Code42 and Written Information Security Policy (WISP)

7.4 Massachusetts Security Regulations.

To the extent Code 42 receives Personal Information (defined as an individual’ s first name or initial and last name in combination with any one or more of i) Social Security Number ii) driver’s license number or other state issued identification card number or iii) financial account number, including credit or debit card numbers, Code 42 shall also implement and maintain a Comprehensive Written Information Security Program (the “Program”) that complies with the requirements of Massachusetts regulations under 201 C.M.R. 17.00 and shall provide Customer with documentation of the Program upon the Customer’s request. Code 42 shall implement, maintain, and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of all information covered by such regulations, be it electronic or hardcopy.

Code 42 warrants that, in the event of a security breach, Code 42 shall immediately inform the Customer of the breach, and take all necessary and reasonable steps to prevent any further disclosure or use. Code 42 will cooperate fully with the Customer in any data breach forensics and notification steps that the Customer deems necessary or appropriate to comply with requirements of applicable law.

Code 42 agrees, upon termination, cancellation, expiration or other conclusion of this Agreement, to destroy and not retain any copies of any and all Confidential Information that is in its possession as soon as permissible under law and Code 42’s retention schedule. “Destruction” shall mean that the Confidential Information (in whatever form) cannot practically be read, viewed, accessed or reconstructed and is otherwise destroyed as required by Mass. Gen L. 93I.

The obligations in this Section shall survive termination or expiration of this Agreement.