8.7

Transmitted Electronic Data. Each party shall take commercially reasonable steps

to maintain and to apply to all electronic data transmitted to the other party under

the Agreement up-to-date and reasonable anti-virus software to guard against

viruses, worms, trojan horses or other software routines, programs or mechanisms

that would permit unauthorized access into, disable, erase in whole or in part or

otherwise adversely affect electronic systems, software, data or equipment of the

other party. Neither Employer nor VRSCO shall permit any of their respective

personnel to introduce into electronic data transmitted between them under this

Agreement any virus, worm, trojan horse or other software routine, program or

mechanism to permit unauthorized access into, to disable, to erase in whole or in

part or otherwise to adversely affect the systems, software, data or equipment of

the other party. Furthermore, Employer and VRSCO agree that each VRSCO

User and each Approved Vendor authorized to access Retirement Manager shall

be required to consent to a “Terms of Use” policy displayed on Retirement

Manager, and that only VRSCO-approved methods of transmission of data

between VRSCO and the Vendors are implemented to ensure reasonable

practices, protective measures, and security procedures as necessary are in place

to protect all electronic data that is transmitted between VRSCO and the Vendors

(including, but not limited to, electronic transmission or the physical delivery of

electronically recorded data or printed reports/funds delivered via United States

Postal Service (USPS)). Provided, however, in no event shall Employer be

responsible for any damages or loss caused by electronic data transmitted to

VRSCO or any VRSCO information system by VRSCO, a VRSCO User, a

Participating Employee, or a Vendor.

8.8

Reporting Security Breaches.

8.8.1 Each party shall promptly report to the other any material system,

equipment or software malfunction, error, breakage or security breach that

involves or may reasonably affect the accuracy or integrity of any data

transmitted to the other party or the unauthorized disclosure of such data,

that the reporting party detects or believes is imminent or is likely to have

occurred. In the event of a security breach, each party shall cooperate

with the other to investigate such breach, to reduce the effects of such

breach, to mitigate damage and to restore lost code or data.

8.8.2 In the event of a security breach concerning Retirement Manager or any

Employer Data or Participating Employee Data, Employer, VRSCO, and

the VRSCO Users shall cooperate to investigate such breach, to reduce the

effects of such breach, to mitigate any damage, and to restore lost code or

data.

6