Personal Identifiable Information Security Clause Samples
The Personal Identifiable Information Security clause establishes requirements for protecting sensitive personal data collected, processed, or stored under the agreement. It typically mandates that parties implement appropriate technical and organizational measures to safeguard information such as names, addresses, identification numbers, or other data that can identify individuals. By setting these standards, the clause helps prevent unauthorized access, data breaches, and misuse of personal information, thereby ensuring compliance with privacy laws and protecting the interests of individuals whose data is involved.
Personal Identifiable Information Security. Provider shall protect and secure data in electronic form containing such PII. At a minimum, Provider’s safeguards for the protection of PII shall include:
1. Encrypting, securing or modifying such PII by any method or technology that removes elements that personally identify an individual or that otherwise renders the information unusable.
2. Limiting access of PII to Authorized Persons.
3. Securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability.
4. Implementing network, device application, database, and platform security.
5. Securing information transmission, storage, and disposal; and implementing authentication and access controls within media, applications, operating systems and equipment.
6. Encrypting PII stored on any mobile media.
7. Encrypting PII transmitted over public or wireless networks.
8. Implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks consistent with applicable law, as required by The Children’s Trust from time to time.
9. Providing written copies of appropriate privacy and information security training to Provider’s employees, as required by and to The Children’s Trust.
10. Purchasing and maintaining cyber insurance coverage, in accordance with Section K. 7.
11. Provider shall dispose, or arrange for the disposal, of customer records that contain PII within its custody or control when the records are no longer required to be retained pursuant to Sections H and O. Such disposal shall involve shredding, erasing or otherwise modifying PII in its control or possession to make it unreadable or undecipherable.
12. During the term of each Authorized Person’s employment by Provider, Provider shall at all times cause such Authorized Persons to abide strictly by Provider’s obligations under this Contract. Provider further agrees that it shall maintain a disciplinary process to address any unauthorized access, use or disclosure of PII by any of Provider’s officers, directors, partners, principals, employees, agents or contractors. Upon The Children’s Trust’s request, Provider shall promptly identify all Authorized Persons as of the date of such request to The Children’s Trust in writing.
13. Upon The Children’s Trust’s written request, Provider shall provide The Children’s Trust with a network diagra...