Permitted Disclosures. The provisions of this Section XVIII shall not apply to any Confidential Information which: (a) is or becomes commonly known to the public other than by breach of any Agreement, or any other agreement that a Party has with any other party; (b) is obtained from a third party who is lawfully authorized to disclose such information free from any obligation of confidentiality; or (c) is independently developed without reference to any Confidential Information of the other Party.
Disclosure in Compliance with Law. Nothing in this Article XVII shall prevent either Party from disclosing Confidential Information of the other Party where it is required to be disclosed by judicial, administrative, governmental or regulatory process in connection with any action, suit, proceeding or claim or otherwise by any law; provided, however, that a Party that is so required to disclose such Confidential Information shall, if legally permitted, give the other Party reasonable prior notice as soon as possible of such required disclosure so as to enable such other Party to seek relief from such disclosure requirement or measures to protect the confidentiality of the disclosure.
Unauthorized Disclosures. Each Party shall immediately notify the other Party if it becomes aware of the possession, use or knowledge of any of such other Party’s Confidential Information by any person not authorized to possess, use or have knowledge of such Confidential Information and shall at the request of such other Party provide such reasonable assistance as is required by such other Party to mitigate any damage caused thereby.
Security Events. Each Party shall maintain a documented and tested incident handling program, and ensure that all instances in which Confidential Information of the other Party has been disclosed to or accessed by an unauthorized Person (each, a “Security Event”) are considered incidents as pertains to such Party’s incident handling program. If a Party learns, or has reason to believe that a Security Event has occurred, such Party shall follow its normal response procedures in connection with such disclosure or access and, to the extent permitted under applicable Law. Each Party shall notify the other Party of any material changes made to such response procedures following the Effective Date. In connection with any Security Event which the affected Party could reasonably expect to be material to the other Party’s business, or which triggers obligations to disclose a breach relating to Nonpublic Personal Information under applicable laws, the affected Party shall reasonably cooperate and coordinate its response to such Security Event with the other Party, and, to the extent permitted under applicable Law, provide such other Party with information concerning the Security Event requested by such other Party.
Nonpublic Personal Information. Each Party shall, and shall cause its personnel to, keep NPI of the other Party confidential. Each Party shall use, disclose, receive and maintain NPI of the other Party only as necessary for the specific purpose for which the NPI was disclosed to such Party and only in accordance with the Services, GLBA, HIPPA, and any other applicable Law. Each Party shall, and shall cause its personnel to, apply to the NPI of the other Party the same security measures that such Party applies to its own NPI.
Injunctive Relief. Without prejudice to any other rights or remedies that a Party may have, each Party acknowledges that the other Party may not have an adequate remedy at law for any breach by such Party or its personnel of the provisions of this Section XVIII, and that therefore any such other Party shall be entitled to equitable relief including injunctive relief. Each Party shall provide reasonable assistance at its own expense or to join at the request of the other Party in any action against any of such Party’s personnel where such other Party is seeking equitable relief, including injunctive relief, for any such breach.