DATA PROTECTION & SECURITY. 6.1 If the Data includes any identifiable Personal Data, the Recipient shall:-
DATA PROTECTION & SECURITY. Suppliers are responsible for data protection, privacy compliance, and security control validation/ certification of their subcontractors. • For data classified as Confidential, Confidential – Internal Use Only or Restricted, data should be encrypted using AES-256 or stronger. • To protect data integrity, data should be hashed using SHA-256 or stronger. • All Confidential hard copy data that is no longer required must be shredded by use of a crosscut shredder. • The print process must be adequately secured to prevent unauthorized disclosure/access. • Extra precautions must be in place to protect the Confidential Information stored on portablesystems or mobile devices. Devices and data must be stored securely when not in use. • Portable systems with Confidential Information must not transfer data by use of Personal Area Networks • Web sites and applications must be backed up in accordance with Business Continuity andDisaster Recovery requirements. • Supplier must secure all backup media during transportation and in storage. • Supplier should catalog all media so that a missing storage unit (and which unit it is) shall be easily identified. Supplier should not label media in such a way that it discloses the datait contains or its owner company in a manner that is easily identified by an outsider. • Supplier should maintain system and application backups that support a total system restorefor a 30-day period as a minimum. Backup media must be on separate media from the system. • Supplier must destroy all Confidential Information within 30 days of termination of Supplier contract. Copies of Confidential Information on system backup media that is co-mingled with other system data are not included.
DATA PROTECTION & SECURITY. 8.1 For the purposes of this clause 8, the meaning of personal data, data processor and data controller shall be determined in accordance with the Data Protection Xxx 0000.
DATA PROTECTION & SECURITY. 15.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 15 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation.
DATA PROTECTION & SECURITY. 12.1 The Contractor shall comply with all applicable requirements of the Data Protection Laws.
DATA PROTECTION & SECURITY. 4.1 In rendering the Services, Xxxxxx may from time to time be provided with, or have access to, information of Customer, Business User or Candidate which may qualify as Personal Data.
DATA PROTECTION & SECURITY. 12.1 The Merchant and the Service Provider undertake to provide appropriate data protection and to ensure confidentiality, availability and accuracy of data. They shall, in particular, be obliged to ensure reasonable protection of their systems against unauthorised or accidental destruction, accidental loss, technical errors, falsification, theft, unlawful use, unauthorised alteration, copying, access and other unauthorised activities.
DATA PROTECTION & SECURITY. The provisions contained within the Data Processing Agreement shall apply to this Agreement (as may be amended or updated from time to time).
DATA PROTECTION & SECURITY. 8.1 The parties acknowledge their respective duties and obligations under the Data Protection Xxx 0000 (“DPA”) and the Freedom of Information Xxx 0000 (“FOIA”) (and any other applicable laws or obligations regarding the use of personal data) and shall give all reasonable assistance to each other where appropriate or necessary to comply with such duties.
DATA PROTECTION & SECURITY. Suppliers are responsible for data protection, privacy compliance, and security control validation/ certification of their subcontractors. For data classified as McAfee Enterprise Confidential Information, McAfee Enterprise Confidential – Internal Use Only or McAfee Enterprise Restricted, data should be encrypted using AES-128 or stronger. To protect data Integrity, data should be hashed using SHA-256 or stronger. All Confidential hard copy data that is no longer required must be shredded by use of a crosscut shredder. The print process must be adequately secured to prevent unauthorized disclosure/access. Extra precautions must be in place to protect the confidential data stored on portable systems or mobile devices. Devices and data must be stored securely when not in use. Portable systems with confidential data must not transfer data by use of Personal Area Networks Web sites and applications must be backed up in accordance with Business Continuity and Disaster Recovery requirements. Supplier must secure all backup media during transportation and in storage. Supplier should catalog all media so that a missing storage unit (and which unit it is) shall be easily identified. Supplier should not label media in such a way that it discloses the data it contains or its owner company in a manner that is easily identified by an outsider. Supplier should maintain system and application backups that support a total system restore for a 30-day period as a minimum. Backup media must be on separate media from the system. Supplier must destroy all confidential data within 30 days of termination of Supplier contract. Copies of McAfee Enterprise Confidential Information on system backup media that is co-mingled with other system data are not included. Extranet Requirements All extranet connectivity into McAfee Enterprise must be through secure communications. All data exchanged with McAfee Enterprise for mission or business critical functions, (B2B), require secure intercompany communications (ICC) implemented by McAfee Enterprise IT Engineering services. The McAfee Enterprise program manager is responsible for communications funding and will arrange for Suppliers to engage with the McAfee Enterprise engineering services team. Supplier is responsible for implementing the secure protocols at their sites Deviation from Use Any deviation from the requirements of this standard must be approved in writing by McAfee Enterprise Information Security.
