OBLIGATIONS REGARDING DATA
Each PARTY is solely responsible for the security of data residing on a System owned or operated by each party, or a third party designated by either party. Each PARTY will follow all applicable Governmental Requirements governing the security, collection, retention, and use of Information by either party;
Except as authorized by a CONTRACTING PARTY, DLP agrees not to use, disclose, sell or disseminate any consumer's Personally Identifiable Information (“PII”), bank or credit card information obtained in connection with this Agreement (including the names, addresses and bank or credit card account numbers of consumers) except for purposes of performing Services, or pursuant to a court or governmental agency request, subpoena or order;
Each PARTY will use proper controls for and limit access to, and render unreadable before discarding, all records containing PII, social security numbers and bank or credit account numbers;
Each PARTY will follow all legal obligations and security measures, applicable and current at the time, including but without limitation those issued by industry associations and the Federal Trade Commission, associated with the collection, security, dissemination and destruction of Data and transaction data. CONTRACTING PARTY warrants that it has taken such precautions as are necessary to ensure that CONTRACTING PARTY's Systems are reasonably secure from breach or intrusion by unauthorized third parties;
BOTH PARTIES acknowledge that they have, or may have in the future, sensitive consumer Information, including but not limited to, Personally Identifiable Information (“PII”) that may be governed by the U.S. Federal Gramm-Leach-Bliley Act, 15 U.S.C. Section 6801 et seq. (“GLBA”);
BOTH PARTIES agree to use said Information in compliance with all Governmental Requirements, including but not limited to any applicable provisions of the GLBA and the Fair Credit Reporting Act (“FCRA”);
In the event that either PARTY's system is breached and an unauthorized third party has access to or has accessed data, or that the PARTY learned it could be compromised, PARTY will verbally notify OPPOSING PARTY of such breach or potential compromise immediately, followed with written notification within twenty-four (24) hours, and will take such reasonable precautions as may be necessary to prevent such breaches from occurring in the future. DLP may delay notification if the DLP believes the benefit of delay outweighs the benefit of disclosure, or if law enforcement requests it.