“Protected Information” shall be defined as data that has been designated as private or confidential by law or by the Customer. Protected Information includes, but is not limited to, employment records, medical records, student records, education records, personal financial records (or other personally identifiable information), research data, trade secrets, and classified government information. Protected Information shall not include public records that by law must be made available to the general public. To the extent there is any uncertainty as to whether any data constitutes Protected Information, the data in question shall be treated as Protected Information until a determination is made by the Customer or proper legal authority.
1. Data Confidentiality
Camino shall implement appropriate measures designed to ensure the confidentiality and security of Protected Information, protect against any anticipated hazards or threats to the integrity or security of such information, protect against unauthorized access or disclosure of information, and prevent any other action that could result in substantial harm to the Customer or an individual identified with the data or information in Camino’s custody.
2. Compliance with Laws
Camino will not knowingly permit any Camino personnel to have access to any Customer records or data if the person has been convicted of a crime in connection with
a. a dishonest act, breach of trust, or money laundering or has agreed to enter into a pretrial diversion or similar program in connection with a prosecution for such offense; or
b. a felony.
3. Network Security
Camino agrees at all times to maintain commercially reasonable network security that, at a minimum, includes: network firewall provisioning, intrusion detection/prevention, and periodic third party penetration testing.
4. Data Security
Camino agrees to protect and maintain the security of data with security measures that include maintaining secure environments that are patched and up to date with all appropriate security updates as designated by a relevant authority (e.g. Microsoft notifications, etc.). Likewise, Camino agrees to conform to the following measures to protect and secure data:
a. Data Transmission
Camino agrees that any and all transmission or exchange of system application data with Customer and/or any other parties, solely in accordance with Section 6 below, shall take place via secure means, e.g. HTTPS, FTPS, SFTP, or equivalent means.
b. Data Storage and Backup
Camino agrees that any and all Customer data will be stored, processed, and maintained solely on designated servers and that no Customer data at any time will be processed on or transferred to any portable or laptop computing device or any portable storage medium, unless that storage medium is in use as part of the Camino’s designated backup and recovery processes.
c. Data Re-use
Camino agrees that any and all data exchanged shall be used expressly and solely for the purposes of enumerated in the Agreement. Data shall
not be distributed, repurposed or shared across other applications, environments, or business units of Camino. Camino further agrees that no Customer data of any kind shall be revealed, transmitted, exchanged or otherwise passed to other Vendors or interested parties except on a case-by-case basis as specifically agreed to in writing by the Customer.
5. End of Agreement Data Handling
Camino agrees that upon termination of the Agreement, it shall return all data to the Customer in a useable electronic form.
6. Safekeeping and Security
As part of the Outsourced Service, Camino will be responsible for safekeeping all keys, access codes, combinations, access cards, personal
identification numbers and similar security codes and identifiers issued to Camino’s employees, agents, contractors, or subcontractors. Camino agrees to require its employees to promptly report a lost or stolen device or information.