What is Budget Licensee's obligation if a security breach is suspected?

Licensee agrees and acknowledges that it has a continuing obligation, which survives the termination or expiration of this Agreement, to promptly notify Budget of any material security breaches of PII, confidential information or trademark infringement.

will have the right to require Licensee to furnish audited financial statements thereafter and implement any other requirements including, but not limited to, the purchase and installation of new hardware and/or software systems as further described in Paragraph 9.16.

9.11 Standards. Licensee acknowledges its responsibilities as one of a system of Network licensees and operators, the interrelationship and interdependence of all Network licensees and operators and the importance of maintaining a uniformly high standard of performance. Accordingly, Licensee it will operate the Rental Business in conformance with the provisions of this Agreement and the Standards. The Standards may govern any aspect of the operations of the Rental Business including: (a) general appearance and maintenance of Licensee's Locations and Vehicles; (b) standardization of signs, advertising brochures and mailers, letterheads, business cards and other similar promotional materials; (c) use of the Marks and protection of confidential information; (d) types, models and brands of authorized Vehicles, equipment, supplies and furnishings, and designated and approved suppliers for these items (including procedures and fees for securing supplier approval); (e) use of required or standardized forms; (f) use of computer hardware and software; (g) adoption of technological developments or advancements; (h) customer service programs; (i) the requirement that Licensee adopt security safeguards for its computer systems and a privacy policy regarding the collection, protection and destruction of customer Personally Identifiable Information ("PII"), as described in Paragraph 9.21 that complies with the then-current privacy and data protection laws and (j) the addition of new services and products and modification to existing services and products.

• 9.21 Personally Identifiable Information ("PII")/IT Security.

Licensee warrants, represents and covenants that it has and will maintain on a continual basis, security controls and procedures in place which meet current industry standards, (including firewalls, web security, email protection, intrusion detection, incident response process, malware protection, information protection (including PII and physical security) and the necessary security processes, procedures, and practices to support the security controls and infrastructure to protect its computer systems, reservation systems, network devices and/or the data processed thereon against the risk of hacking, surveillance, theft or penetration by, or exposure to, a third party via any system or feature utilized by Licensee.

Licensee shall also implement and maintain current industry standard anti-malware measures to detect, prevent and remove computer malware and/or other contaminants to prevent the spread of computer viruses between the parties which access or exchange data or software through any network connectivity.

Anti-malware measures shall be incorporated on all data transfer mechanisms, including current industry encryption standards, as well as any other points reasonably requested by Budget.

• 9.22 Payment Card Industry ("PCI") Compliance.

Licensee is familiar with the Payment Card Industry Data Security Standards which are currently in effect ("PCI Standards") and Licensee agrees to undertake any necessary steps to be or remain in full compliance with all applicable PCI Standards.

• (c) If Licensee fails to install, maintain, implement and observe the Controls as mandated by ABCR in written procedures, Licensee will be in material breach of the Rental System Agreement, the License Agreement and responsible for any resulting damage or expense incurred by ABCR and the System.

Source: Item 23 — RECEIPTS (FDD pages 80–426)