Safeguarding PII. If Grantee or any of its Subcontractors will or may receive PII under this Agreement, Grantee shall provide for the security of such PII, in a manner and form acceptable to the State, including, without limitation, State non-disclosure requirements, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections, and audits. Grantee shall be a “Third-Party Service Provider” as defined in §24-73-103(1)(i), C.R.S. and shall maintain security procedures and practices consistent with §§00-00-000 et seq., C.R.S.
Safeguarding PII. If Contractor or any of its Subcontractors will or may receive PII under this Contract, Contractor shall provide for the security of such PII, in a manner and form acceptable to the State, including, without limitation, State non-disclosure requirements, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections, and audits. Contractor shall be a “Third-Party Service Provider” as defined in §24-73-103(1)(i), C.R.S. and shall maintain security procedures and practices consistent with §§00-00-000 et seq., C.R.S.
Safeguarding PII. (a) CDO and CAC must ensure that PII is protected with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure. Specifically, CDO is required to establish and CDO and CAC are required to implement operational, technical, administrative and physical safeguards that are consistent with any applicable laws and ensure that:
Safeguarding PII. In keeping with the standards and implementation specifications used by the FFEs, a Non-Exchange Entity must ensure that PII is protected with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.
Safeguarding PII. If Grantee or any of its Subcontractors will or may receive PII under this Agreement, Grantee shall provide for the security of such PII, in a manner and form acceptable to the State, including, without limitation, all State requirements relating to non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections, and audits. Grantee shall take full responsibility for the security of all PII in its possession or in the possession of its Subcontractors, and shall hold the State harmless for any damages or liabilities resulting from the unauthorized disclosure or loss thereof. Grantee shall be a “Third-Party Service Provider” as defined in CRS §24-73-103(1)(i) and shall maintain security procedures and practices consistent with CRS §§00-00-000 et seq.
Safeguarding PII. In keeping with the standards and implementation specifications used by PHIEA, Enrollment Assister must ensure that PII is protected with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure. The Enrollment Assister is required to establish and implement operational, technical, administrative, and physical safeguards that are consistent with any applicable laws that ensure:
Safeguarding PII. If Grantee or any of its Subcontractors will or may receive PII under this Agreement, Grantee shall provide for the security of such PII, in a manner and form acceptable to the State, including, without limitation, all State requirements relating to non-disclosure, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections, and audits. Grantee shall take full responsibility for the security of all PII in its possession or in the possession of its Subcontractors, and shall hold the State harmless for any damages or liabilities resulting from the unauthorized disclosure or loss thereof. Grantee shall be a “Third-Party Service Provider” as defined in CRS §24-73-103(1)(i) and shall maintain security procedures and practices consistent with CRS §§00-00-000 et seq. In addition, as set forth in § 00-00-000, et. seq., C.R.S., Vendor, including, but not limited to, Vendor’s employees, agents and Subcontractors, agrees not to share any PII with any third parties for the purpose of investigating for, participating in, cooperating with, or assisting with Federal immigration enforcement. If Vendor is given direct access to any State databases containing PII, Vendor shall execute, on behalf of itself and its employees, the certification PII Individual Certification Form or PII Entity Certification Form [Download form from Hyperlink] on an annual basis and Vendor’s duty shall continue as long as Vendor has direct access to any State databases containing PII. If Vendor uses any Subcontractors to perform services requiring direct access to State databases containing PII, the Vendor shall require such Subcontractors to execute and deliver the certification to the State on an annual basis, so long as the Subcontractor has access to State databases containing PII.
Safeguarding PII. If Grantee or any of its Subcontractors will or may receive PII under this Agreement, Grantee shall provide for the security of such PII, in a manner and form acceptable to the State, including, without limitation, State non-disclosure requirements, use of appropriate technology, security practices, computer access security, data access security, data storage encryption, data transmission encryption, security inspections, and audits. Grantee shall be a “Third-Party Service Provider” as defined in §24-73-103(1)(i), C.R.S. and shall maintain security procedures and practices consistent with §§00-00-000 et seq., C.R.S. In addition, as set forth in § 00-00-000, et. seq., C.R.S., Contractor, including, but not limited to, Contractor’s employees, agents and Subcontractors, agrees not to share any PII with any third parties for the purpose of investigating for, participating in, cooperating with, or assisting with Federal immigration enforcement. If Contractor is given direct access to any State databases containing PII, Contractor shall execute, on behalf of itself and its employees, the certification attached hereto as Exhibit D on an annual basis Contractor’s duty and obligation to certify as set forth in Exhibit D shall continue as long as Contractor has direct access to any State databases containing PII. If Contractor uses any Subcontractors to perform services requiring direct access to State databases containing PII, the Contractor shall require such Subcontractors to execute and deliver the certification to the State on an annual basis, so long as the Subcontractor has access to State databases containing PII.
Safeguarding PII. (a) CDO and CAC must ensure that PII is protected with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure. Specifically, CDO is required to establish and CDO/CAC are required to implement operational, technical, administrative and physical safeguards that are consistent with any applicable laws and ensure that: PII is only used by or disclosed to those authorized to receive or view it; PII is protected against any reasonably anticipated threats or hazards to the confidentiality, integrity, and availability of such information; PII is protected against any reasonably anticipated uses or disclosures of such information that are not permitted or required by law; and PII is securely destroyed or disposed of in an appropriate and reasonable manner and in accordance with record retention requirements under the CDO-CMS Agreement and the agreement between CDO and CAC. CDO must monitor, periodically assess, and update the security controls and related system risks to ensure the continued effectiveness of those controls. CDO must develop and CDO/CAC must utilize secure electronic interfaces when transmitting PII electronically.
Safeguarding PII. Agents/Brokers/Entities must ensure that PII is protected with reasonable operational, administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.
