SD Roberts Consulting acknowledges that it may be necessary to have access to the Client’s customer information . SD Roberts Consulting will take all appropriate measures to protect the confidentiality of such customer information. Without limiting the generality of the foregoing, we covenant and agrees as follows:
 

• SD Roberts Consulting shall only access such customer information as shall be necessary to perform its obligations under an engagement agreement.

•  Except as provided, SD Roberts Consulting shall not disclose customer information to any person other than the Client. If SD Roberts Consulting determines in its professional judgment that it is necessary to disclose customer information to its employees or subcontractors in order to fulfill SD Roberts Consulting’s obligations, SD Roberts Consulting shall do so only if such employees or subcontractors are first contractually bound to protect the confidentiality of the customer information at least to the same extent provided under this privacy policy. SD Roberts Consulting shall be responsible to the Client for any breach of such obligations by its subcontractors or employees.

• SD Roberts Consulting shall maintain the security of customer information in its possession. With respect to customer information in electronic form, (including electronic versions of SD Roberts Consulting’s reports containing identifiable customer information) not contained on the Client’s own computers, SD Roberts Consulting shall password protect and encrypt all files to the extent feasible. SD Roberts Consulting shall take reasonable steps to insure that such files cannot be accessed by unauthorized users, either directly or over a network. SD Roberts Consulting shall take all reasonable steps to insure that any customer information removed from the Client’s premises (whether in electronic form or hard copy) cannot be viewed, copied or physically removed by unauthorized persons. While on the Client’s premises or accessing the Client’s files, SD Roberts Consulting shall take no action that could reasonably be anticipated to compromise the Client’s security.

• SD Roberts Consulting shall deliver to the Client all customer information in its possession, whether copies or originals, promptly following the earlier of (i) with respect to individual items of information, when access to such information is no longer required to perform SD Roberts Consulting's obligations, and (ii) with respect to all customer information, upon termination of the engagement agreement. In addition to delivering the customer information to the Client, BRM shall certify to the Client that it has taken appropriate steps to completely remove (by “wiping” and not merely deleting) electronic copies of the customer information from its hard drives or other media that cannot be delivered to the Client. 

• All reports generated by SD Roberts Consulting and the information contained therein are the confidential information of the Client, regardless of whether customer information is contained therein. SD Roberts Consulting shall not disclose such confidential information to third parties without Client’s consent except as required by law and in compliance with all provisions of the Engagement Agreement.