20. AUTHORITY DATA
20.1. The Service Provider acknowledges that (subject to the provisions of the DPA) the Authority Data is the property of the Authority and the Authority hereby reserves all Intellectual Property Rights which may subsist in the Authority Data.
20.2. The Service Provider shall take all necessary steps to ensure that any Authority Data which comes into its possession or control is protected in accordance with the DPA and appropriate security procedures and in compliance with Good Industry Practice (having regard to the nature of their other obligations under this Agreement and under the DPA).
20.3. In the event that Authority Data used in the provision of the Services is corrupted or lost by the Service Provider as a result of a breach by the Service Provider of clause 20.2, the Authority shall have the option, in addition to any other remedies that may be available to it either under this Agreement or otherwise, to elect either of the following remedies:-
20.3.1. the Authority may require the Service Provider at its own expense to restore or procure the restoration of such Authority Data using the back-up copy referred to in clause 21 (Back Up Copies); or
20.3.2. the Authority may itself restore or procure restoration of such Authority Data using the back-up copy referred to in clause 21 (Back Up Copies), and shall be repaid by the Service Provider any reasonable expenses so incurred.
20.4. The Service Provider shall:-
20.4.1. not use the Authority Data, except as may be required to provide the Services or as instructed by the Authority;
20.4.2. not disclose the Authority Data to any third party, other than in accordance with the requirements of the DPA for the purposes of fulfilling its obligations under this Agreement, except with the prior written consent of the Authority or as required by this Agreement;
20.4.3. undertake its obligations under this Agreement in such a manner as to preserve so far as reasonably possible the integrity and prevent any loss, disclosure, theft, manipulation or interception of the Authority Data; and/or
20.4.4. upon request provide the Authority with full access to any systems of the Service Provider or its Key Sub-Contractors where Authority Data is stored or held for the purpose of viewing, retrieving, copying or otherwise dealing with the Authority Data.