advertising, or providing investment information, advice, or

recommendations concerning stocks, bonds, securities, annuities, or other

financial products or services offered by VRSCO or any other person or

entity.

8.3.3

VRSCO may use, reuse, distribute, transmit, manipulate, copy, modify,

access, disclose, or redisclose Employer Data, so long as VRSCO obtains

the express advance written consent of Employer.

8.4

VRSCO Affiliates, Parent Companies, Subsidiaries, and Other Related Entities.

Notwithstanding any other provision of this Agreement, VRSCO will not permit

any of VRSCO’s affiliates, parent companies, subsidiaries, or other related

entities (collectively, “VRSCO Affiliates”) to use, reuse, distribute, transmit,

manipulate, copy, modify, access, disclose, or redisclose the Employer Data or the

Participating Employee Data. Provided, however, VRSCO shall be permitted to

use Employer Data or Participating Employee Data, or provide such data to

another party, whether affiliated or unaffiliated with VRSCO, but only to the

extent necessary or appropriate for VRSCO to (a) perform the Services set forth

in this Agreement or another agreement between VRSCO and the Employer, and

(b) interact with a party as a Vendor under this Agreement.

8.5

Privacy/Security Requirements. In storing, handling, and modifying information

pursuant to the Agreement, VRSCO shall comply, with respect to information that

is in its possession and control, with the following requirements as currently

specified (collectively the “Privacy/Security Requirements”): (1) the applicable

requirements of Federal programs concerning privacy and security and (2)

comparable state laws, rules and regulations. In addition, VRSCO shall cooperate

reasonably to ensure compliance with all Privacy/Security Requirements

concerning transmission of information between the parties, including, but not

limited to, electronic transmission and physical delivery of electronically recorded

data.

8.6

Data Integrity, Confidentiality, Accessibility, and Security. VRSCO shall take

commercially reasonable steps to protect the integrity, confidentiality, appropriate

accessibility, and security of the Employer Data and the Participating Employee

Data, and VRSCO shall establish, implement, and maintain policies, procedures,

safeguards, and measures to do so. These steps shall include, but not be limited

to, the following:

(1)

user authentication, role-based access restrictions;

(2)

confidential and personal passwords required for access;

(3)

physical security of VRSCO Users;

(4)

periodic evaluation of security safeguards;

(5)

software firewalls and other technical security measures; and

(6)

measures to detect and prevent intentional and unintentional corruption or

loss of data.

5