Common use of Record Security Clause in Contracts

Record Security. (a) Provider shall not use any information received from Bank or obtained as a result of Services performed for Bank except as necessary in the ordinary course of business to perform Services hereunder. Provider shall implement appropriate administrative, technical, and physical safeguards and other appropriate measures to protect the security, confidentiality and integrity of information received from Bank or in connection with the Services provided for Bank. These measures shall be designed to ensure the security and confidentiality of such information, protect against any anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any consumer. (b) Provider shall keep and maintain originals or duplicates of all necessary records relating to all Services performed and shall provide such records to the Bank upon request. Provider shall provide Bank with access to the Program Data during all such times as the Program Data is available to Provider and to all documents and records maintained by Provider for Bank pursuant to the performance of the Services. (c) Provider agrees to comply with vendor security requirements (the “Bank Security Requirements”) issued and updated from time to time under Bank’s information security program. However, if Provider does not or cannot comply with any provision contained in any update to the Bank Security Requirements other than because of lack of an agreement to share any additional expenses to be incurred by Provider to meet or comply with such update, then Bank shall have the option to terminate this Agreement in accordance with Section 4.3 below. (d) Provider shall notify Bank immediately following discovery or notification of any actual or threatened breach of security of the systems maintained by Provider or any subcontractor that maintain information received from Bank or obtained as a result of Services performed for Bank. Provider agrees to take, or cause the applicable subcontractor to take, action immediately, at its own expense, to investigate the actual or threatened breach, to identify and mitigate the effects of any such breach and to implement reasonable and appropriate measures in response to such breach. Provider also will provide Bank with all available information regarding such breach so that it may assist Bank in implementing its information security response program and, if applicable, in notifying affected consumers. For the purposes of this subsection (d), the term “breach of security” or “breach” means the unauthorized access to or acquisition of any record containing personally identifiable information relating to a consumer who is a customer of Bank, whether in paper, electronic, or other form, in a manner that renders misuse of the information reasonably possible or that otherwise compromises the security, confidentiality, or integrity of the information. (e) Provider will use reasonable measures designed to properly dispose of all records containing personally identifiable information relating to consumers who are customers of Bank, whether in paper, electronic, or other form, including adhering to policies and procedures that require the destruction or erasure of electronic media containing such personally identifiable information so that the information cannot practicably be read or reconstructed.

Record Security. (a) Provider shall not use any information received from Bank the Banking Group or obtained as a result of Services performed for Bank the Banking Group except as necessary in the ordinary course of business to perform Services hereunder. Provider shall implement appropriate administrative, technical, and physical safeguards and other appropriate measures to protect the security, confidentiality and integrity of information received from Bank the Banking Group or in connection with the Services provided for on behalf of the Bank. These measures shall be designed to ensure the security and confidentiality of such information, protect against any anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any consumer. (b) Provider shall keep and maintain originals or duplicates of all necessary records relating to all Services performed and shall provide such records to the Bank Banking Group upon request. Provider shall provide Bank the Banking Group with access to the Program Data during all such times as the Program Data is available to Provider and to all documents and records maintained by Provider for Bank on behalf of the Banking Group pursuant to the performance of the Services. (c) Provider agrees to comply with vendor security requirements (the “Bank Security Requirements”) issued and updated from time to time under Bank’s information security program. However, if Provider does not or cannot comply with any provision contained in any update to the Bank Security Requirements other than because of lack of an agreement to share any additional expenses to be incurred by Provider to meet or comply with such update, then Bank shall have the option to terminate this Agreement in accordance with Section 4.3 below. (d) Provider shall notify Bank GE Capital immediately following discovery or notification of any actual or threatened breach of security of the systems maintained by Provider or any subcontractor that maintain information received from Bank the Banking Group or obtained as a result of Services performed for Bankthe Banking Group. Provider agrees to take, or cause the applicable subcontractor to take, take action immediately, at its own expense, to investigate the actual or threatened breach, to identify and mitigate the effects of any such breach and to implement reasonable and appropriate measures in response to such breach. Provider also will provide Bank GE Capital with all available information regarding such breach so that it may assist Bank in implementing its information security response program and, if applicable, in notifying affected consumers. For the purposes of this subsection (d), the term “breach of security” or “breach” means the unauthorized access to or acquisition of any record containing personally identifiable information relating to a consumer who is a customer of Bank, whether in paper, electronic, or other form, in a manner that renders misuse of the information reasonably possible or that otherwise compromises the security, confidentiality, or integrity of the information. (e) Provider will use reasonable measures designed to properly dispose of all records containing personally identifiable information relating to consumers who are customers of Bank, whether in paper, electronic, or other form, including adhering to policies and procedures that require the destruction or erasure of electronic media containing such personally identifiable information so that the information cannot practicably be read or reconstructed.