWVCX", "uri": "/contracts/8zEW9frWVCX#data-security", "label": "Data Privacy Agreement", "score": 33.6055793762, "published": true}, {"hash": "arxVY0uaSWV", "uri": "/contracts/arxVY0uaSWV#data-security", "label": "Data Privacy Agreement", "score": 33.5828361511, "published": true}, {"hash": "301UhNiFbVB", "uri": "/contracts/301UhNiFbVB#data-security", "label": "Data Privacy Agreement", "score": 33.5616722107, "published": true}], "snippet": "The Operator agrees to abide by and maintain adequate data security measures, consistent with industry standards and technology best practices, to protect Data from unauthorized disclosure or acquisition by an unauthorized person. The general security duties of Operator are set forth below. Operator shall further detail its security programs and measures in Exhibit F. These measures shall include, but are not limited to:", "hash": "4fc9d8aba652764c8f9f54eaae9d3a54", "id": 6}, {"snippet_links": [{"key": "provider-agrees-to", "type": "clause", "offset": [4, 22]}, {"key": "data-security-measures", "type": "definition", "offset": [54, 76]}, {"key": "consistent-with", "type": "definition", "offset": [78, 93]}, {"key": "standards-and-technology", "type": "clause", "offset": [103, 127]}, {"key": "best-practices", "type": "clause", "offset": [128, 142]}, {"key": "unauthorized-disclosure", "type": "clause", "offset": [173, 196]}, {"key": "unauthorized-person", "type": "definition", "offset": [218, 237]}, {"key": "general-security", "type": "clause", "offset": [243, 259]}, {"key": "duties-of-provider", "type": "clause", "offset": [260, 278]}, {"key": "further-detail", "type": "clause", "offset": [313, 327]}, {"key": "security-programs", "type": "definition", "offset": [332, 349]}, {"key": "passwords-and-employee-access", "type": "clause", "offset": [369, 398]}, {"key": "provider-shall", "type": "clause", "offset": [400, 414]}, {"key": "access-to-the-services", "type": "clause", "offset": [475, 497]}, {"key": "access-to-student-data", "type": "clause", "offset": [600, 622]}, {"key": "performing-the-services", "type": "clause", "offset": [660, 683]}, {"key": "employees-with", "type": "clause", "offset": [685, 699]}, {"key": "confidentiality-agreements", "type": "clause", "offset": [741, 767]}, {"key": "all-employees", "type": "clause", "offset": [797, 810]}, {"key": "access-to-student-records", "type": "clause", "offset": [816, 841]}, {"key": "criminal-background-checks", "type": "clause", "offset": [853, 879]}], "size": 412, "samples": [{"hash": "8C8IWhcSFfb", "uri": "/contracts/8C8IWhcSFfb#data-security", "label": "Student Data Privacy Agreement", "score": 32.5681152344, "published": true}, {"hash": "1oExIhyPqwN", "uri": "/contracts/1oExIhyPqwN#data-security", "label": "Student Data Privacy Agreement", "score": 32.5434799194, "published": true}, {"hash": "9xE5BTNkCp7", "uri": "/contracts/9xE5BTNkCp7#data-security", "label": "Student Data Privacy Agreement", "score": 32.3628120422, "published": true}], "snippet": "The Provider agrees to abide by and maintain adequate data security measures, consistent with industry standards and technology best practices, to protect Student Data from unauthorized disclosure or acquisition by an unauthorized person. The general security duties of Provider are set forth below. Provider may further detail its security programs and measures in\na. Passwords and Employee Access. Provider shall secure usernames, passwords, and any other means of gaining access to the Services or to Student Data, at a level suggested by Article 4.3 of NIST 800-63-3. Provider shall only provide access to Student Data to employees or contractors that are performing the Services. Employees with access to Student Data shall have signed confidentiality agreements regarding said Student Data. All employees with access to Student Records shall pass criminal background checks.", "hash": "def1f2235add7217285a0bc735bdb98e", "id": 5}, {"snippet_links": [{"key": "the-contractor-will", "type": "clause", "offset": [0, 19]}, {"key": "the-security", "type": "clause", "offset": [29, 41]}, {"key": "state-of-florida-data", "type": "definition", "offset": [45, 66]}, {"key": "not-limited", "type": "clause", "offset": [82, 93]}, {"key": "secure-area", "type": "definition", "offset": [112, 123]}, {"key": "subcontractors-will", "type": "clause", "offset": [234, 253]}, {"key": "the-services", "type": "clause", "offset": [273, 285]}, {"key": "outside-of-the-united-states", "type": "clause", "offset": [291, 319]}, {"key": "and-the-contractor", "type": "clause", "offset": [321, 339]}, {"key": "any-state", "type": "definition", "offset": [355, 364]}, {"key": "outside-the-united-states", "type": "definition", "offset": [432, 457]}, {"key": "to-contractor", "type": "definition", "offset": [462, 475]}, {"key": "action-or-inaction", "type": "clause", "offset": [478, 496]}, {"key": "in-the-event-of-a", "type": "clause", "offset": [498, 515]}, {"key": "security-breach", "type": "definition", "offset": [516, 531]}, {"key": "the-contractor-shall", "type": "clause", "offset": [565, 585]}, {"key": "the-department", "type": "clause", "offset": [618, 632]}, {"key": "within-one-business-day", "type": "clause", "offset": [633, 656]}, {"key": "for-purposes-of-this-section", "type": "clause", "offset": [676, 704]}, {"key": "refer-to", "type": "definition", "offset": [710, 718]}, {"key": "availability-of-data", "type": "clause", "offset": [789, 809]}, {"key": "data-breach", "type": "clause", "offset": [818, 829]}, {"key": "provide-the", "type": "clause", "offset": [870, 881]}, {"key": "incident-report", "type": "definition", "offset": [905, 920]}, {"key": "the-right", "type": "clause", "offset": [1016, 1025]}, {"key": "sole-discretion", "type": "definition", "offset": [1033, 1048]}, {"key": "a-third-party", "type": "clause", "offset": [1059, 1072]}, {"key": "audit-contractor", "type": "clause", "offset": [1076, 1092]}, {"key": "independent-report", "type": "clause", "offset": [1119, 1137]}, {"key": "cooperate-with", "type": "clause", "offset": [1169, 1183]}, {"key": "the-third-party", "type": "definition", "offset": [1184, 1199]}, {"key": "comply-with", "type": "definition", "offset": [1226, 1237]}, {"key": "hipaa-requirements", "type": "definition", "offset": [1242, 1260]}, {"key": "state-and-federal-rules-and-regulations", "type": "clause", "offset": [1275, 1314]}, {"key": "security-of-information", "type": "clause", "offset": [1325, 1348]}], "size": 1107, "samples": [{"hash": "jWcujwW2dYH", "uri": "/contracts/jWcujwW2dYH#data-security", "label": "State Term Contract for Defense Products", "score": 34.3114509583, "published": true}, {"hash": "2iSS7hXSHY5", "uri": "/contracts/2iSS7hXSHY5#data-security", "label": "Alternate Contract Source Agreement", "score": 34.0476303101, "published": true}, {"hash": "hsK0l5Tq3MC", "uri": "/contracts/hsK0l5Tq3MC#data-security", "label": "Alternate Contract Source Agreement", "score": 33.8103218079, "published": true}], "snippet": "The Contractor will maintain the security of State of Florida data including, but not limited to, maintaining a secure area around any displayed visible data and ensuring data is stored and secured when not in use. The Contractor and subcontractors will not perform any of the services from outside of the United States, and the Contractor will not allow any State of Florida data to be sent by any medium, transmitted, or accessed outside the United States due to Contractor\u2019s action or inaction. In the event of a security breach involving State of Florida data, the Contractor shall give notice to the Customer and the Department within one business day. \u201cSecurity breach\u201d for purposes of this section will refer to a confirmed event that compromises the confidentiality, integrity, or availability of data. Once a data breach has been contained, the Contractor must provide the Department with a post-incident report documenting all containment, eradication, and recovery measures taken. The Department reserves the right in its sole discretion to enlist a third party to audit Contractor\u2019s findings and produce an independent report, and the Contractor will fully cooperate with the third party. The Contractor will also comply with all HIPAA requirements and any other state and federal rules and regulations regarding security of information.", "hash": "4c688cbbd574246a1a8d9f8807652553", "id": 4}, {"snippet_links": [{"key": "provider-agrees-to", "type": "clause", "offset": [4, 22]}, {"key": "technical-safeguards", "type": "definition", "offset": [61, 81]}, {"key": "student-data", "type": "definition", "offset": [102, 114]}, {"key": "unauthorized-access", "type": "definition", "offset": [120, 139]}, {"key": "the-provider-shall", "type": "clause", "offset": [201, 219]}, {"key": "adhere-to", "type": "clause", "offset": [220, 229]}, {"key": "applicable-law", "type": "definition", "offset": [234, 248]}, {"key": "relating-to", "type": "definition", "offset": [249, 260]}, {"key": "based-on", "type": "definition", "offset": [341, 349]}, {"key": "nationally-recognized-standards", "type": "definition", "offset": [361, 392]}, {"key": "further-detail", "type": "clause", "offset": [571, 585]}, {"key": "security-programs", "type": "definition", "offset": [590, 607]}, {"key": "in-addition-to-the", "type": "clause", "offset": [641, 659]}, {"key": "to-the-dpa", "type": "clause", "offset": [749, 759]}, {"key": "information-of", "type": "clause", "offset": [769, 783]}, {"key": "an-employee-who", "type": "clause", "offset": [784, 799]}, {"key": "concerns-or-questions", "type": "clause", "offset": [847, 868]}], "size": 1234, "samples": [{"hash": "leJYMFBSicW", "uri": "/contracts/leJYMFBSicW#data-security", "label": "Student Data Privacy Agreement", "score": 36.5099334717, "published": true}, {"hash": "3iCup6SsZDl", "uri": "/contracts/3iCup6SsZDl#data-security", "label": "Student Data Privacy Agreement", "score": 36.4921340942, "published": true}, {"hash": "jKuKfDLNyTl", "uri": "/contracts/jKuKfDLNyTl#data-security", "label": "Student Data Privacy Agreement", "score": 36.4893951416, "published": true}], "snippet": "The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth in Exhibit \u201cF\u201d. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit \u201cF\u201d. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who \u2587\u2587\u2587 may contact if there are any data security concerns or questions.", "hash": "b6d2cd9c1ab1ce73499b5a6e08e73196", "id": 3}, {"snippet_links": [{"key": "the-contractor-will", "type": "clause", "offset": [0, 19]}, {"key": "security-of", "type": "clause", "offset": [33, 44]}, {"key": "state-of-florida-data", "type": "definition", "offset": [45, 66]}, {"key": "not-limited", "type": "clause", "offset": [82, 93]}, {"key": "secure-area", "type": "definition", "offset": [112, 123]}], "size": 250, "samples": [{"hash": "k1X9a0zTvtM", "uri": "/contracts/k1X9a0zTvtM#data-security", "label": "Information Technology Staff Augmentation Services Contract", "score": 36.550994873, "published": true}, {"hash": "d9EqtLnmpt3", "uri": "/contracts/d9EqtLnmpt3#data-security", "label": "State Term Contract for Information Technology Staff Augmentation Services", "score": 36.5249824524, "published": true}, {"hash": "9VPKzY7dclO", "uri": "/contracts/9VPKzY7dclO#data-security", "label": "State Term Contract for Information Technology Staff Augmentation Services", "score": 36.5181388855, "published": true}], "snippet": "The Contractor will maintain the security of State of Florida data including, but not limited to, maintaining a secure area around any displayed visible data and ensuring data is stored and secured when not in use. \u201c", "hash": "8ed01adbdb42f829520b4f6d075dd7f1", "id": 8}, {"snippet_links": [{"key": "section-3", "type": "definition", "offset": [0, 9]}, {"key": "article-v", "type": "definition", "offset": [29, 38]}, {"key": "data-provisions", "type": "clause", "offset": [40, 55]}, {"key": "industry-standard", "type": "definition", "offset": [98, 115]}], "size": 109, "samples": [{"hash": "6BNUI8C7LWj", "uri": "/contracts/6BNUI8C7LWj#data-security", "label": "Student Data Privacy Agreement", "score": 36.2411079407, "published": true}, {"hash": "9r4zZag9mQk", "uri": "/contracts/9r4zZag9mQk#data-security", "label": "Student Data Privacy Agreement", "score": 35.9552459717, "published": true}, {"hash": "dZSPUJw0xVJ", "uri": "/contracts/dZSPUJw0xVJ#data-security", "label": "Student Data Privacy Agreement", "score": 35.3136940002, "published": true}], "snippet": "Section 3 (Data Security) of Article V (Data Provisions) of the SDPA is hereby amended by adding \u201cindustry standard\u201d after \u201cutilize\u201d in the first sentence.", "hash": "b79b6a571c22f7aa6d8ac3233a73caf3", "id": 9}, {"snippet_links": [{"key": "to-maintain", "type": "clause", "offset": [20, 31]}, {"key": "comprehensive-information-security-program", "type": "clause", "offset": [34, 76]}, {"key": "the-security", "type": "clause", "offset": [116, 128]}, {"key": "integrity-of", "type": "clause", "offset": [160, 172]}, {"key": "student-personal-information", "type": "definition", "offset": [173, 201]}, {"key": "physical-safeguards", "type": "definition", "offset": [266, 285]}, {"key": "general-security", "type": "clause", "offset": [291, 307]}, {"key": "duties-of-provider", "type": "clause", "offset": [308, 326]}, {"key": "not-limited", "type": "clause", "offset": [384, 395]}], "size": 94, "samples": [{"hash": "kbBTT6MklMy", "uri": "/contracts/kbBTT6MklMy#data-security", "label": "Data Privacy Agreement", "score": 36.0841140747, "published": true}, {"hash": "bfYPhgP92RO", "uri": "/contracts/bfYPhgP92RO#data-security", "label": "Data Privacy Agreement", "score": 36.0271530151, "published": true}, {"hash": "4Dl4abJRZ8y", "uri": "/contracts/4Dl4abJRZ8y#data-security", "label": "Data Privacy Agreement", "score": 36.0216903687, "published": true}], "snippet": "The Provider agrees to maintain a comprehensive information security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information and makes use of appropriate administrative, technological, and physical safeguards. The general security duties of Provider are set forth below. These duties shall include, but are not limited to:", "hash": "17de9eb04213442a0da4ea63f64e3afe", "id": 10}, {"snippet_links": [{"key": "contractor-agrees-to", "type": "clause", "offset": [4, 24]}, {"key": "data-security-measures", "type": "definition", "offset": [56, 78]}, {"key": "consistent-with", "type": "definition", "offset": [80, 95]}, {"key": "best-practices", "type": "clause", "offset": [110, 124]}, {"key": "educational-technology", "type": "clause", "offset": [136, 158]}], "size": 289, "samples": [{"hash": "1xIKumQbzIf", "uri": "/contracts/1xIKumQbzIf#data-security", "label": "Utah Student Data Privacy Agreement", "score": 36.5003471375, "published": true}, {"hash": "ltVNPxdowKQ", "uri": "/contracts/ltVNPxdowKQ#data-security", "label": "Utah Student Data Privacy Agreement", "score": 36.3663215637, "published": true}, {"hash": "3vTOlJK6dUa", "uri": "/contracts/3vTOlJK6dUa#data-security", "label": "Utah Student Data Privacy Agreement", "score": 36.1137313843, "published": true}], "snippet": "The Contractor agrees to abide by and maintain adequate data security measures, consistent with standards and best practices within the educational technology industry,", "hash": "4370d152727b47c6eaadb7db5f801be6", "id": 7}], "next_curs": "ClYSUGoVc35sYXdpbnNpZGVyY29udHJhY3RzcjILEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IhZkYXRhLXNlY3VyaXR5IzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"parents": [["notices", "Notices"], ["data-provisions", "Data Provisions"], ["advertising-limitations", "Advertising Limitations"], ["contract-management", "Contract Management"], ["other-fees-and-charges", "Other Fees and Charges"]], "size": 14646, "children": [["security-protocols", "Security Protocols"], ["security-technology", "Security Technology"], ["employee-training", "Employee Training"], ["passwords-and-employee-access", "Passwords and Employee Access"], ["periodic-risk-assessment", "Periodic Risk Assessment"]], "title": "Data Security", "id": "data-security", "related": [["privacy-and-data-security", "Privacy and Data Security", "Privacy and <strong>Data Security</strong>"], ["data-security-and-privacy-plan", "Data Security and Privacy Plan", "<strong>Data Security</strong> and Privacy Plan"], ["data-security-and-privacy", "Data Security and Privacy", "<strong>Data Security</strong> and Privacy"], ["data-security-requirements", "Data Security Requirements", "<strong>Data Security</strong> Requirements"], ["confidentiality-and-data-security", "Confidentiality and Data Security", "Confidentiality and <strong>Data Security</strong>"]], "related_snippets": [], "updated": "2026-04-02T05:40:27+00:00"}, "json": true, "cursor": ""}}