The URL can be used to link to this page

Home My WebLink AboutC2009-238 - 6/17/2009 - NASUBSCRIBER SERVICE AGREEMENT This Subscriber Service Agreement ("Agreement") is entered into by ONLINE Information Services, Inc., (hereafter referred to as "ONLINE"), a North Carolina corporation, dba/the ONLINE Utility Exchange and City of Corpus Christi hereafter referred to as "Subscriber', Texas corporation as of Juke. 1 ~, aoo~. ONLINE and Subscriber agree as follows: 1. Services. Through the ONLINE Utility Exchange, ONLINE maintains a centralized database containing credit and consumer data information pertaining to the payment history of utility bills and other services that ONLINE may, from time to time, make available to Subscriber. ONLINE will furnish consumer information from this database to Subscriber. ONLINE will also furnish services to Subscriber involving the supply of consumer and business information. The source of this information may be credit information, consumer information, credit scaring services, fraud detection, and criminal records provided by national credit reporting repositories, national criminal record databases, and/or local county systems. The ONLINE Utility Exchange provides access to Subscriber to Experian Credit Information Service's database. Any mention of rights or obligations to ONLINE within this agreement shall also apply to Experian, Equifax, and Trans Union. ("Services"). 2. Charges to Subscriber. Subscriber agrees to pay ONLINE for all charges for each Subscriber inquiry (including "no record found") submitted to ONLINE as outlined in SCHEDULE A "ONLINE Charges to Subscriber." ONLINE reserves the rights to change these charges upon sixty (60) days notice to Subscriber. However, Subscriber is exempt from payment of Monthly Access Fees and exempt from fee for Viewing Pulled Report as long as this Agreement has not been terminated by Subscriber. Subscriber will be solely responsible for all federal, state and local taxes levied or assessed in connection with ONLINE's performance of the Services, other than income taxes assessed with respect to ONLINE's taxable net income, for which income taxes ONLINE will be solely responsible. 3. Payment. All billing is processed monthly and is payable within 30 days following the invoice date. All invoices will be delivered via electronic mail to the address designated in the billing address section on the signature page on this Agreement. A service charge of 2% of the unpaid balance will be charged on all accounts not paid by the 15r day of the month following the invoice date. Services will be immediately terminated when account reaches 60 days past due. Services will not be reinstated until the full outstanding balance is paid in full. If account goes unpaid for 90 days the account will be referred to collections and/or legal proceedings initiated. Subscriber agrees to pay ONLINE's cost, including reasonable attorney fees, to recover any unpaid balance owed by Subscriber. 4. Subscriber Use. A. Subscriber hereby certifies and warrants that it will request and use credit information received from ONLINE solely in connection with credit transactions involving the consumer as to whom such information is sought, or for other "permissible purposes" as defined by the Fair Credit Reporting Act, 15 U.S.C. Section 1681 et seq. ("FCRA") and to effect the collection of unpaid debts. B. All such information shall be maintained by Subscriber in strict confidence and disclosed only to employees whose duties reasonably relate to the legitimate business purposes for which the information is requested. Subscriber will not disclose, sell or otherwise distribute to third parties any information received hereunder, except as otherwise required by law; provided, however, that if Subscriber has purchased a consumer report from ONLINE in connection with a consumer's application .for credit, and the consumer makes a timely request of Subscriber, Subscriber may share the contents of that report with the consumer as long as it does so without charge. C. Subscriber shall request consumer reports from ONLINE by electronic means. Each request will contain sufficient identifying information concerning the consumer about who the consumer report is requested to enable ONLINE to deliver the consumer report. D. ONLINE reserves the right to modify the standard inquiry format to be used by Subscriber and Subscriber agrees to abide by such modifications. E. Subscriber hereby certifies that it will properly dispose of any customer information obtained from the use of the services to include the destruction or erasure of electronic media, the burning, pulverizing, or shredding of 2009-238 the customer information so that the information cannot practicably be read or 06/17/09 )mine Information Services t Revised: 08/11/2008 UTILITY EXCHANGE F. Subscriber agrees to comply with all applicable provisions of the California Credit Reporting Agencies Act. Subscriber certifies that it IS or X IS NOT a "Retail Seller', as defined in Section 1802.3 of the California Civil Code, doing business in California and issues credit to consumers who appear in person that it will instruct its employees and agents to inspect a photo identification of the consumer at the time the application is submitted in person. This paragraph does not apply to an application for credit submitted by mail. G. Subscriber certifies that when requesting credit information on Vermont residents that it will comply with applicable provisions under Vermont law. In particular, Subscriber certifies that it will order information services related to Vermont residents that are defined as credit reports by the Vermont Fair Credit Reporting Act (VFCRA"), only after Subscriber has received prior consumer consent in accordance with VFCRA Section 2480c and applicable Vermont Rules. H. Subscriber further agrees that it will be solely responsible to ensure and require that each of its users meets and complies with applicable federal, state and local laws, rules, and regulations relating to its use of the Services and to the provision to ONLINE of Subscribers Records. Relevant laws include but are not limited to: i. Establishing reasonable procedures to insure that its employees will not request Data Services relating to themselves, their families, friends, or request consumer information on other persons other than as permitted by the FCRA, ONLINE, and this Agreement. Where adverse action is taken against a consumer that is based in whole or in part on the information contained in a consumer report provided by ONLINE, consistent with the responsibilities under the Fair Credit Reporting Act, Subscriber shall notify the Consumer to direct consumer inquiries to the CRA that provided the report and contained on the adverse action notice for such report. 5. FCRA Requirements A. Although the FCRA p rimarily regulates the operations of consumer credit reporting agencies, it also affects Subscriber as a use r of information. ONLINE has included a copy of the FCRA with Subscriber's membership kit and it is posted at http://www.ftc.gov/os/statutes/fcradoc.pdf. ONLINE suggests that Subscriber and Subscriber's employees become familiar with the following sections in particular: § 604. Permissible Purposes of Reports § 607. Compliance Procedures § 615. Requirement on users of consumer reports § 616. Civil liability for willful noncompliance § 617. Civil liability for negligent noncompliance § 619. Obtaining information under false pretenses § 621. Administrative Enforcement § 623. Responsibilities of Furnishers of Information to Consumer Reporting Agencies § 628. Disposal of Records B. Each of these sections is of direct consequence to users who obtain reports on consumers. C. As directed by the law, credit reports may be issued only if they are to be used for extending credit, review or collection of an account, employment purposes, underwriting insurance or in connection with some other legitimate business transaction such as in investment, partnership, etc. It is imperative that Subscriber identifies each request for a report to be used for employment purposes when such report is ordered. Additional state laws may also impact Subscribers usage of reports for employment purposes. D. ONLINE strongly endorses the letter and spirit of the Federal Fair Credit Reporting Act. ONLINE believes that this law and similar state laws recognize and preserve the delicate balance between the rights of the consumer and the legitimate needs of commerce. E. In addition to the Federal Fair Credit Reporting Act, other federal and state laws addressing such topics as computer crime and unauthorized access to protected databases have also been enacted. As a prospective user of consumer reports, ONLINE expects that Subscriber will comply with all relevant federal statutes and the statutes and regulations of the states in which Subscriber operates. The FCRA provides that any people who knowingly and willfully obtain information on a consumer from a consumer reporting agency under false pretenses shall be fined under Title 18 of the United States Code, or imprisoned not more than two years, or both. F. ONLINE supports consumer reporting legislation that will assure fair and equitable treatment for all consumers and users of credit information. 6. ONLINE Use. A. ONLINE acknowledges its qualification as a specialty consumer reporting agency according to the Fair Credit Reporting Act: § 603 Definitions; rules of construction [15 U.S.C. § 1681 a]: "(f) The term "consumer reporting agency" means any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports." 2 Revised: 08/11/2008 B. As a consumer reporting agency, ONLINE may only use Subscribers Records for purposes consistent with applicable federal, state, and local laws, rules, and regulations' in the identification of credit risk and/or past due collections. C. ONLINE shall not sell or furnish to any third party a list of consumers' names and addresses identified as a customer list of Subscriber, nor will ONLINE extract directly from or otherwise identify on any third party's list a list of Subscriber's customers identified as a customer list of Subscriber. In no event shall ONLINE distribute a list of Subscriber's current or previous customers outside of the uses defined in this agreement. D. Subscriber agrees that ONLINE may use Subscriber's Records to affect collection of past-due accounts listed with ONLINE Collections. E. ONLINE shall use commercially reasonable efforts to promptly and accurately process and incorporate into its database any maintenance or consumer dispute verifications furnished to it by Subscriber, in accordance with the requirements of the FCRA or other applicable state or federal law. In the event that ONLINE deems any maintenance or verification response of Subscriber to be incomplete, internally inconsistent, or otherwise inaccurate, ONLINE, in its sole discretion, may revise the item of information to conform with information supplied by the consumer, reject the maintenance or verification response and delete the information from its database, or make any other revisions that it deems necessary or appropriate. Conditions. Subscriber recognizes that ONLINE's services require the open sharing of information between utility subscribers. A. Subscriber agrees to furnish to ONLINE information from its records about its customers with whom it has established accounts. Such information will be furnished and updated no less frequently than at monthly intervals, unless otherwise agreed in writing. Subscriber hereby certifies that all information furnished to ONLINE shall be complete and accurate. Subscriber agrees to make a current list of all utility subscribers, including the service address, telephone number, place of employment and employment telephone number, well as a list of the payment experiences of Subscriber with current and previous customers. This listing of payment experiences may include customers who have unpaid utility bills more than 30 days old and prompt paying customers. Subscriber agrees that each account will be accompanied by the Social Security Number of the guarantor of the bill and, in the case of married parties or joint responsibility by more than one guarantor, the Social Security Number of each party who is responsible for payment of the bill. B. Subscriber agrees to notify ONLINE within 30 days of receipt of payment on any account which is part of ONLINE's Negative Data. C. ONLINE will only use the information provided by the City (if any) for specifed purposes identified in the agreement. ONLINE insures the information provided is not used for any inappropriate or unlawful purposes. D. Subscriber shall respond to any consumer disputes initiated by consumer within five (5) working days from receipt of dispute. Subscriber shall re-verify disputed information through either voice communication, electronic mail, or through other means as mutually agreed in writing. Subscriber certifies that all information supplied by it on any automated or manual basis in response to a consumer dispute verification request sent to it by ONLINE shall be complete and accurate. If in response to a consumer dispute verification request received from ONLINE, Subscriber desires to change any information relating to an account it has previously reported, Subscriber shall update the account information on both the verification response and in its own internal records to conform with such change. Subsequent customer record updates provided by Subscriber, shall reflect such change. E. In the event that Subscriber fails to contribute customer payment experience data to the ONLINE Utility Exchange within 180 days of the effective date of this agreement, ONLINE shall consider the Subscriber to be a Non-Data Contributing Subscriber and shall impose a Non Data Contributor Surcharge of an additional $.25 per inquiry. 8. Access to Employment Screening Reports. Subscriber may elect to receive Credit, Criminal, DMV and other consumer Information far the purpose of evaluating a potential or current employee's background. Information received by Subscriber may include data from Equifax, Experian, Trans Union, or other third party data sources. If Subscriber elects to receive Employment Reports Subscriber acknowledges the following: A. A clear and conspicuous disclosure has been made in writing to the consumer at any time before the report is procured or caused to be procured, in a document that consist solely of the disclosure, that a consumer report (to include credit and criminal) may be obtained for employment purposes. B. The consumer has authorized in writing the procurement of the Employment Report by the subscriber. C. To include on their application for employment a signed authorization and release section giving permission for the Subscriber to pull an Employment Report to investigate the applicant. D. To keep documentation on the applicant (Signed Employment Application, Copy of Employment Report) on file in their office for 2 years. E. Subscriber agrees that Employment Reports will be the only credit reporting products pulled to screen employment applicants. F. Subscriber acknowledges that before taking any adverse action based in whole or in part on the Employment Report (if an offer is not extended to applicant based on information contained within the Employment Report), a copy of the report which contains the applicant's rights under the Fair Credit Reporting Act must be given to the applicant. G. The information from ONLINE's Employment Reports will not be used in violation of any applicable federal or state equal employment opportunity law or other regulation. Subscriber hereby acknowledges receipt of the Summary of Consumer Rights. Revised: 08/11/2008 9. Tenn. This Agreement shall continue in force without any fixed date of termination. ONLINE or Subscriber may terminate this Agreement upon ten (10) days prior written notice to the other party. 10. Warranties. A. ONLINE warrants to Subscriber that ONLINE will use commercially reasonable efforts to deliver the Services promptly and accurately. Subscriber acknowledges that the Services involve information provided to ONLINE by fallible human sources and that for the fee charged for the Services, ONLINE cannot and will not be an insurer or guarantor of the accuracy or reliability of the Services, data contained in its database, or data provided with the Services. THE WARRANTY IN THE FIRST SENTENCE OF THIS PARAGRAPH IS THE ONLY WARRANTY ONLINE HAS GIVEN SUBSCRIBER WITH RESPECT TO THE SERVICES AND SUCH WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, ONLINE MIGHT HAVE GIVEN SUBSCRIBER WITH RESPECT THERETO, INCLUDING, FOR EXAMPLE AND WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. B. Credit Scoring. ONLINE's Credit Scoring Vendors warrant that these Credit Scoring Models are empirically derived and demonstrably and statistically sound and that to the extent the population to which the Credit Scoring Model is applied is similar to the population sample on which the Credit Scoring Model was developed, the Credit Scoring Model score may be relied upon by Subscriber to rank consumers in the order of the risk of unsatisfactory payment such consumers might present to Subscriber. ONLINE's Credit Scoring Vendors further warrant that so long as they provide the Credit Scoring Model, they will comply with regulations promulgated from time to lime pursuant to the Equal Credit Opportunity Act, 15 USC Section 1691 et seq. THE FOREGOING WARRANTIES ARE THE ONLY WARRANTIES ONLINE'S CREDIT SCORING VENDORS HAVE GIVEN SUBSCRIBER WITH RESPECT TO THEIR CREDIT SCORING MODEL AND SUCH WARRANTIES ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, ONLINE'S CREDIT SCORING VENDORS MIGHT HAVE GIVEN SUBSCRIBER WITH RESPECT THERETO, INCLUDING, FOR EXAMPLE, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Subscribers rights under the foregoing Warranty are expressly conditioned upon Subscriber's periodic revalidation of the Credit Scoring Model in compliance with the requirements of Regulation B as it may be amended from time to time (12 CFR Section 202 et seq.). 11. Limitation of Liability regarding information provided by ONLINE to Subscriber. Subscriber acknowledges that ONLINE maintains a database, updated on a periodic basis, from which Subscriber solicits information, and that ONLINE does not undertake a separate investigation for each inquiry or request for Services made by Subscriber. Subscriber also acknowledges that ONLINE provides Subscriber access to Experian's national credit reporting repository and various products and services available to Subscriber from Experian through ONLINE. ONLINE may also provide Subscriber with access to Equifax and Trans Union's national credit reporting repositories. With regard to limitation of liability, any mention of ONLINE shall also apply to Experian, Equifax, and Trans Union. Subscriber also acknowledges that the prices ONLINE charges Subscriber for the Services are based upon ONLINE's expectation that the risk of any loss or injury that may be incurred by use of the Services will be borne by Subscriber and not ONLINE. Subscriber therefore agrees that it is responsible for determining that the Services are in accordance with ONLINE's obligations under this Agreement. If Subscriber reasonably determines that the Services do not meet ONLINE's obligations under this Agreement, Subscriber shall so notify ONLINE in writing within ten (10) days after receipt of the Services in question. Subscriber's failure to so notify ONLINE shall mean that Subscriber accepts the Services as is, and ONLINE shall have no liability whatsoever for the Services. Unless ONLINE disputes Subscriber's claim, ONLINE shall, at its option, either re-perform the Services in question or issue Subscriber a credit for the amount Subscriber paid for the nonconforming Services. This re-performance or credit constitutes Subscriber's sole remedy and DNLINE'S maximum liability for any complaints raised by Subscriber regarding information provided to Subscriber by ONLINE.. If, notwithstanding the above, liability is imposed on ONLINE regarding information provided by ONLINE to Subscriber, then Subscriber agrees that ONLINE's total liability for any or all of Subscriber's losses or injuries from QNLINE'S acts or omissions under this Agreement related to information provided by ONLINE to Subscriber , regardless of the nature of the legal or equitable right claimed to have been violated, shall not exceed the amount covered by insurance limits. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, UNDER NO CIRCUMSTANCES WILL EITHER PARTY HAVE ANY OBLIGATION OR LIABILITY TO THE OTHER HEREUNDER FOR ANY INCIDENTAL, INDIRECT, CONSEQUENTIAL OR SPECIAL DAMAGES INCURRED BY THE OTHER PARTY (INCLUDING DAMAGES FOR LOST BUSINESS, LOST PROFITS OR DAMAGES TO BUSINESS REPUTATION), REGARDLESS OF HOW SUCH DAMAGES ARISE AND REGARDLESS OF WHETHER OR NOT A PARTY WAS ADVISED SUCH DAMAGES MIGHT ARISE. 12. Intellectual Property. Subscriber acknowledges that ONLINE has expended substantial time, effort and funds to create and deliver the Services and compile its consumer credit reporting database. The Services and the data in DNLINE'S consumer credit reporting database is and will continue to be ONLINE's exclusive property. Nothing contained in this Agreement shall be deemed to convey to Subscriber or to any other party any right, title or interest, including any patent, copyright or other proprietary right, in or to the Services or data in QNLINE'S consumer credit reporting database. Subscriber will not use or permit its employees, agents and subcontractors to use, the trademarks, service marks, logos, names, or any other of ONLINE's or its affiliates' proprietary designations, whether registered or unregistered, without ONLINE's prior written consent. 13. Access Security Requirements: Subscriber agrees that ONLINE and Subscriber must work together to protect the privacy and information of consumers. The following information security measures are designed to reduce 4 Revised: 08/11/2008 unauthorized access to consumer information. It is your responsibility to implement these controls. If you do not understand these requirements or need assistance, it is your responsibility to employ an outside service provider to assist you. Capitalized terms used herein have the meaning given in the Glossary attached as Exhibit A. ONLINE reserves the right to make changes to Access Security Requirements without notification. The information provided herewith provides minimum baselines far information security. In accessing ONLINE's services, you agree to follow these security requirements: A. Implement Strong Access Control Measures i. Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password. ii. Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel. iii. You must request your Subscriber Code password be changed immediately when: • any system access software is replaced by system access software or is no longer used; • the hardware on which the software resides is upgraded, changed or disposed of iv. Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s). v. Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency's infrastructure. Each user of the system access software must also have a unique logon password. vi. Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users' profles. vii. Keep user passwords Confidential. viii. Develop strong passwords that are: • Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) • Contain a minimum of seven (7) alpha/numeric characters for standard user accounts ix. Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. x. Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. xi. Restrict the number of key personnel who have access to credit information. xii. Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application. xiii. Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. xiv. Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. xv. After normal business hours, turn off and lock all devices or systems used to obtain credit information. xvi. Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information. B. Maintain a Vulnerability Management Program i. Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates. ii. Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks. iii. Implement and follow current best security practices for Computer Virus detection scanning services and procedures: • Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks. • If you suspect an actual or potential virus, immediately cease accessing the ONLINE system and do not resume the inquiry process until the virus has been eliminated. • On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files. iv. Implement and follow current best security practices for network anti-Spyware scanning services and procedures: • Use, implement and maintain a current, commercially available network anti-Spyware scanning product on all computers, systems and networks. • If you suspect actual or potential Spyware, immediately cease accessing the ONLINE system and do not resume the inquiry process until the problem has been resolved and eliminated. • Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers. • Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company's computers have unfiltered or unblocked Revised: 08/11/2008 access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly. C. Protect Data i. Develop and follow procedures to ensure that Subscriber utility customer data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.) ii. All credit reporting agency data is classified as Confidential and must be secured to this requirement at a minimum. iii. Procedures for transmission, disclosure, storage, destruction and any other information modalities or media should address all aspects of the lifecycle of the information. iv. Encrypt all credit reporting agency data and information when stored on any laptop computer and in the database using AES or 3DES with 128-bit key encryption at a minimum. v. Only open email attachments and links from trusted sources and after verifying legitimacy. D. Develop and Maintain an Information Security Policy i. Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule. ii. Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identifcation and prosecution of violators. iii. The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information. iv. Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization. E. Build and Maintain a Secure Network i. Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed using industry best security practices. ii. Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used. iii. Administrative access to Firewalls and servers must be performed through a secure internal wired connection only. iv. Any stand alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services and network traffic. v. Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available. vi. Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point. F. Regularly Monitor and Test Networks i. Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning). ii. Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit reporting agency systems and networks. These controls should be selected and implemented to reduce the risk of infltration, hacking, access penetration or exposure to an unauthorized third party by: • protecting against intrusions; • securing the computer systems and network devices; • and protecting against intrusions of operating systems or software. G. Record Retention: The Federal Equal Opportunities Act states that a creditor must preserve all written or recorded information connected with an application for 60 months. In keeping with the ECOA, the credit reporting agency requires that you retain the credit application and, if applicable, a purchase agreement for a period of not less than 60 months. When conducting an investigation, particularty following a breach or a consumer complaint that your company impermissibly accessed their credit report, the credit repoding agency will contact you and will request a copy of the original application signed by the consumer or, i(applicable, a copy of the sales contract. "Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2, 500 per violation." Confidentiality. All information, access granted, and services delivered and conveyed by ONLINE Information Services, Inc. and/or its representatives, whether furnished before or after the date hereof, and regardless of the manner in which it was furnished, is referred to in this agreement as CONFIDENTIAL information, whether or not marked "CONFIDENTIAL" and whether disclosed orally or in writing via any medium, including electronic. This provision is subject to compliance with Texas Public Information Act, Chapter 552, Texas Government Code. Waiver. Either party may at any time waive compliance by the other with any covenant or condition contained in this Agreement, but only by written instrument signed by the party waiving such compliance. No such waiver, however, shall be Revised: 08/11/2008 deemed to constitute the waiver of any such covenant or condition in any other circumstance or the waiver of any other covenant or condition. 14. Successors and Assigns. This Agreement will be binding upon and will inure to the benefit of the parties hereto and their respective heirs, representatives, successors and permitted assignees. This Agreement may not be assigned, transferred, shared or divided in whole or in part by either party without prior written consent of other party ,such consent shall not be unreasonably withheld. 15. Audit Rights. Subscriber understands that ONLINE and each of the national credit repositories requires the right to audit usage by Subscriber for compliance of requirements of the Federal Fair Credit Reporting Act. Subscriber herein agrees to cooperate fully with any compliance audit by a national credit repository and to provide ONLINE any required documentation or other information necessary for such an audit in a timely and reasonable manner. 16. Excusable Delays. Neither party shall be liable for any delay or failure in its performance under this Agreement (other than for payment obligations hereunder) if and to the eMent that such delay or failure is caused by events beyond the reasonable control of the party including, without limitation, acts of God or public enemies, labor disputes, equipment malfunctions, computer downtime, software defects, material or component shortages, supplier failures, embargoes, rationing, acts of local, state or national governments or public agencies, utility or communication failures or delays, fre, earthquakes, Flood, epidemics, riots and strikes. 17. Dispute Resolution. The parties agree that any disputes which may arise between them concerning this Agreement, must be submitted for determination and resolution, first to the Assistant City Manager for the City, and to for ONLINE, and thereafter to the City Manager for the City, and to for ONLINE. The parties agree to submit to this informal dispute resolution process prior to instituting any other legal remedy. 18. Bureau Surcharges. Subscriber acknowledges that Credit Repositories may impose additional surcharges for access to files that are affiliate owned or that reside in certain States or Counties. Examples of these charges include Equifax Affiliate owned fles, California Privacy Act Surcharges, and Alaska and Colorado State surcharges. In the event that a file is accessed which has such a surcharge, ONLINE reserves the right to pass that Surcharge along to the Subscriber. 19. Severability. This Agreement shall be deemed to be severable and, if any provision is determined to be void or unenforceable, then that provision will be deemed severed and the remainder of the Agreement will remain in effect. 20. Site Inspection. Subscriber agrees to an inspection of its premises by an independent Third Party Inspection Agency. The national credit repository required inspection is to be completed, in a timely manner, before any services will be set up with our company. 21. Continuance of Business. In the event that Subscriber's business is sold or relocates to a different location, it is the Subscriber's obligation to notify ONLINE, in writing, of these changes, within 72 business hours of the effective date of the transaction or the relocation. 22. Governing Law. The laws of the State of Texas shall govern this agreement. Any action hereunder shall be brought only in the State of Texas. If any provision is found void, invalid, or unenforceable, it will not affect the validity of the balance of this agreement, which shall remain valid. All rights not specifically granted in this agreement are reserved by ONLINE Information Services, Inc 23. Contract in Entirety; Law. This Agreement sets forth the entire understanding and agreement between ONLINE and Subscriber concerning the Services, and supersedes any prior or contemporaneous oral or written agreements or representations. It may be modified only by a written amendment executed by both parties. This Agreement shall be interpreted in accordance with the laws of the State of North Carolina. 24. Definitions. ONLINE represents and warrants that ONLINE is a consumer reporting agency as defined in Section 182.051 of the Texas Utilities, which reads as follows: "Consumer reporting agency means a person, who for a monetary fee or payment of dues, or on a cooperative nonprofit basis, regularly engages in the practice of assembling or evaluating consumer credit information or other information relating to consumers in order to furnish a consumer report to a third party." 25. Effective Date. This Agreement is effective beginning on the date executed by the Subscriber. (Effective Date). 26. Insurance. Online agrees to comply with the attached insurance requirements. IN WITNESS WHEREOF, the parties authorized representatives have executed this Agreement on the date indicated below. Subscriber hereby certifies to have read and understand the "FCRA Requirements" notice and "Access Security Requirements" and will take all reasonable measures to enforce them within Subscribers facility. Subscriber certifies that a permissible purpose exists to use all Services accessed from ONLINE in accordance with the Fair Credit Reporting Act and the applicable service agreement. Subscriber also certifies that information obtained from ONLINE will be used for the purpose(s) listed below and no other. Subscriber will not resell the report to any third party. Revised: 08/11/2008 PERMISSIBLE PURPOSE/APPROPRIATE USE: Describe the specific purpose (A clear definition) for which ONLINE Services and consumer data will be used. (An answer like "Checking Credit" is not a permissible purpose.): T' c~«,..olti tM~ ~i~ ~~fi t2c~v-~t-.,c f1y-- r~Ir~,~ rear-A~r\~ D/~a,.~tol-, o-F id~t~.-h'~'~, `~'l~~l', Subscriber: City of.Corpus Christi Signature: r+ :rt/ Print Name: ~/~_¢~ R' ~SG~L,a/ Title: G ~ M ti r, k <,f./ i C'bEmail: -~'QrY(4 L ~ C~ feX~s. (,pr-. Date: Federal Tax tD: ~ ~ - ~O b6O5-7 y Address of Principal Business OfFlce: 1201 Leopard Street Attn: Utilities Business Office Manager Corpus Christi, TX 78401 Billing Address: Same as above Email address to send Invoices: -{' .Yrw ~ (~ GG-f'e><c, a law, ONLINE Information Services, Inc. dba/ ONLINE Utility Exchange By: ~~ athy Keeler Account Executive ~~3~0 Address: 202 West Firetower Road Winterville, NC 28590 www.ON LINEUtilityExchanoe.com Telephone: (866) 630-6400 Fax: (800) 838-9830 Revised: 08/11/2008 Revised: 08/11/2008 SCHEDULE A ONLINE Charges to Subscriber Please denote beside each product what level user should have access. Please not that if Administrator (Admin) level is assigned, Supervisors (Super) and Users (User) will not have access to those products. And like wise if a Supervisor level is assigned Users will not have access to those products. If you desire for all individuals at your organization to have access to a product please set the Access Level for that product to User. ONLINE Utility Exchange Pricing: ONLINE Utility Exchange Report: Monthly Access Fee: Viewing of Pulled Reports Adverse Action Letter Service Business Reoort Pricin Business Intelliscore Report Business Profile Report Business Profile w/ Intelliscore Report Employment Screening Resorts Pricing Employment Credit Report National Criminal Search Statewide Instant Search County Search (Non-Instant) Non-Instant State Search National Sex Offender Only Search 2.70 Per Applicant Screened 0.00 Per Month $O.OOPer Report 0.95 Per Letter Sent 16.00 Per Report 31.00 Per Report 35.50 Per Report $11.00 Per Report $12.00 Per Report $10.00 Per Report $15.00 Per Report $15.00 Per Report $ 7.50 Per Report DMV State De artment of Motor Vehicles Search Access Level User Y/N STATE PRICE STATE PRICE NON INSTANT STATE PRICE Alabama $12.50 Montana $12.00 Alaska $10.50 Arkansas $17.50 Nebraska $7.50 Delaware $20.00 Arizona $14.50 NewJerse $15.50 Hawaii $16.50 Colorado $9.00 New Mexico $7.00 Iowa $14.00 Connecticut $20.50 Nevada $12.50 Missouri $6.75 Dist. Of Columbia $12.50 New Ham shire $13.50 Washin on $10.50 Florida $12.00 New York $10.50 W omin $10.50 Geor is $12.50 North Carolina $10.50 Idaho $11.00 North Dakota $8.50 Illinois $17.50 Ohio $7.50 Indiana $11.50 Oklahoma $18.00 Kansas $12.00 Rhode Island $23.50 Kentuc $10.00 South Carolina $11.50 Louisiana $11.50 South Dakota $9.50 Maine $12.50 Tennessee $12.50 M land $14.50 Texas $12.00 Massachusetts $11.50 Utah $12.75 Michi an $12.50 Vermont $13.50 Minnesota $8.00 Vir inia $12.50 Mississi i $17.50 West Vir inia $13.50 Wisconsin $10.50 10 Revised: 08/11/2008 SCHEDULE A Continued ONLINE Charges to Subscriber Access Level Skip Tracins~ Report Pricing: ONLINE PEOPLE SEARCH XPN COLLECTION REPORT XPN SOCIAL SEARCH XPN CREDIT W/SCORE XPN CREDIT FILE $ 0.25 Per Search $ 1.80 Per Report $ 1.35 Per Search $ 4.21 Per Report $ 3.25 Per Report *****Note: If Tax exempt, please provide certificate***** Subscriber agrees to the above pricing schedule for reports pulled from ONLINE Information Services. ~f~ st- ~rp~l (~ViS-~~ ( ubscriber's Na e) r S scriber's Signature) Approved as to form: b 19-a9 oC,.(~-i Usa Apuiita; Assistarn City rney For Clity A[torne+/ / V~ (Date) AT7E$T. ~ _ AkMANDO CFNiPA '~"1!rawc- Cl rv SECFi[?:1R`• Revised: 08/11/2008 TEXAS SALES TAX EXEMPTION CERTIFICATE or agency Address (Street & number, P. O. Box or Route 880-3160 I, the purchaser named above, claim an exemption from payment of sales taxes for the pwchase of taxable items described below or on the attached order or invoice from: Seller: Street address: ~ City, State, Zip Code: Description of items to be purchased, or on the attached order or invoice: ALL SALES BETWEEN: CITY OF CORPUS CHRISTI AND: Purchaser claims this exemption for the following reason: MUNICIPAL GOVERNMENT ~a_~pnn5~a I understand that I will be liable for payment of sales tax which may become due for failure to comply with the provisions of the state, city, metropolitan transit authority, city transit department and/or county sales and use tax laws and Comptroller rules regarding exempt purchases. Liability for the tax will be determined by the price paid for the taxable items pwchased or the fair market rental value for the period of time used. I understand that it is a misdemeanor to give an exemption certificate to the seller for taxable item which I know, at the time of pwchase, will be used in an manner other than that expressed in this certificate and that upon conviction maybe fined not more than 500 per offense. Pwchase Title Date Sign Here - / Assistant Director of Financial Services NOTE: ~ttis certCflcate cannot be issued for the purchase, lease or rental of a motor vehicle. THIS CERTIFICATE DOES NOT REQUIRE A NUMBER TO BE VALID Sales and Use Tax "Exemption Numbers" or "Tax Exempt" Numbers do not exist. This certificate should be famished to the supplier. Do not send the completed certificate to the Comptroller of Public Accounts. EXHIBIT A Glossary of Terms Glossary Term Definition Computer Virus A Computer Virus is aself-replicating computer program that alters the way a computer operates, without the knowledge of the user. A true virus replicates and executes itself. While viruses can be destructive by destroying data, for example, some viruses are benign or merely annoying. Confidential Very sensitive information. Disclosure could adversely impact our companies. Encryption Encryption is the process of obscuring information to make it unreadable without special knowledge. Firewall In computer science, a Firewall is a piece of hardware and/or software which functions in a networked environment to prevent unauthorized external access and some communications forbidden by the security policy, analogous to the function of Firewalls in building construction. The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle. Information Lifecycle (Or Data Lifecycle) is a management program that considers the value of the information being stored over a period of time, the cost of its storage, its need for availability for use by authorized users, and the period of time for which it must be retained. IP Address A unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Any All participating network devices - including routers, computers, time-servers, printers, Internet fax machines, and some telephones - musthave its own unique IP address. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. It is important to keep your IP address secure as hackers can gain control of your devices and possibly launch an attack on other devices. Peer-to-Peer A type of communication found in a system that uses layered protocols. Peer-to-Peer networking is the protocol often used for reproducing and distributing music without permission. Router A Router is a computer networking device that forwards data packets across a network via routing. A Router acts as a junction between two or more networks transferring data packets. Spyware Spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the consent of that machine's owner or user. In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the Internet. SSID Part of the Wi-Fi Wireless LAN, a service set identifier (SSID) is a code that identifes each packet as part of that network. Wireless devices that communicate with each other share the same SSID. Subscriber Code Your seven digit credit reporting agency account number. WEP Encryption (Wired Equivalent Privacy) A part of the wireless networking standard intended to provide secure communication. The longer the key used, the stronger the encryption will be (Older technology reaching its end of life). WPA (Wi-Fi Protected Access) A part of the wireless networking standard that provides stronger authentication and more secure communications. Replaces WEP. Uses dynamic key encryption verses static as in WEP (key is constantly changing and thus more difficult to break than WEP). 12 Revised: 08/11/2008 New UEX Customer Setup Customer: Citv of Corpus Christi V-`'~ ~1 ki t~ ~j U S~ h6S) 0 f~"~ ~- Physical I a o ~ LeoD~i~l ~-~. Corpus Christi. TX ~64t5-' ~ ~ ~ OI Mailing Address: 3~Z6-F{e{~~, P . O . ~ o~ q ~. ~ '7 Corpus Christi, TX F84t5- ~~~ !03 How long at physical address: _ Abnw X . a S ~tti.~ ~~~ ~ No Did you include Checking Credit in your Policies and Procedures? _Yes Will you be printing and storing credit reports? Yes ~ No Do you lease or own the building in which you are located: (Please check one) X Own Commercial Building or Resident: Commercial Do you have investigation License? Yes X No If Yes, please provide a copy. Estimated # of Credit Reports you will access monthly: C7O How will you access the Credit Report? X Personal Computer Other Default Website: UE Permissible Purpose: Credit Transaction/Fraud Prevention ONLINE Rep:Cathv Keeler - VENDOR INFORMATION N'A- Software Vendor: Version: Using Interface: Y/N Lease REPORT/INTERFACEOPT/ON ~~~ Collections File Upload: Y/N Web Collections: Y/N Adverse Action Letter Service Y/N Exchange Data Upload: Y/N 13 Revised: 08/11/2008 SCORE (MUST be Completed) You can choose to use ONLINE's default scoring, or the break points and messages can be customized to your liking. Please circle one scoring model. NLINE'S DEFAULT SCORING A CUSTOMIZE AS FOLLOWS: (Message Examples: Maximum, 2x Avg. Mo. Usage, Etc.) Green: 0.0%- 10.0% Waive Deposit Yellow:10.1% - 25.0% Moderate Deposit Red: 25.1% - 100.0% Maximum Deposit Green: % - Deposit Message: Yellow: % - Deposit Message: Red: % - Deposit Message: If Report Shows: No Score, I choose: Red /Yellow /Green Bankruotcv: Red /Yellow /Green Exchange Hits: Red AFFILIATED OR PARENT COMPANnYIINFORMATION Affiliated or Parent Company: / V Address City: State: Contact Name: Phone: ( ) BANK REFERENCE Bank Name: ~v05~' 1~Gh~'~- Address: ~0~-- Pal. CG~iI-iC~~~~-- City: CiOrnu~ ~.(1/~~5-~ State: ~ Zip: ~g~{o ) Bank Contact: )<iw. {-~irl~sa~, (w+,:v Phone: (3~1) ~~~' X7)(0 ~ Account Number(s): 2 BUSINESS REFERENCES (1) Business Address: $l P~<w O V U'1" Sol ~`h ovl~ Ira City: Sc,t.. ~-Fvvt i ~ ~ State: ~~ Zip: ~ 80~~ ~ Contact Person: 1`uSS R-~ivv,irCZ Phone: (atO) a53" ~~W~ (2) Business Name: S~ntiurrr~ ~~~~~~ Sect'er Address: ~i p~Gl~~'y NA~Oh. Tess Grivcl *~ ~'. City: ~--1,t I rL /~ct/l-, State: ~L zip: 30-^7 4 (- Contact Person: M ~ ci.el ~ Snavr~ Phone: (L~~l) '0111 ^ azz~ Zip Code: 14 Revised: 08/11/2008 WEBSITE USER SETUP FORM Score Visible: Y/N (Certain Interfaces require these to match your CIS Package logins) Password Expiration: 1ST log in Never User Full Name User Email Address User Name administrator Supervisor User A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U If you need additional users setup please copy this page and submit with your contract package) 15 Revised: 08/11/2008 Confidential Page Release only by request Contact Legal X 3360