Specific Limitations of Liability for Data Security Incidents with Respect to DXP Sample Clauses

Specific Limitations of Liability for Data Security Incidents with Respect to DXP. The following specific limitations of liability with respect to data privacy and security shall apply to Data Security Incidents in connection with Category [***] and Category [***] Services related to DXP, as those categories are defined in Section 15(d)(i)(E) of Exhibit G of this Agreement: (a) IN NO EVENT SHALL THE CONSULTANT ENTITIES BE LIABLE TO THE USCC ENTITIES (INCLUDING, FOR PURPOSES OF THIS SECTION 9.4(a), ANY OTHER PERSON OR ENTITY CLAIMING BY, THROUGH OR ON BEHALF OF ANY OF THE USCC ENTITIES INVOLVING CATEGORY B OR CATEGORY C SERVICES RELATED TO DXP BUT EXCLUDING ANY LIABILITY FOR CLAIMS BROUGHT DIRECTLY AGAINST THE CONSULTANT ENTITIES ARISING OUT OF THE CONSULTANT ENTITIES’ OBLIGATIONS INDEPENDENT OF THE USCC ENTITIES’ OBLIGATIONS) FOR ANY REASON, WHETHER IN CONTRACT, IN TORT, OR OTHERWISE, FOR ANY DAMAGES ARISING OUT OF OR BASED UPON A DATA SECURITY INCIDENT INVOLVING PII OR ANY OF THE CONSULTANT ENTITIES’ OBLIGATIONS UNDER EXHIBIT G OF THIS AGREEMENT INVOLVING CATEGORY [***] OR CATEGORY [***] SERVICES RELATED TO DXP INVOLVING PII (WHETHER SUCH CLAIM IS BROUGHT UNDER SECTION 13(a) OF EXHIBIT G OR ANY OTHER SECTION OF THIS AGREEMENT) EXCEEDING IN THE AGGREGATE THE APPLICABLE SECTION 9.4(a) DATA BREACH CAP, REGARDLESS OF THE FORM IN WHICH ANY LEGAL OR EQUITABLE ACTION MAY BE BROUGHT. AS USED HEREIN, THE “APPLICABLE SECTION 9.4(a) DATA BREACH CAP” MEANS: 1. IF A DATA SECURITY INCIDENT INVOLVES PII WHERE, (X) AT THE TIME OF THE DATA SECURITY INCIDENT, SUCH PII WAS ENCRYPTED IN ACCORDANCE WITH THE APPLICABLE ENCRYPTION STANDARDS SET FORTH IN SECTION 15(d) OF EXHIBIT G OF THIS AGREEMENT AND (Y) AN ENCRYPTION KEY FORENSIC ANALYSIS DETERMINES THAT THE ENCRYPTION KEY FOR SUCH PII HAS NOT BEEN COMPROMISED AND CONFIRMS THAT IT CAN NO LONGER BE COMPROMISED, THE GREATER OF: i. [***] DOLLARS ($[***]), OR ii. [***] PERCENT ([***]%) OF THE TOTAL MONTHLY DXP HOSTING AND OPERATIONS SERVICES FEES (AS DEFINED IN MSSOW1) PAID OR PAYABLE BY THE USCC ENTITIES TO THE CONSULTANT ENTITIES UNDER SECTION 13 OF MSSOW1 DURING THE [***] MONTHS PRECEDING THE DATE UPON WHICH THE CLAIM ACCRUED. 2. IF A DATA SECURITY INCIDENT INVOLVES PII WHERE, (X) AT THE TIME OF THE DATA SECURITY INCIDENT, SUCH PII WAS NOT ENCRYPTED IN ACCORDANCE WITH THE APPLICABLE ENCRYPTION STANDARD SET FORTH IN SECTION 15(d) OF EXHIBIT G OF THIS AGREEMENT OR (Y) SUCH PII WAS ENCRYPTED AND AN ENCRYPTION KEY FORENSIC ANALYSIS DETERMINES THAT THE ENCRYPTION KEY FOR SUCH PII HAS BEEN COMPROMISED, THE GREATER...