Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.
Security Policies IBM maintains privacy and security policies that are communicated to IBM employees. IBM requires privacy and security training to personnel who support IBM data centers. We have an information security team. IBM security policies and standards are reviewed and re-evaluated annually. IBM security incidents are handled in accordance with a comprehensive incident response procedure.
Personal Information security breach Supplier/Service Provider’s Obligations
Contractor and Employee Security Precautions A. The security aspects of working at the Correctional Facility are critical. The following security precautions are part of the site conditions and are a part of this Contract. All persons coming on the site in any way connected with this Work shall be made aware of them, and it is the (General) Contractor’s responsibility to check and enforce them.
Security Policy As part of PCI DSS, the Card Organizations require that you have a security policy that covers the security of credit card information.
Confidentiality of Contractor Information The Contractor acknowledges and agrees that this Contract and any and all Contractor information obtained by the State in connection with this Contract are subject to the State of Vermont Access to Public Records Act, 1 V.S.A. § 315 et seq. The State will not disclose information for which a reasonable claim of exemption can be made pursuant to 1 V.S.A. § 317(c), including, but not limited to, trade secrets, proprietary information or financial information, including any formulae, plan, pattern, process, tool, mechanism, compound, procedure, production data, or compilation of information which is not patented, which is known only to the Contractor, and which gives the Contractor an opportunity to obtain business advantage over competitors who do not know it or use it. The State shall immediately notify Contractor of any request made under the Access to Public Records Act, or any request or demand by any court, governmental agency or other person asserting a demand or request for Contractor information. Contractor may, in its discretion, seek an appropriate protective order, or otherwise defend any right it may have to maintain the confidentiality of such information under applicable State law within three business days of the State’s receipt of any such request. Contractor agrees that it will not make any claim against the State if the State makes available to the public any information in accordance with the Access to Public Records Act or in response to a binding order from a court or governmental body or agency compelling its production. Contractor shall indemnify the State for any costs or expenses incurred by the State, including, but not limited to, attorneys’ fees awarded in accordance with 1 V.S.A. § 320, in connection with any action brought in connection with Contractor’s attempts to prevent or unreasonably delay public disclosure of Contractor’s information if a final decision of a court of competent jurisdiction determines that the State improperly withheld such information and that the improper withholding was based on Contractor’s attempts to prevent public disclosure of Contractor’s information. The State agrees that (a) it will use the Contractor information only as may be necessary in the course of performing duties, receiving services or exercising rights under this Contract; (b) it will provide at a minimum the same care to avoid disclosure or unauthorized use of Contractor information as it provides to protect its own similar confidential and proprietary information; (c) except as required by the Access to Records Act, it will not disclose such information orally or in writing to any third party unless that third party is subject to a written confidentiality agreement that contains restrictions and safeguards at least as restrictive as those contained in this Contract; (d) it will take all reasonable precautions to protect the Contractor’s information; and (e) it will not otherwise appropriate such information to its own use or to the use of any other person or entity. Contractor may affix an appropriate legend to Contractor information that is provided under this Contract to reflect the Contractor’s determination that any such information is a trade secret, proprietary information or financial information at time of delivery or disclosure.
Patient Information Each Party agrees to abide by all laws, rules, regulations, and orders of all applicable supranational, national, federal, state, provincial, and local governmental entities concerning the confidentiality or protection of patient identifiable information and/or patients’ protected health information, as defined by any other applicable legislation in the course of their performance under this Agreement.
Disclosure of Account Information to Third Parties We will disclose information to third parties about your account or the transfers you make:
CONFIDENTIALITY/SAFEGUARDING OF INFORMATION The CONTRACTOR shall not use or disclose any information concerning the AGENCY, or information that may be classified as confidential, for any purpose not directly connected with the administration of this contract, except with prior written consent of the AGENCY, or as may be required by law.
Privacy of Customer Information (i) Seller’s Customer Information in the possession of Purchaser, other than information independently obtained by Purchaser and not derived in any manner from or using information obtained under or in connection with this Agreement, is and shall remain confidential and proprietary information of Seller. Except in accordance with this Section18(b), Purchaser shall not use any Seller’s Customer Information for any purpose, including the marketing of products or services to, or the solicitation of business from, customers, or disclose any Seller’s Customer Information to any Person, including any of Purchaser’s employees, agents or contractors or any third party not affiliated with Purchaser. Purchaser may use or disclose Seller’s Customer Information only to the extent necessary (1) for examination and audit of Purchaser’s activities, books and records by Purchaser’s regulatory authorities, (2) to protect or exercise Purchaser’s rights and privileges or (3) to carry out Purchaser’s express obligations under this Agreement and the other Program Documents (including providing Seller’s Customer Information to Takeout Buyers), and for no other purpose; provided that Purchaser may also use and disclose Seller’s Customer Information as expressly permitted by Seller in writing, to the extent that such express permission is in accordance with the Privacy Requirements. Purchaser shall take commercially reasonable steps to ensure that each Person to which Purchaser intends to disclose Seller’s Customer Information, before any such disclosure of information, agrees to keep confidential any such Seller’s Customer Information and to use or disclose such Seller’s Customer Information only to the extent necessary to protect or exercise Purchaser’s rights and privileges, or to carry out Purchaser’s express obligations, under this Agreement and the other Program Documents (including providing Seller’s Customer Information to Takeout Buyers). Xxxxxxxxx agrees to maintain an information security program and to assess, manage and control risks relating to the security and confidentiality of Seller’s Customer Information pursuant to such program in the same manner as Purchaser does in respect of its own customers’ information, and shall implement the standards relating to such risks in the manner set forth in the Interagency Guidelines Establishing Standards for Safeguarding Company Customer Information set forth in 12 CFR Parts 30, 168, 170, 208, 211, 225, 263, 308 and 364. Without limiting the scope of the foregoing sentence, Purchaser shall use at least the same physical and other security measures to protect all of Seller’s Customer Information in its possession or control as it uses for its own customers’ confidential and proprietary information.
