Extract from PDS contract with LexisNexis - commenced 21 September 2011
Where the Ministry provides any data to LexisNexis or that LexisNexis otherwise has access to,
1982
stores, processes, or transmits any data under or in connection with the Agreement, LexisNexis will:
• not use the data for its own purposes and use the data only to the extent necessary to provide
the services and process such data in accordance with any applicable laws, regulations, or
industry best practice or to the extent expressly authorised by the Ministry;
Act
• not permit the data to be transferred or stored outside NZ, except with the prior written consent
of the Ministry;
• keep the data (including any backup archives of data) in the possession or control of LexisNexis
from time to time secure, managed and protected, and implement and maintain appropriate
measures to prevent the loss of, unauthorised access, use, processing, disclosure, accidental loss
or destruction of or damage to, and any other misuse relating to, the data;
• not allow the data to be stored by a permitted sub-contractor without the Ministry’s prior
consent;
• keep the data confidential and not access the data itself except to the extent reasonably
necessary for the provision of the services, unless specifically authorised to by the Ministry;
Information
• not disclose the data to any other person or allow access by any other person, including anyone
within LexisNexis’ own organisation other than to personnel as appropriate and strictly
necessary for the proper performance of the personnel’s duties in relation to the obligations of
LexisNexis under the Agreement;
• comply with the requirements of all applicable laws, regulations and industry best practice when
accessing, storing, processing, or transmitting the data;
Official
• unless otherwise instructed by the Ministry or required by law or any of the Ministry’s security
requirements known to LexisNexis, securely dispose of or return the data to the extent it is held
by LexisNexis, on the Ministry’s instructions, once it is no longer required for the purposes of the
provision of the services in such a manner so that it can no longer be recovered or
the
reconstructed, including (where instructed by the Ministry from time to time) wiping data from
any LexisNexis equipment (with the exception of archived copies where data cannot physical y
be accessed or separated from other data);
• implement and maintain appropriate security measures relating to its equipment and systems
with the purpose of the prevention of unauthorised access to the data; and
under
• ensure that all software and systems deployed in the delivery of the services accords with
industry best practice in relation to the encryption systems, anti-virus, patches, updates, and
upgrades for security purposes.
Released
Document Outline