Ti	=	Data Protection and Privacy
1.sec	=	While the {_Training_Data} is in the possession or control of {_Data_User}, {_Data_User} agrees to implement and maintain reasonable physical, administrative, and technical safeguards to protect the {_Training_Data} from inadvertent or unauthorized access, disclosure, use, or modification, taking into account the sensitivity of such {_Training_Data}.
2.sec	=	All use and storage of the {_Training_Data} by {_Data_User} will be consistent in all material respects with the data handling guidelines or frameworks set forth in Attachment {Annex.ProjectDetails.Xnum}, if any.
Comment: To the extent Data Provider requires compliance with any particular security standards, such as an ISO or NIST standard, these can be added to Attachment {Annex.ProjectDetails.Xnum}.	=
3.sec	=	Each {_party} will cooperate with the other to ensure the provision, use and storage of the {_Training_Data} is in compliance with applicable laws, including any applicable data protection or privacy laws, as further described in Attachment {Annex.DataPrivacy.Xnum}.
Comment: Attachment B may be used to set out, e.g., any applicable GDPR terms. As another example, if HIPAA applies, Attachment B may take the form of a Business Associate Agreement, or may specify that the Data Provider is required to de-identify the data prior to providing it to Data User.	=
4.sec	=	{_Data_User} will promptly notify {_Data_Provider} in the event of any unauthorized access, disclosure, use or modification of the {_Training_Data} and will reasonably cooperate with {_Data_Provider} to remediate and resolve such security breach to the reasonable satisfaction of {_Data_Provider}.
5.sec	=	{_Data_User} will not attempt to identify any natural person from any anonymized or de-identified {_Personal_Data} included in the {_Training_Data}.
Comment: If desired and agreed by the parties, an audit provision could be added to the Agreement to allow Data Provider to confirm compliance with these requirements.	=
	=	[G/Z/ol-a/s5]