“Authorized Personnel” means CoreView’s employees or subcontractors who: (i) have a need to receive or access Personal Information to enable CoreView to perform its obligations under the Agreement; and (ii) are bound with CoreView by confidentiality obligations sufficient for the protection of Personal Information in accordance with the terms and conditions set forth in the Agreement and this Exhibit.
“Critical Infrastructure Information” (CII) means information about Client’s network architecture as well as that of its customers, including information about application access, remote access procedures, user ID’s and passwords, the location and capability of central offices, data centers, data warehouses, network access points, network points of presence and other critical network sites, as well as the network elements and equipment within them, and includes any information which Clients reasonably identifies as critical infrastructure information.
“Industry Standards” mean generally recognized industry standards, best practices, and benchmarks.
“Information Protection Laws” mean all applicable laws, standards, guidelines, policies, regulations and procedures applicable to CoreView pertaining to data security, confidentiality, privacy, and breach notification.
“Personal Information” also known as Personally Identifiable Information (PII), is information of Client customers, employees and subcontractors held or accessed by CoreView that can be used on its own or combined with other information to identify, contact, or locate a person, or to identify an individual in context. Examples of Personal Information include first and last name, address, social security number or national identifier, biometric records, geolocation information, driver’s license number, account number or username with password or PIN, either alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. Personal Information includes those data elements defined under applicable state or federal law in the event of a Security Incident.
“Security Incident” is any actual occurrence of: (i) unauthorized access, use, alteration, disclosure, loss, theft of, or destruction of Personal Information or the systems / storage media containing Personal Information; (ii) illicit or malicious code, phishing, spamming, spoofing; (iii) unauthorized use of, or unauthorized access to, CoreView’s systems; (iv) inability to access Personal Information or CoreView systems as a result of a Denial of Service (DOS) or Distributed Denial of Service (DDOS) attack; and (v) loss of Personal Information due to a breach of security.
“Security Vulnerability” is an application, operating system, or system flaw (including but not limited to associated process, computer, device, network, or software weakness) that can be exploited resulting in a Security Incident.