Confidentiality

Provider acknowledges that it may receive confidential, sensitive and personal information (the “Confidential Information”) from the Client and any Disclosing Party in the course of performing the Services. Confidential Information includes the information Provider receives from Client and any Disclosing Party relating to alleged instances of fraud, embezzlement, forgery and other financially-motivated, nonviolent crimes within, by or targeting the Client’s business. During the period that this Agreement is in effect, and at all times thereafter, Provider will: (a) safeguard the Client’s and Disclosing Party’s Confidential Information from improper use or disclosure with no less than the degree of care that is customary with respect to similar information within Provider’s industry and, (b) subject to the following paragraphs, neither use nor disseminate, disclose, sell, publish, or otherwise make any such Confidential Information available to any third party without the prior written consent of Client or the applicable Disclosing Party. Provider agrees to abide by the consumer privacy and information security requirements of the Gramm-Leach-Bliley Act and the applicable regulatory guidelines.

Limitations on Confidentiality Restrictions

The following information shall be deemed excluded from treatment as Confidential Information: (i) information that is generally available to and known by the public at the time of disclosure or thereafter and (ii) information that was already known to or in the possession of Provider prior to the time it was first disclosed or furnished by the Client or a Disclosing Party. If Provider is requested, required or compelled by law, subpoena, court order or civil investigative demand to disclose any Confidential Information in any manner, including but not limited to, the name or identity of the Disclosing Party, if known, Provider shall provide the Disclosing Party with prompt written notice of such request, requirement or compulsion and a description of the Confidential Information requested, required or compelled to be disclosed so that the Disclosing Party may seek an appropriate protective order or take such other steps as the Disclosing Party and its legal counsel shall deem advisable or necessary to protect the confidentiality and privacy of such Confidential Information. If, despite such efforts, Provider is compelled to disclose any Confidential Information pursuant to a valid order of a court or the lawful demand of a governmental agency, Provider shall disclose such Confidential Information only to the extent of, and for the limited purposes of, such legal order or governmental demand.

Ownership of Confidential Information

Parties hereby agree that any and all documents, information, reports and other deliverables concerning Confidential Information that is reported to, prepared by or otherwise retained by Provider, shall be the sole property of the Client. All documents, reports and other materials created by Provider hereunder concerning or containing Confidential Information shall be for the sole benefit of Client, but Provider may retain reproducible copies of all Confidential Information and any work product generated under this Agreement.