Security and Safeguarding Information. (a) Confidential Information that contains Non-Public Personal Information about customers is subject to the protections created by the Xxxxx-Xxxxx-Xxxxxx Act of 1999 (the “Act”) and under the standards for safeguarding Confidential Information, 16 CFR Part 314 (2002) adopted by Federal Trade Commission (“FTC”) (the “Safeguards Rule”). Additionally, state specific laws may regulate how certain confidential or personal information is safeguarded. The parties agree with respect to the Non-Public Personal Information to take all appropriate measures in accordance with the Act, and any state specific laws, as are necessary to protect the security of the Non-Public Personal Information and to specifically assure there is no disclosure of the Non-Public Personal Information other than as authorized under the Act, and any state specific laws, and this Agreement. With respect to Confidential Information, including Non-Public Personal Information and Personally Identifiable Financial Information as applicable, each of the parties agrees that:
Security and Safeguarding Information. (a) With respect to Confidential Information, each of the parties agrees that:
Security and Safeguarding Information. The Company shall use security tools and technologies that meet or exceed industry standards in providing services under this Agreement. In the event that student data is no longer needed for the specific purpose for which it was provided, including any copies of the student data that may reside in system backups, temporary files, or other storage media, it shall be destroyed as per best practices for data destruction or returned to the Board using commercially reasonable care, security procedures and practices. The Company shall implement current commercially reasonable and acceptable security measures and technologies to prevent unauthorized access to, or use, disclosure, or loss of student data. Such measures shall in no event be less stringent than those used by other companies providing services similar to the services or possessing similar type information. Such measures shall include, where appropriate, use of updated firewalls, virus screening software, logon identification and passwords, encryption, intrusion detection systems, logging of incidents, periodic reporting, and prompt application of current security patches, virus definitions, and other updates.
