The Company will take reasonable steps to verify that all third-party service providers with access to Personal Information have the capacity to and will protect such information, including but not limited to having reasonable policies and procedures in place that are designed to detect, prevent, and mitigate Identity Theft.
Those steps to be taken by the Company will include:
• selecting and retaining only service providers that are capable of maintaining reasonable and appropriate safeguards for personal information;
• contractually requiring service providers to maintain such safeguards; and
• prior to permitting any third-party service provider access to personal information, obtaining from the service provider a written certification that the service provider has a written, comprehensive information security program that is in compliance with the provisions of all applicable federal and state laws as they may be amended from time to time.