Common use of Security Customer Data Clause in Contracts

Security Customer Data. 3.1 LPPOLICE has adopted "LPPOLICE Data Privacy Principles" ("Principles"), which may be modified from time to time, recognizing the importance of appropriate privacy protections for consumer data and Customer agrees that Customer (including its directors, officers, employees or agents) will comply with the Principles or Customer's own comparable privacy principles, policies, or practices. LPPOLICE’s Data Privacy Principles are available at the Customer’s request. Customer agrees to do the following in order to preserve the security of the Services being provided pursuant to this Agreement: 3.2 Customer acknowledges that the information available through the Services will include personally identifiable information and it is Customer’s obligation to keep all such accessed information confidential and secure. Accordingly, Customer shall: 3.2.1 Restrict access to Services to those employees who have a need to know as part of their official duties; 3.2.2 Ensure that none of its employees shall: 3.2.1 Obtain and/or use any information from the Services for personal reasons 3.2.2 Transfer any information received through the Services to any party except as permitted hereunder; 3.2.3 Keep all user identification numbers, and related passwords, or other security measures (collectively, “User IDs”) confidential and prohibit the sharing of User IDs; 3.2.4 Immediately deactivate the User ID of any employee who no longer has a need to know, or for terminated employees on or prior to the date of termination; 3.2.5 In addition to any obligations under Paragraph 2, take all commercially reasonable measures to prevent unauthorized access to, or use of, the Services or data received therefrom, whether the same is in electronic form or hard copy, by any person or entity; 3.2.6 Maintain and enforce data destruction procedures to protect the security and confidentiality of all information obtained through Services as it is being disposed; 3.2.7 Be capable of receiving the Services where the same are provided utilizing “secure socket layer,” or such other means of secure transmission as is deemed reasonable by LPPOLICE; 3.2.8 Not access and/or use the Services via mechanical, programmatic, robotic, scripted or other automated search means, other than through batch or machine-to- machine applications approved by LPPOLICE; and 3.2.9 Take all steps to protect their networks and computer environments, or those used to access the Services, from compromise. 3.3 Customer agrees that on at least a quarterly basis it will review searches performed by its User IDs to ensure that such searches were performed for a legitimate business purpose and in compliance with all terms and conditions herein. Customer will implement policies and procedures to prevent unauthorized use of User IDs and the LPPOLICE Services and will immediately notify LPPOLICE by writing to the LPPOLICE Privacy, Security and Compliance Organization at ▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Suite 216G, Beverly, MA and by email (▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇) and by phone (▇-▇▇▇-▇▇▇-▇▇▇▇), if Customer suspects, has reason to believe or confirms that a User ID for the Services (or data derived directly or indirectly therefrom) is or has been lost, stolen, compromised, misused or used, accessed or acquired in an unauthorized manner or by any unauthorized person, or for any purpose other than legitimate business reasons. Customer shall remain solely liable for all costs associated therewith and shall further reimburse LPPOLICE for any expenses it incurs due to Customer’s failure to prevent such impermissible use or access of User IDs and/or the Services, or any actions required as a result thereof. Customer acknowledges that, upon unauthorized acquisition or access of or to such personally identifiable information, including but not limited to that which is due to use by an unauthorized person or due to unauthorized use (a "Security Event"), Customer shall, in compliance with law, notify the individuals whose information was potentially accessed or acquired that a Security Event has occurred, and shall also notify any other parties (including but not limited to regulatory entities and credit reporting agencies) as may be required in LPPOLICE’s reasonable discretion. Customer agrees that such notification shall not reference LPPOLICE or the product through which the data was provided, nor shall LPPOLICE be otherwise identified or referenced in connection with the Security Event, without LPPOLICE’s express written consent. Customer shall be solely responsible for any other legal or regulatory obligations which may arise under applicable law in connection with such a Security Event and shall bear all costs associated with complying with legal and regulatory obligations in connection therewith. Customer shall remain solely liable for claims that may arise from a Security Event, including, but not limited to, costs for litigation (including attorneys’ fees), and reimbursement sought by individuals, including but not limited to, costs for credit monitoring or allegations of loss in connection with the Security Event, and to the extent that any claims are brought against LPPOLICE, shall indemnify LPPOLICE from such claims. Customer shall provide samples of all proposed materials to notify consumers and any third-parties, including regulatory entities, to LPPOLICE for review and approval prior to distribution. In the event of a Security Event, LPPOLICE may, in its sole discretion, take immediate action, including suspension or termination of Customer’s account, without further obligation or liability of any kind. Customer shall not, and shall not cause or permit others to, transmit, convey, compile, store, review, distribute or otherwise use outside of the United States, any data, including without limitation any personal information, received from LPPOLICE hereunder.

Security Customer Data. 3.1 LPPOLICE ENTERSECT has adopted "LPPOLICE ENTERSECT Data Privacy Principles" ("Principles"), which may be modified from time to time, recognizing the importance of appropriate privacy protections for consumer data and Customer agrees that Customer (including its directors, officers, employees or agents) will comply with the Principles or Customer's own comparable privacy principles, policies, or practices. LPPOLICEENTERSECT’s Data Privacy Principles are available at the Customer’s request. Customer agrees to do the following in order to preserve the security of the Services being provided pursuant to this Agreement: 3.2 Customer acknowledges that the information available through the Services will include personally identifiable information and it is Customer’s obligation to keep all such accessed information confidential and secure. Accordingly, Customer shall: 3.2.1 Restrict access to Services to those employees who have a need to know as part of their official duties; 3.2.2 Ensure that none of its employees shall: 3.2.1 Obtain and/or use any information from the Services for personal reasons 3.2.2 Transfer any information received through the Services to any party except as permitted hereunder; 3.2.3 Keep all user identification numbers, and related passwords, or other security measures (collectively, “User IDs”) confidential and prohibit the sharing of User IDs; 3.2.4 Immediately deactivate the User ID of any employee who no longer has a need to know, know or for terminated employees on or prior to the date of termination; 3.2.5 In addition to any obligations under Paragraph 2, take all commercially reasonable measures to prevent unauthorized access to, or use of, the Services or data received therefrom, whether the same is in electronic form or hard copy, by any person or entity; 3.2.6 Maintain and enforce data destruction procedures to protect the security and confidentiality of all information obtained through Services as it is being disposed; 3.2.7 Be capable of receiving the Services where the same are provided utilizing “secure socket layer,” or such other means of secure transmission as is deemed reasonable by LPPOLICEENTERSECT; 3.2.8 Not access and/or use the Services via mechanical, programmatic, robotic, scripted or other automated search means, other than through batch or machine-to- to-machine applications approved by LPPOLICEENTERSECT; and 3.2.9 Take all steps to protect their networks and computer environments, or those used to access the Services, from compromise. 3.3 Customer agrees that on at least a quarterly basis it will review searches performed by its User IDs to ensure that such searches were performed for a legitimate business purpose and in compliance with all terms and conditions herein. Customer will implement policies and procedures to prevent unauthorized use of User IDs and the LPPOLICE ENTERSECT Services and will immediately notify LPPOLICE ENTERSECT by writing to the LPPOLICE ENTERSECT Privacy, Security and Compliance Organization at ▇ ▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇, ▇▇▇▇▇ ▇▇▇, Suite 216G▇▇▇▇▇▇▇, Beverly, MA ▇▇ ▇▇▇▇▇ and by email (▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇) and by phone (▇-▇▇▇-▇▇▇-▇▇▇▇), if Customer suspects, has reason to believe or confirms that a User ID for the Services (or data derived directly or indirectly therefrom) is or has been lost, stolen, compromised, misused or used, accessed or acquired in an unauthorized manner or by any unauthorized person, or for any purpose other than legitimate business reasons. Customer shall remain solely liable for all costs associated therewith and shall further reimburse LPPOLICE ENTERSECT for any expenses it incurs due to Customer’s failure to prevent such impermissible use or access of User IDs and/or the Services, or any actions required as a result thereof. Customer acknowledges that, upon unauthorized acquisition or access of or to such personally identifiable information, including but not limited to that which is due to use by an unauthorized person or due to unauthorized use (a "Security Event"), Customer shall, in compliance with law, notify the individuals whose information was potentially accessed or acquired that a Security Event has occurred, and shall also notify any other parties (including but not limited to regulatory entities and credit reporting agencies) as may be required in LPPOLICEENTERSECT’s reasonable discretion. Customer agrees that such notification shall not reference LPPOLICE ENTERSECT or the product through which the data was provided, nor shall LPPOLICE ENTERSECT be otherwise identified or referenced in connection with the Security Event, without LPPOLICEENTERSECT’s express written consent. Customer shall be solely responsible for any other legal or regulatory obligations which may arise under applicable law in connection with such a Security Event and shall bear all costs associated with complying with legal and regulatory obligations in connection therewith. Customer shall remain solely liable for claims that may arise from a Security Event, including, but not limited to, costs for litigation (including attorneys’ fees), and reimbursement sought by individuals, including but not limited to, costs for credit monitoring or allegations of loss in connection with the Security Event, and to the extent that any claims are brought against LPPOLICEENTERSECT, shall indemnify LPPOLICE ENTERSECT from such claims. Customer shall provide samples of all proposed materials to notify consumers and any third-parties, including regulatory entities, to LPPOLICE ENTERSECT for review and approval prior to distribution. In the event of a Security Event, LPPOLICE ENTERSECT may, in its sole discretion, take immediate action, including suspension or termination of Customer’s account, without further obligation or liability of any kind. Customer shall not, and shall not cause or permit others to, transmit, convey, compile, store, review, distribute or otherwise use outside of the United States, any data, including without limitation any personal information, received from LPPOLICE ENTERSECT hereunder.