Equifax Verification Solutions (EVS) Employment Information (as defined below) will be received by Subscriber through CRA subject to the following conditions (the “Terms and Conditions”):

1. Any information services and data originating from EVS (the “EVS Employment Information”) will be requested only for Subscriber’s exclusive use and held in strict confidence except to the extent that disclosure to others is required or permitted by law. Only designated representatives of Subscriber will request EVS Employment Information on Subscriber’s employees, and employees will be forbidden to obtain EVS Employment Information on themselves, associates or any other persons except in the exercise of their official duties. Subscriber will not disclose EVS Employment Information to the subject of the EVS Employment Information except as permitted or required by law, but will refer the subject to EVS.

2. Subscriber will hold EVS and all its agents harmless on account of any expense or damage arising or resulting from the publishing or other disclosure of EVS Employment Information by Subscriber, its employees or agents contrary to the conditions of Section 1 above or applicable law.

3. Subscriber recognizes that EVS does not guarantee the accuracy or completeness of EVS Employment Information and Subscriber releases EVS and EVS’s agents, employees, affiliated credit reporting agencies and independent contractors from any liability, including negligence, in connection with the provision of EVS Employment Information and from any loss or expense suffered by Subscriber resulting directly or indirectly from EVS Employment Information. Subscriber covenants not to sue or maintain any claim, cause of action, demand, cross-action, counterclaim, third-party action or other form of pleading against EVS, EVS’s agents, employees, affiliated credit reporting agencies, or independent contractors arising out of or relating in any way to the accuracy, validity, or completeness of any EVS Employment Information.

4. Subscriber will be charged for the EVS Employment Information by CRA, which is responsible for paying EVS for the EVS Employment Information; provided, however, should the underlying relationship between Subscriber and CRA terminate at any time during the term of this Agreement, charges for the EVS Employment Information will be invoiced to Subscriber, and Subscriber will be solely responsible to pay EVS directly.

5. Fair Credit Reporting Act Certification. Subscriber certifies that it will order EVS Employment Information, which is a consumer report as defined by the federal Fair Credit Reporting Act, 15 U.S.C. 1681 et seq. (“FCRA”), only when Subscriber intends to use the EVS Employment Information: (a) in accordance with the FCRA and all state law counterparts; and for the following permissible purpose: for employment purposes; provided, however, that Subscriber certifies that, before ordering EVS Employment Information to be used in connection with employment purposes, it will clearly and conspicuously disclose to the Consumer, in a written document consisting solely of the disclosure, that Subscriber may obtain EVS Employment Information for employment purposes, and will also obtain the Consumer’s written authorization to obtain or procure EVS Employment Information relating to that Consumer. Subscriber further certifies that it will not take adverse action against the Consumer based in whole or in part upon the EVS Employment Information without first providing to the Consumer to whom the EVS Employment Information relates a copy of the EVS Employment Information and a written description of the Consumer’s rights as prescribed by the Consumer Financial Protection Bureau (“CFPB”) under Section 609(c)(3) of the FCRA as referenced on Exhibit C attached hereto, and also will not use any EVS Employment Information in violation of any applicable federal or state equal employment opportunity law or regulation. Subscriber will use EVS Employment Information ordered under this Agreement for the foregoing purpose and for no other purpose. Subscriber acknowledges that it has received from CRA a copy of the consumer rights summary as prescribed by the CFPB as referenced on Exhibit C.

It is recognized and understood that the FCRA provides that anyone “who knowingly and willfully obtains information on a consumer from a consumer reporting agency under false pretenses shall be fined under Title 18, United States Code, imprisoned for not more than two (2) years, or both.” EVS may periodically conduct audits of Subscriber regarding its compliance with the FCRA and other certifications in this Agreement. Audits will be conducted by email whenever possible and will require Subscribers to provide documentation as to permissible use of particular EVS Employment Information. In addition, CRA will be required to provide documentation indicating CRA validated the legitimacy of subscriber prior to contract execution and will also provide a copy of agreement between CRA and Subscriber. Subscriber gives its consent to EVS to conduct such audits and agrees that any failure to cooperate fully and promptly in the conduct of any audit, or Subscriber’s material breach of this Agreement, constitute grounds for immediate suspension of the Service or termination of this Agreement. If EVS terminates this Agreement due to the conditions in the preceding sentence, Subscriber (i) unconditionally releases and agrees to hold EVS harmless and indemnify it from and against any and all liabilities of whatever kind or nature that may arise from or relate to such termination, and (ii) covenants it will not assert any claim or cause of action of any kind or nature against EVS in connection with such termination.

            Vermont Certification. Subscriber certifies that it will comply with applicable provisions under Vermont law. In particular, Subscriber certifies that it will order EVS Employment Information relating to Vermont residents that are consumer reports as defined by the Vermont Fair Credit Reporting Act (“VFCRA”), only after Subscriber has received prior Consumer consent in accordance with VFCRA Section 2480e and applicable Vermont Rules. Subscriber further certifies that a copy of Section 2480e of the Vermont Fair Credit Reporting Statute, attached hereto, was received from CRA.

Subscriber will comply with the applicable provisions of the FCRA, Federal Equal Credit Opportunity Act and any amendments to it, all state law counterparts of them, and all applicable regulations promulgated under any of them including, without limitation, any provisions requiring adverse action notification to the Consumer.

6. Data Security. This Section 6 applies to any means through which Subscriber orders or accesses EVS Employment Information including, without limitation, system-to-system, personal computer or the Internet. The term “Authorized User” means a Subscriber employee that Subscriber has authorized to order the EVS Employment Information and who is trained on Subscriber’s obligations under this Agreement with respect to the ordering and use of the EVS Employment Information, including Subscriber’s FCRA and other obligations with respect to the access and use of consumer reports.

With respect to handling the EVS Employment Information, Subscriber agrees to:

(a) ensure that only Authorized Users can order or have access to EVS Employment Information,

(b) ensure that Authorized Users do not order EVS Employment Information for personal reasons or provide them to any third party except as permitted by this Agreement,

(c) inform Authorized Users that unauthorized access to consumer reports may subject them to civil and criminal liability under the FCRA punishable by fines and imprisonment,

(d) ensure that all devices used by Subscriber to order or access the EVS Employment Information are placed in a secure location and accessible only by Authorized Users and that such devices are secured when not in use through such means as screen locks, shutting power controls off, or other commercially reasonable security procedures,

(e) take all necessary measures to prevent unauthorized ordering of EVS Employment Information by any persons other than Authorized Users for permissible purposes, including, without limitation, (a) limiting the knowledge of the Subscriber security codes, member numbers, User IDs, and any passwords Subscriber may use (collectively, “Security Information”), to those individuals with a need to know, (b) changing Subscriber’s user passwords at least every ninety (90)days, or sooner if an Authorized User is no longer responsible for accessing the EVS Employment Information, or if Subscriber suspects an unauthorized person has learned the password, and (c) using all security features in the software and hardware Subscriber uses to order EVS Employment Information,

(f) in no event access the EVS Employment Information via any hand-held wireless communication device, including but not limited to, web enabled cell phones, interactive wireless pagers, personal digital assistants (PDAs), mobile data terminals, and portable data terminals,

(g) not use non-company owned assets such as personal computer hard drives or portable and/or removable data storage equipment or media (including but not limited to laptops, zip drives, tapes, disks, CDs, and DVDs) to store EVS Employment Information.

(h) encrypt EVS Employment Information when it is not in use and with respect to all printed EVS Employment Information store in a secure, locked container when not in use and completely destroyed when no longer needed by cross-cut shredding machines (or other equally effective destruction method) such that the results are not readable or useable for any purpose,

(i) if Subscriber sends, transfers or ships any EVS Employment Information, encrypt the EVS Employment Information using the following minimum standards, which standards may be modified from time to time by EVS: Advanced Encryption Standard (AES), minimum 128-bit key or Triple Data Encryption Standard (3DES), minimum 168-bit key encrypted algorithms,

(j) monitor compliance with the obligations of this Section 6, and immediately notify EVS if Subscriber suspects or knows of any unauthorized access or attempt to access the EVS Employment Information, including, without limitation, a review of EVS invoices for the purpose of detecting any unauthorized activity,

(k) not ship hardware or software between Subscriber’s locations or to third parties without deleting all Security Information and any EVS Employment Information,

(l) if Subscriber uses a Service Provider to establish access to EVS Employment Information, be responsible for the Service Provider’s use of Security Information, and ensure the Service Provider safeguards Security Information through the use of security requirements that are no less stringent than those applicable to Subscriber under this Section 6,

(m) use commercially reasonable efforts to assure data security when disposing of any consumer information or record obtained from the EVS Employment Information. Such efforts must include the use of those procedures issued by the federal regulatory agency charged with oversight of Subscriber’s activities (e.g. the Consumer Financial Protection Bureau, the applicable banking or credit union regulator) applicable to the disposal of consumer report information or records.

(n) use commercially reasonable efforts to secure EVS Employment Information when stored on servers, subject to the following requirements: (i) servers storing EVS Employment Information must be separated from the internet or other public networks by firewalls which are managed and configured to meet industry accepted best practices, (ii) protect EVS Employment Information through multiple layers of network security, including but not limited to, industry-recognized firewalls, routers, and intrusion detection/prevention devices (IDS/IPS), (iii) secure access (both physical and network) to systems storing EVS Employment Information, which must include authentication and passwords that are changed at least every ninety (90) days; and (iv) all servers must be kept current and patched on a timely basis with appropriate security specific system patches, as they are available,

(o) not allow EVS Employment Information to be displayed via the internet unless utilizing, at a minimum, a three-tier architecture configured in accordance with industry best practices, and

(p) use commercially reasonable efforts to establish procedures and logging mechanisms for systems and networks that will allow tracking and analysis in the event there is a compromise, and maintain an audit trail history for at least three (3) months for review by EVS.

If EVS reasonably believes that Subscriber has violated this Section 6, EVS may, in addition to any other remedy authorized by this Agreement, with reasonable advance written notice to Subscriber and at EVS’s sole expense, conduct, or have a third party conduct on its behalf, an audit of Subscriber’s network security systems, facilities, practices and procedures to the extent EVS reasonably deems necessary, including an on-site inspection, to evaluate Subscriber’s compliance with the data security requirements of this Section 6.

7. Subscriber certifies that it has read the attached Exhibit D “Notice to Users of Consumer Reports, Obligations of Users” which explains Subscriber’s obligations under the FCRA as a user of consumer information.

State Compliance Matters

Vermont Fair Credit Reporting Contract Certification

The undersigned, (“Subscriber”), acknowledges that it subscribes to receive various information services from TALX Corporation, a provider of Equifax Verification Solutions (“EVS”) in accordance with the Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480e (1999), as amended (the “VFCRA”) and the Federal Fair Credit Reporting Act, 15, U.S.C. 1681 et. Seq., as amended (the “FCRA”) and its other state law counterparts. In connection with Subscriber’s continued use of EVS information services in relation to Vermont consumers, Subscriber hereby certifies as follows:

Vermont Certification. Subscriber certifies that it will comply with applicable provisions under Vermont law. In particular, Subscriber certifies that it will order EVS Employment Information relating to Vermont residents, that are credit reports as defined by the VFCRA, only after Subscriber has received prior consumer consent in accordance with VFCRA § 2480e and applicable Vermont Rules. Subscriber further certifies that the attached copy of § 2480e of the Vermont Fair Credit Reporting Statute was received from EVS.

Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480e (1999)

• 2480e. Consumer consent

(a) A person shall not obtain the credit report of a consumer unless:

(1) the report is obtained in response to the order of a court having jurisdiction to issue such an order; or

(2) the person has secured the consent of the consumer, and the report is used for the purpose consented to by the consumer.

(b) Credit reporting agencies shall adopt reasonable procedures to assure maximum possible compliance with subsection (a) of this section.

(c) Nothing in this section shall be construed to affect:

(1) the ability of a person who has secured the consent of the consumer pursuant to subdivision (a)(2) of this section to include in his or her request to the consumer permission to also obtain credit reports, in connection with the same transaction or extension of credit, for the purpose of reviewing the account, increasing the credit line on the account, for the purpose of taking collection action on the account, or for other legitimate purposes associated with the account; and

(2) the use of credit information for the purpose of prescreening, as defined and permitted from time to time by the Consumer Financial Protection Bureau.

____________________________________________________________________________________

VERMONT RULES *** CURRENT THROUGH JUNE 1999 ***

AGENCY 06. OFFICE OF THE ATTORNEY GENERAL

SUB-AGENCY 031. CONSUMER PROTECTION DIVISION

CHAPTER 012. Consumer Fraud–Fair Credit Reporting

RULE CF 112 FAIR CREDIT REPORTING

CVR 06-031-012, CF 112.03 (1999)

CF 112.03 CONSUMER CONSENT

(a) A person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and 2480g shall obtain said consent in writing if the consumer has made a written application or written request for credit, insurance, employment, housing or governmental benefit. If the consumer has applied for or requested credit, insurance, employment, housing or governmental benefit in a manner other than in writing, then the person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and 2480g shall obtain said consent in writing or in the same manner in which the consumer made the application or request. The terms of this rule apply whether the consumer or the person required to obtain consumer consent initiates the transaction.

(b) Consumer consent required pursuant to 9 V.S.A. §§ 2480e and 2480g shall be deemed to have been obtained in writing if, after a clear and adequate written disclosure of the circumstances under which a credit report or credit reports may be obtained and the purposes for which the credit report or credit reports may be obtained, the consumer indicates his or her consent by providing his or her signature.

(c) The fact that a clear and adequate written consent form is signed by the consumer after the consumer’s credit report has been obtained pursuant to some other form of consent shall not affect the validity of the earlier consent.