. . . "cern the collection, retention, storage, recording, transfer, sharing or other disposition or use of any personally identifiable information; and (ii) there have not been any incidents of data security breaches." . . . . . .