Common use of Protection of Personal Data and Information Clause in Contracts

Protection of Personal Data and Information. The Contractor certifies that all steps will be taken to ensure the security and confidentiality of all Commonwealth data for which the Contractor becomes a holder, either as part of performance or inadvertently during performance, with special attention to restricting access, use and disbursement of personal data and information under X.X. x. 93H and c. 66A and Executive Order 504. The Contractor is required to comply with X.X. x. 93I for the proper disposal of all paper and electronic media, backups or systems containing personal data and information, provided further that the Contractor is required to ensure that any personal data or information transmitted electronically or through a portable device be properly encrypted using (at a minimum) Information Technology Division (ITD) Protection of Sensitive Information, provided further that any Contractor having access to credit card or banking information of Commonwealth customers certifies that the Contractor is PCI compliant in accordance with the Payment Card Industry Council Standards and shall provide confirmation compliance during the Contract, provide further that the Contractor shall immediately notify the Department in the event of any security breach including the unauthorized access, disbursement, use or disposal of personal data or information, and in the event of a security breach, the Contractor shall cooperate fully with the Commonwealth and provide access to any information necessary for the Commonwealth to respond to the security breach and shall be fully responsible for any damages associated with the Contractor’s breach including but not limited to X.X. x.

Protection of Personal Data and Information. The Contractor certifies that all steps will be taken to ensure the security and confidentiality of all Commonwealth data for which the Contractor becomes a holder, either as part of performance or inadvertently during performance, with special attention to restricting access, use and disbursement of personal data and information under X.X. x. 93H and c. 66A and Executive Order 504. The Contractor is required to comply with X.X. x. 93I for the proper disposal of all paper and electronic media, backups or systems containing personal data and information, provided further that the Contractor is required to ensure that any personal data or information transmitted electronically or through a portable device be properly encrypted using (at a minimum) Information Technology Division (ITD) Protection of Sensitive Information, provided further that any Contractor having access to credit card or banking information of Commonwealth customers certifies that the Contractor is PCI compliant in accordance with the Payment Card Industry Council Standards and shall provide confirmation compliance during the Contract, provide further that the Contractor shall immediately notify the Department in the event of any security breach including the unauthorized access, disbursement, use or disposal of personal data or information, and in the event of a security breach, the Contractor shall cooperate fully with the Commonwealth and provide access to any information necessary for the Commonwealth to respond to the security breach and shall be fully responsible for any damages associated with the Contractor’s breach including but not limited to X.X. x.x. 214, s. 3B.

Protection of Personal Data and Information. The Contractor certifies that all steps will be taken to ensure the security and confidentiality of all Commonwealth data for which the Contractor becomes a holder, either as part of performance or inadvertently during performance, with special attention to restricting access, use and disbursement of personal data and information under X.X. x. 93H and c. 66A and Executive Order 504. The Contractor is required to comply with X.X. x. 93I for the proper disposal of all paper and electronic media, backups or systems containing personal data and information, provided further that the Contractor is required to ensure that any personal data or information transmitted electronically or through a portable device be properly encrypted using (at a minimum) Information Technology Division COMMONWEALTH TERMS AND CONDITIONS (ITDClient) Protection of Sensitive Information, provided further that any Contractor having access to credit card or banking information of Commonwealth customers certifies that the Contractor is PCI compliant in accordance with the Payment Card Industry Council Standards and shall provide confirmation compliance during the Contract, provide further that the Contractor shall immediately notify the Department in the event of any security breach including the unauthorized access, disbursement, use or disposal of personal data or information, and in the event of a security breach, the Contractor shall cooperate fully with the Commonwealth and provide access to any information necessary for the Commonwealth to respond to the security breach and shall be fully responsible for any damages associated with the Contractor’s breach including but not limited to X.X. x.x. 214, s. 3B.