This  SISE DATA USER Agreement, effective on the date of the SISE (Sensitive Information Sharing Environment) account is created and is between the All Hazards Consortium (“AHC”) and the “DATA USER” (DATA USER) of this account.

                  WHEREAS, AHC is a nonprofit organization focused on public/private collaboration in support of homeland security, business continuity, and disaster preparedness, response & recovery.

                  WHEREAS, to further its mission,  AHC, in conjunction with other organizations, has developed a cloud-based exchange (the SISE, Sensitive Information Sharing Environment) to facilitate the sharing and synchronizing of certain proprietary and/or sensitive information to be used for operational purposes during periods  of emergency  response and  recovery,  and  such information  shall  be  treated   as  “SENSITIVE INFORMATION” hereunder.

                  WHEREAS, the DATA USER, in connection with its operations, desires to access information from the AHC and the SISE to be provided by pre-approved  DATA PROVIDERS from governmental agencies, businesses and other  organizations (the DATA PROVIDER(s))  to synchronize situational awareness  and further  facilitate collaboration, information sharing, decision making,  and  operational coordination between  these  governmental agencies, businesses and organizations in a no-fault, FOIA (Freedom of Information Act) free, private sector operated information sharing environment; and

                  WHEREAS, AHC and the SISE Data Providers are willing to disclose SENSITIVE INFORMATION  to the DATA USER and provide the DATA USER with access to SENSITIVE INFORMATION, for the purposes set forth above pursuant to the restrictions, protections, and other provisions hereof.

                  WHEREAS, AHC and the SISE will use technology that supports the sharing of data without USER(s) taking possession of the data and to protect data from FOIA (Freedom of Information Requests) and non- operational use by non-approved SISE DATA USER(s).

                  NOW, THEREFORE, in consideration of the mutual covenants and promises set forth herein, the parties hereto agree as follows:

1.  SENSITIVE INFORMATION may include, but not be limited to:

1. datasets,  geospatial data, video, tabular data, maps, spreadsheets, pictures, apps, website links, documents and/or information provided to the SISE from the DATA PROVIDER, or to which the DATA PROVIDER provides access, in oral, electronic, or written form, whether or not marked or identified as sensitive for competitive, legal, or other reasons.
2.  all copies of all such documents and/or information,
3.  all other media or content that contains such  SENSITIVE INFORMATION, or other documents based upon or derived from  SENSITIVE INFORMATION, prepared by the DATA PROVIDER in connection with its operations during emergency response situation
4.  information  relating  to  the  SISE  Use Cases  approved  by the  SISE Working   Group and Committees.
5. For purposes of clarity,

1. 1. “SENSITIVE INFORMATION”  does not have the same meaning as the government’s data  labeling for FOUO (for operational use only), classified, secret  or top  secret information.
   2. all  information  such  as  customer  name,  customer  address,  customer  account number, customer  id number, customer social services number, either alone or in combination,  employee  name,  employee  id  number,  employee  address,  social security number, driver’s license number, taxpayer identification number, federal or state tax identification number, employer identification number, United States passport number, green card number/USCIS#, PCII (Protected Critical Infrastructure Information, LES (Law Enforcement Sensitive), sensitive or reserved data   for both internal and external communications  will be categorized as too sensitive and  may not be provided to the SISE based on DATA PROVIDER preference.

2.  The DATA USER shall:

1. 1. hold SENSITIVE INFORMATION in strict confidence,
   2. not disclose SENSITIVE INFORMATION  to any other person(s), organization(s), agency(s), firm(s), or corporation(s) (including, but not limited to, parents, subsidiaries, or affiliates of the  DATA USER),  outside of the  SISE  unless previously  approved  by the  SISE  DATA PROVIDER,
   3. not  use  SENSITIVE INFORMATION   other  than  in connection with its operations during emergency response and/or recovery situations, and in accordance with the Use Case(s) set forth by the SISE Working Group,
   4. limit reproduction of SENSITIVE INFORMATION  to the extent  required for its operations during emergency response  and/or recovery situations, or the  SISE  Use Case planning processes
   5. when applicable, store SENSITIVE INFORMATION,  based on DATA PROVIDER permissions, in a secure  location that  is not accessible to any person  not authorized to receive the SENSITIVE INFORMATION under the SISE provisions hereof, and
   6. otherwise use at least the same degree of care to avoid publication or dissemination of SENSITIVE INFORMATION  to  its employs (or would employs) with respect  to  its own SENSITIVE  information which it does  not  (or would not)  desire to  have  published or disseminated.

3.  AHC and the Data Providers, at any time, shall have the right to request adequate assurances that the foregoing restrictions and protections concerning SENSITIVE INFORMATION are being observed and the DATA USER shall be obligated to promptly provide AHC and the Data Providers with the requested assurances.

4.  Notwithstanding the  provisions of paragraph  2 hereof,  the  DATA USER  may disclose SENSITIVE INFORMATION to its directors, officers, employees, and in house contractors (collectively, “Agents”) who have a legitimate “need to know” of such SENSITIVE INFORMATION in connection with the DATA USER’s operations during emergency response and/or recovery situations, provided that each such

      Agent first:

1. is advised by the DATA USER of the SENSITIVE nature of such information; and
2. is caused by the DATA USER to agree in writing to be bound by and observe the provisions of this SISE DATA USER Agreement as though the Agent were a DATA USER.
3. Notwithstanding the foregoing, the DATA USER shall be responsible to AHC for any act or omission of the  DATA  USER’s  Agents which,  if committed by the  DATA  USER,  would constitute a breach of this DATA USER Agreement; and
4. data  sharing or access to the  information, unless otherwise defined, shall be limited screen  sharing technology or access to the  SISE’s cloud based,  information exchange platform and the specific information product

5.  The SISE will provide multiple tiers of DATA USER access security to protect  SENSITIVE INFORMATION:

1. Tier 1 – data supporting use cases in this tier will be accessible by SISE DATA USER(s) who are vetted  and  approved  via the  SISE  identity verification process  that  includes the creation of a SISE DATA USER profile, agreement with SISE DATA USER AGREEMENT terms & conditions. User profiles will contain user submitted information: name, organization, address, cell phone, valid email, and other survey information relevant to the users work and areas of interest.
2. Tier 2 – data supporting use cases in this level will be accessible by vetted SISE USER(s) from Tier 1 with the additional protections of a new agreement  and use of a 2-factor authentication process for each login.
3. Tier 3 – data supporting use cases in this level will be accessible by vetted SISE Users from Tier 1 with the additional protections to be defined by the DATA PROVIDER.

6.  Notwithstanding the provisions of paragraph 2 hereof, if the DATA USER or its Agents, pursuant to applicable law or regulation or legal process, are requested or required to disclose any SENSITIVE INFORMATION, the DATA USER shall,

1. provide AHC with prompt written notice of such request or requirement to enable AHC and the applicable Data Providers to consult with the DATA USER with regard to the steps that may be taken by AHC or the applicable Data Providers to reduce the extent of SENSITIVE INFORMATION that must be disclosed and/or,
2. to enable AHC or the applicable DATA PROVIDERS to seek an appropriate protective order or other remedy reducing the extent of SENSITIVE INFORMATION that must be disclosed.
3. In any event, the DATA USER and its Agents shall disclose only such SENSITIVE INFORMATION which they are advised by legal counsel is legally required to comply with such applicable law or regulation or legal process (as such may be affected by any protective order or other remedy obtained by AHC or the applicable Data Providers) and,
4. the DATA USER and its Agents shall use reasonable efforts to ensure  that  all SENSITIVE INFORMATION that is so disclosed will be accorded to the appropriate treatment.

7.  In some cases, the DATA PROVIDER may share digital information with the SISE DATA USER(s) via email or other digital or non-digital for Where applicable, within five (5) days after the earlier of (a) the end of the emergency response and/or recovery situation has ended (as defined by the AHC/SISE) for which the SENSITIVE INFORMATION was accessed, and (b) AHC’s written demand, the DATA USER shall:

1. destroy and delete, and cause its Agents to destroy and delete, all copies of the SENSITIVE INFORMATION including all copies of all documents and of all other media that contain any SENSITIVE INFORMATION and all copies of any extracts, compilations, screen shots, studies or other documents prepared  by the DATA USER, or its Agents based on or derived from SENSITIVE INFORMATION; and
2. certify to AHC that the destruction and deletion by the DATA USER and its Agents required by clause (a) above has occurred by having a duly authorized officer of the DATA USER (or, if the DATA USER is not a corporation, agency, or other entity with officers, then the DATA USER shall  have an authorized person of similar position and authority in the DATA USER) complete, execute  and deliver to AHC (at the address for AHC pursuant  to paragraph  9 hereof) a certification in the  form attached  hereto  as  Exhibit A.   Compliance with this paragraph 5 shall not relieve the DATA USER from compliance with the other provisions of this DATA USER Agreement.

8.  Nothing in this DATA USER Agreement shall be construed as granting or conferring any rights, by license or otherwise, expressly, implicitly, or otherwise, under any patents,  copyrights or trade secrets of AHC or any of the Data Providers. Nothing in this DATA USER Agreement shall be construed as requiring the disclosure of, or the granting of access to, any SENSITIVE INFORMATION to the DATA USER, and the DATA USER’s access to SENSITIVE INFORMATION may be terminated at any time.  No rights or obligations other than those expressly stated herein shall be implied from this DATA USER Agreement.

9.  The DATA USER understands and agrees that neither AHC/SISE nor any of the DATA PROVIDERS are making any representations or warranties, express or implied, as to the accuracy or completeness of the  SENSITIVE INFORMATION,   or any portion thereof,  and that  AHC and the  DATA PROVIDERS disclaim any and all liability from the use or reliance on the SENSITIVE INFORMATION.

10.  The DATA USER and its Agents shall not be relieved of their obligations hereunder  with respect to any SENSITIVE INFORMATION by reason of its availability to the public by publication or otherwise at any time and regardless of whether  it was available to the public before or after it was disclosed pursuant to this DATA USER Agreement.

11.  The parties acknowledge that disclosure or misuse of SENSITIVE INFORMATION  in violation of this DATA USER Agreement may result in irreparable harm to AHC and the Data Providers, the amount of which may be difficult to ascertain, and which could not be adequately compensated  by monetary damages,  and  that  therefore  AHC  and  the applicable Data Providers are  entitled to  specific performance and/or injunctive relief to enforce compliance with the provisions of this DATA USER Agreement.

12.  All notices and other correspondence  hereunder  shall be in writing and shall be sent by certified mail (return  receipt requested),  by personal delivery, or by a nationally recognized overnight courier service, as follows:

If to the DATA USER:

• to the name and address for the DATA USER first written above

If to AHC:

• All Hazards Consortium, 47 E. South Street, Suite 201, Frederick, MD 20701
• Attn:  Tom Moran, Executive Director

A  parties  may change  the  address  or addressee  for notices  and other  correspondence  to  it hereunder  by notifying the other party by written notice given pursuant hereto.

13.  The DATA USER irrevocably submits to the jurisdiction of the courts located within MARYLAND with regard  to any dispute or controversy arising out  of or relating to this DATA PROVIDER AGREEMEN    The DATA PROVIDER  agrees  that  service of process  on it in relation to  such jurisdiction may be made by certified mail, return receipt requested, addressed to the AHC at the address  for the AHC pursuant  to paragraph  10 hereof and that  such service shall be deemed sufficient even under  circumstances where, apart from this paragraph  11, there  would be no jurisdictional basis for such service.  The AHC agrees that  service of process on it may also be affected in any manner permitted by law.

14.  This  DATA USER Agreement shall be interpreted, and the  rights and obligations of the  parties determined, in accordance with the laws of – MARYLAND without recourse to such state’s choice of law rules.

15.  This DATA USER Agreement may be executed in one or more counterparts, each of which shall be deemed an original, but all of which shall together constitute one and the same instrument. Copies of this DATA USER Agreement and copies of signatures on this DATA USER Agreement, including any such copies delivered by facsimile or .pdf, shall be treated for all purposes as original

16.  This DATA USER Agreement may not be amended or modified except by the AHC.

17.  This  DATA USER Agreement shall be binding upon, and inure to the  benefit of, the  permitted successors and assigns of each party; provided, however, that this DATA USER Agreement may not be assigned by a party without the prior written consent of the other  party and any purported assignment without such consent shall be void.

18.  This DATA USER Agreement constitutes the entire agreement  between  the parties with respect to the  subject  matter  hereof  and  any prior or contemporaneous oral or written agreements  or understandings with respect to such subject matter are merged herein.

19.  This DATA USER Agreement shall be construed as to its fair meaning and not strictly for or against either party.

20.  No portion of this DATA USER Agreement is binding upon a party until it is accepted by the DATA USER via:

1. the online SISE User Account Creation page or,
2. executed  in writing via a signed written agreement  on behalf of that  party in the space provided below and delivered to the AHC/SISE.
3. Prior to such execution and delivery, neither the submission, exchange, return, discussion, nor the negotiation of this document, whether or not this document is then designated as a “draft” document, shall have any binding effect on a party.

21.  The DATA PROVIDERS are third party beneficiaries of this DATA USER Agreement and may enforce those  provisions of this DATA USER  Agreement in which the DATA PROVIDERS    are specifically referenced.

22. The AHC does not endorse or guarantee any the 3rd party links to DATA PROVIDER websites, portals, apps, etc. The products and services offered on DATA PROVIDER sites are not products of the AHC and the AHC cannot attest  to the accuracy of information provided by the linked sites. Linking to a DATA PROVIDER website does not constitute endorsement by AHC, or any of its stakeholders (e.g., officers, working group members, contactors, employees or public/private stakeholders, sponsors, e) of the sponsors of the site or the datasets,  information or products presented on the site(s). Other websites which DATA USERS may link to from the AHC are not bound by AHC Security & Privacy Policies, or this DATA USER agreement.

23. As with all disasters, this information is subject to change without notice. The All Hazards Consortium, the SISE, the Multi-State Fleet Response Working Group, the utilities involved, and the states, expressly disclaim any liability whatsoever, for any usage of this information by its recipient. Recipient’s usage of this data constitutes a waiver of any claim it may have with respect to its use of the data. Please consider all information operationally confidential.