Common use of Additional Contractor Duties Pertaining to Protected Information Clause in Contracts

Additional Contractor Duties Pertaining to Protected Information. 5.5.1 In addition to any Contractor obligations stated elsewhere in this Agreement, Contractor shall notify the District in writing as soon as possible, but in no event more than two (2) business days, after Contractor becomes aware of any breach of or security Incident involving the District's PROTECTED INFORMATION (see Section 2.2). Contractor shall be deemed to be aware of any breach or security incident as of the first day on which such breach or security incident is known or reasonably should have been known to its officers, employees, agents or subcontractors. Contractor shall identify as soon as practicable each individual whose unsecured PROTECTED INFORMATION has been, or is reasonably believed by Contractor to have been, accessed, acquired, or disclosed during such breach or security incident. Contractor shall cooperate in good faith with the District in the investigation of any breach or security incident. 5.5.2 Contractor shall take prompt corrective action to remedy any breach or security incident, mitigate, to the extent practicable, any harmful effect of a use or disclosure of PROTECTED INFORMATION, and take any other action required by applicable federal and state laws and regulations pertaining to such breach or security incident. 5.5.3 Contractor will provide written notice to the District as soon as possible but no later than twenty (20) calendar days after discovery of the breach or security incident of the actions taken by Contractor to mitigate any harmful effect of such breach or security incident and the corrective action Contractor has taken or shall take to prevent future similar breaches or security incidents. Upon the District's request, Contractor will also provide to the District a copy of Contractor’s policies and procedures that pertain to the breach or security incident involving the District's PROTECTED INFORMATION, including procedures for curing any material breach of this Agreement. 5.5.4 Contractor shall make reasonable efforts to trace lost or translate indecipherable transmissions. Contractor shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission of Contractor. 5.5.5 Contractor shall take appropriate security measures to protect the confidentiality, integrity and availability of the District's PROTECTED INFORMATION that it creates receives, maintains, or transmits on behalf of the District and to prevent any use or disclosure of the District's INFORMATION other than as provided by the Agreement. Appropriate security measures include the implementation of the best practices as specified by the ISO 27001/2, NIST, or similar security industry guidelines. 5.5.6 Contractor acknowledges and agrees that pupil record information protected by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. Section 1232g) may only be used in accordance with the terms and conditions of this Agreement and may not be re-released or otherwise redisclosed without the consent of parent(s)/guardian(s) or eligible pupil(s). Contractor understands and agrees that Contractor shall not permit any other party to have access to such information without the written consent of each pupil's parent/guardian or eligible pupil as well as prior notice to the District. Contractor further acknowledges and agrees that failure to comply with this requirement shall constitute a breach of this Agreement and will result in available penalties under the law, including but not limited to liquidated damages, third party beneficiary rights for parties injured by the breach, and/or the prohibition against Contractor having access to personally identifiable information from education records from the District for a period of time determined in the sole discretion of the District.

Additional Contractor Duties Pertaining to Protected Information. 5.5.1 In addition to any Contractor obligations stated elsewhere in this Agreement, Contractor shall notify the District in writing as soon as possible, but in no event more than two (2) business days, after Contractor becomes aware of any breach of or security Incident involving the District's PROTECTED INFORMATION (see Section 2.2). Contractor shall be deemed to be aware of any breach or security incident as of the first day on which such breach or security incident is known or reasonably should have been known to its officers, employees, agents or subcontractors. Contractor shall identify as soon as practicable each individual whose unsecured PROTECTED INFORMATION has been, or is reasonably believed by Contractor to have been, accessed, acquired, or disclosed during such breach or security incident. Contractor shall cooperate in good faith with the District in the investigation of any breach or security incident. 5.5.2 Contractor shall take prompt corrective action to remedy any breach or security incident, mitigate, to the extent practicable, any harmful effect of a use or disclosure of PROTECTED INFORMATION, and take any other action required by applicable federal and state laws and regulations pertaining to such breach or security incident. 5.5.3 Contractor will provide written notice to the District as soon as possible but no later than twenty (20) calendar days after discovery of the breach or security incident of the actions taken by Contractor to mitigate any harmful effect of such breach or security incident and the corrective action Contractor has taken or shall take to prevent future similar breaches or security incidents. Upon the District's request, Contractor will also provide to the District a copy of Contractor’s policies and procedures that pertain to the breach or security incident involving the District's PROTECTED INFORMATION, including procedures for curing any material breach of this Agreement. 5.5.4 Contractor shall make reasonable efforts to trace lost or translate indecipherable transmissions. Contractor shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission of Contractor. 5.5.5 Contractor shall take appropriate security measures to protect the confidentiality, integrity and availability of the District's PROTECTED INFORMATION that it creates receives, maintains, or transmits on behalf of the District and to prevent any use or disclosure of the District's INFORMATION other than as provided by the Agreement. Appropriate security measures include the implementation of the best practices as specified by the the ISO 27001/2, NIST, or similar security industry guidelines. 5.5.6 Contractor acknowledges and agrees that pupil record information protected by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. Section 1232g) may only be used in accordance with the terms and conditions of this Agreement and may not be re-released or otherwise redisclosed without the consent of parent(s)/guardian(s) or eligible pupil(s). Contractor understands and agrees that Contractor shall not permit any other party to have access to such information without the written consent of each pupil's parent/guardian or eligible pupil as well as prior notice to the District. Contractor further acknowledges and agrees that failure to comply with this requirement shall constitute a breach of this Agreement and will result in available penalties under the law, including but not limited to liquidated damages, third party beneficiary rights for parties injured by the breach, and/or the prohibition against Contractor having access to personally identifiable information from education records from the District for a period of time determined in the sole discretion of the District.

Additional Contractor Duties Pertaining to Protected Information. 5.5.1 In addition to any Contractor obligations stated elsewhere in this Agreement, Contractor shall notify the District in writing as soon as possible, but in no event more than two (2) business days, after Contractor becomes aware of any breach of or security Incident involving the District's PROTECTED INFORMATION (see Section 2.2). Contractor shall be deemed to be aware of any breach or security incident as of the first day on which such breach or security incident is known or reasonably should have been known to its officers, employees, agents or subcontractors. Contractor shall identify as soon as practicable each individual whose unsecured PROTECTED INFORMATION has been, or is reasonably believed by Contractor to have been, accessed, acquired, or disclosed during such breach or security incident. Contractor shall cooperate in good faith with the District in the investigation of any breach or security incident. 5.5.2 Contractor shall take prompt corrective action to remedy any breach or security incident, mitigate, to the extent practicable, any harmful effect of a use or disclosure of PROTECTED INFORMATION, and take any other action required by applicable federal and state laws and regulations pertaining to such breach or security incident. 5.5.3 Contractor will provide written notice to the District as soon as possible but no later than twenty (20) calendar days after discovery of the breach or security incident of the actions taken by Contractor to mitigate any harmful effect of such breach or security incident and the corrective action Contractor has taken or shall take to prevent future similar breaches or security incidents. Upon the District's request, Contractor will also provide to the District a copy of Contractor’s policies and procedures that pertain to the breach or security incident involving the District's PROTECTED INFORMATION, including procedures for curing any material breach of this Agreement. 5.5.4 Contractor shall make reasonable efforts to trace lost or translate indecipherable transmissions. Contractor shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission of Contractor. 5.5.5 Contractor shall take appropriate security measures to protect the confidentiality, integrity and availability of the District's PROTECTED INFORMATION that it creates receives, maintains, or transmits on behalf of the District and to prevent any use or disclosure of the District's INFORMATION other than as provided by the Agreement. Appropriate security measures include the implementation of the best practices as specified by the ISO 27001/2, NIST, or similar security industry guidelines. 5.5.6 Contractor acknowledges and agrees that pupil record information protected by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. Section 1232g) may only be used in accordance with the terms and conditions of this Agreement and may not be re-released or otherwise redisclosed without the consent of parent(s)/guardian(s) or eligible pupil(s). Contractor understands and agrees that Contractor shall not permit any other party to have access to such information without the written consent of each pupil's parent/guardian or eligible pupil as well as prior notice to the District. Contractor further acknowledges and agrees that failure to comply with this requirement shall constitute a breach of this Agreement and will result in available penalties under the law, including but not limited to liquidated damages, third party beneficiary rights for parties injured by the breach, and/or the prohibition against Contractor having access to personally identifiable information from education records from the District for a period of time determined in the sole discretion of the District.

Additional Contractor Duties Pertaining to Protected Information. 5.5.1 In addition to any Contractor obligations stated elsewhere in this Agreement, Contractor shall notify the District in writing as soon as possible, but in no event more than two (2) business days, after Contractor becomes aware of any breach of or security Incident involving the District's PROTECTED INFORMATION (see Section 2.2). Contractor shall be deemed to be aware of any breach or security incident as of the first day on which such breach or security incident is known or reasonably should have been known to its officers, employees, agents or subcontractors. Contractor shall identify as soon as practicable each individual whose unsecured PROTECTED INFORMATION has been, or is reasonably believed by Contractor to have been, accessed, acquired, or disclosed during such breach or security incident. Contractor shall cooperate in good faith with the District in the investigation of any breach or security incident. 5.5.2 Contractor shall take prompt corrective action to remedy any breach or security incident, mitigate, to the extent practicable, any harmful effect of a use or disclosure of PROTECTED INFORMATION, and take any other action required by applicable federal and state laws and regulations pertaining to such breach or security incident. 5.5.3 Contractor will provide written notice to the District as soon as possible but no later than twenty (20) calendar days after discovery of the breach or security incident of the actions taken by Contractor to mitigate any harmful effect of such breach or security incident and the corrective action Contractor has taken or shall take to prevent future similar breaches or security incidents. Upon the District's request, Contractor will also provide to the District a copy of Contractor’s policies and procedures that pertain to the breach or security incident involving the District's PROTECTED INFORMATION, including procedures for curing any material breach of this Agreement. 5.5.4 Contractor shall make reasonable efforts to trace lost or translate indecipherable transmissions. Contractor shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission of Contractor. 5.5.5 Contractor shall take appropriate security measures to protect the confidentiality, integrity and availability of the District's PROTECTED INFORMATION that it creates receives, maintains, or transmits on behalf of the District and to prevent any use or disclosure of the District's INFORMATION other than as provided by the Agreement. Appropriate security measures include the implementation of the best practices as specified by the ISO 27001/2, NIST, or similar security industry guidelines. 5.5.6 Contractor acknowledges and agrees that pupil record information protected by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. Section 1232g) may only be used in accordance with the terms and conditions of this Agreement and may not be re-released or otherwise redisclosed without the consent of parent(s)/guardian(s) or eligible pupil(s). Contractor understands and agrees that Contractor shall not permit any other party to have access to such information without the written consent of each pupil's parent/guardian or eligible pupil as well as prior notice to the District. Contractor further acknowledges and agrees that failure to comply with this requirement shall constitute a breach of this Agreement and will result in available penalties under the law, including but not limited to liquidated damages, third party beneficiary rights for parties injured by the breach, and/or the prohibition against Contractor having access to personally identifiable information from education records from the District for a period of time determined in the sole discretion of the District. The Contractor further agrees that pupil record information is of a special character, such that money damages would not be sufficient to avoid or compensate the District, its employees, agents and students for any unauthorized use or disclosure thereof, and that injunctive and other equitable relief would be appropriate to prevent any actual or threatened unauthorized use or disclosure. This remedy may be pursued in addition to any other remedies available at law or in equity, and Contractor agrees to waive any requirement for the securing or posting of any bond. In the event of litigation to enforce any provision hereof, the prevailing party will be entitled to recover all costs, including its reasonable attorneys fees and costs, incurred in connection with the litigation. 6.

Additional Contractor Duties Pertaining to Protected Information. 5.5.1 In addition to any Contractor obligations stated elsewhere in this Agreement, Contractor shall notify the District in writing as soon as possible, but in no event more than two (2) business days, after Contractor becomes aware of any breach of or security Incident involving the District's PROTECTED INFORMATION (see Section 2.2). Contractor shall be deemed to be aware of any breach or security incident as of the first day on which such breach or security incident is known or reasonably should have been known to its officers, employees, agents or subcontractors. Contractor shall identify as soon as practicable each individual whose unsecured PROTECTED INFORMATION has been, or is reasonably believed by Contractor to have been, accessed, acquired, or disclosed during such breach or security incident. Contractor shall cooperate in good faith with the District in the investigation of any breach or security incident. 5.5.2 Contractor shall take prompt corrective action to remedy any breach or security incident, mitigate, to the extent practicable, any harmful effect of a use or disclosure of disclosureof PROTECTED INFORMATION, and take any other action required by applicable federal and state laws and regulations pertaining to such breach or security incidentsecurityincident. 5.5.3 Contractor will provide written notice to the District as soon as possible but no later than twenty (20) calendar days after discovery of the breach or security incident of the actions taken by Contractor to mitigate any harmful effect of such breach or security incident and the corrective action Contractor has taken or shall take to prevent future similar breaches or security incidents. Upon the District's request, Contractor will also provide to the District a copy of Contractor’s policies and procedures andprocedures that pertain to the breach or security incident involving the District's PROTECTED INFORMATION, including procedures for curing any material breach of this Agreement. 5.5.4 Contractor shall make reasonable efforts to trace lost or translate indecipherable transmissions. Contractor shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission oromission of Contractor. 5.5.5 Contractor shall take appropriate security measures to protect the confidentiality, integrity and availability of the District's PROTECTED INFORMATION that it creates receives, maintains, or transmits on behalf of the District and to prevent any use or disclosure of the District's INFORMATION other than as provided by the Agreement. Appropriate security measures include the implementation of the best practices as specified by the ISO 27001/2, NIST, or similar security industry guidelinesindustryguidelines. 5.5.6 Contractor acknowledges and agrees that pupil record information protected by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. Section 1232g) may only be used in accordance with the terms and conditions of this Agreement and may not be re-released or otherwise redisclosed without the consent of parent(s)/guardian(s) or eligible pupil(s). Contractor understands and agrees that Contractor shall not permit any other party to have access to such information without the written consent of each pupil's parent/guardian or eligible pupil as well as prior notice to the District. Contractor further acknowledges and agrees that failure to comply with this requirement shall constitute a breach of this Agreement and will result in available penalties under the law, including but not limited to liquidated damages, third party beneficiary rights for parties injured by the breach, and/or the prohibition against Contractor having access to personally identifiable information from education records from the District for a period of time determined in the sole discretion of the District.

Additional Contractor Duties Pertaining to Protected Information. 5.5.1 In addition to any Contractor obligations stated elsewhere in this Agreement, Contractor shall notify the District in writing as soon as possible, but in no event more than two (2) business days, after Contractor becomes aware of any breach of or security Incident involving the District's PROTECTED INFORMATION (see Section 2.2). Contractor shall be deemed to be aware of any breach or security incident as of the first day on which such breach or security incident is known or reasonably should have been known to its officers, employees, agents or subcontractors. Contractor shall identify as soon as practicable each individual whose unsecured PROTECTED INFORMATION has been, or is reasonably believed by Contractor to have been, accessed, acquired, or disclosed during such breach or security incident. Contractor shall cooperate in good faith with the District in the investigation of any breach or security incident.PROTECTED 5.5.2 Contractor shall take prompt corrective action to remedy any breach or security incident, mitigate, to the extent practicable, any harmful effect of a use or disclosure of PROTECTED INFORMATION, and take any other action required by applicable federal and state laws and regulations pertaining to such breach or security incident. 5.5.3 Contractor will provide written notice to the District as soon as possible but no later than twenty (20) calendar days after discovery of the breach or security incident of the actions taken by Contractor to mitigate any harmful effect of such breach or security incident and the corrective action Contractor has taken or shall take to prevent future similar breaches or security incidents. Upon the District's request, Contractor will also provide to the District a copy of Contractor’s policies and procedures that pertain to the breach or security incident involving the District's PROTECTED INFORMATION, including procedures for curing any material breach of this Agreement. 5.5.4 Contractor shall make reasonable efforts to trace lost or translate indecipherable transmissions. Contractor shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission of Contractor. 5.5.5 Contractor shall take appropriate security measures to protect the confidentiality, integrity and availability of the District's PROTECTED INFORMATION that it creates receives, maintains, or transmits on behalf of the District and to prevent any use or disclosure of the District's INFORMATION other than as provided by the Agreement. Appropriate security measures include the implementation of the best practices as specified by the ISO 27001/2, NIST, or similar security industry guidelines. 5.5.6 Contractor acknowledges and agrees that pupil record information protected by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. Section 1232g) may only be used in accordance with the terms and conditions of this Agreement and may not be re-released or otherwise redisclosed without the consent of parent(s)/guardian(s) or eligible pupil(s). Contractor understands and agrees that Contractor shall not permit any other party to have access to such information without the written consent of each pupil's parent/guardian or eligible pupil as well as prior notice to the District. Contractor further acknowledges and agrees that failure to comply with this requirement shall constitute a breach of this Agreement and will result in available penalties under the law, including but not limited to liquidated damages, third party beneficiary rights for parties injured by the breach, and/or the prohibition against Contractor having access to personally identifiable information from education records from the District for a period of time determined in the sole discretion of the District.

Additional Contractor Duties Pertaining to Protected Information. 5.5.1 In addition to any Contractor obligations stated elsewhere in this Agreement, Contractor shall notify the District in writing as soon as possible, but in no event more than two (2) business days, after Contractor becomes aware of any breach of or security Incident DocuSign Envelope ID: 57FE9282-E46A-43D1-831B-4F549CBE8B96 involving the District's PROTECTED INFORMATION (see Section 2.2). Contractor shall be deemed to be aware of any breach or security incident as of the first day on which such breach or security incident is known or reasonably should have been known to its officers, employees, agents or subcontractors. Contractor shall identify as soon as practicable each individual whose unsecured PROTECTED INFORMATION has been, or is reasonably believed by Contractor to have been, accessed, acquired, or disclosed during such breach or security incident. Contractor shall cooperate in good faith with the District in the investigation of any breach or security incident. 5.5.2 Contractor shall take prompt corrective action to remedy any breach or security incident, mitigate, to the extent practicable, any harmful effect of a use or disclosure of PROTECTED INFORMATION, and take any other action required by applicable federal and state laws and regulations pertaining to such breach or security incident. 5.5.3 Contractor will provide written notice to the District as soon as possible but no later than twenty (20) calendar days after discovery of the breach or security incident of the actions taken by Contractor to mitigate any harmful effect of such breach or security incident and the corrective action Contractor has taken or shall take to prevent future similar breaches or security incidents. Upon the District's request, Contractor will also provide to the District a copy of Contractor’s policies and procedures that pertain to the breach or security incident involving the District's PROTECTED INFORMATION, including procedures for curing any material breach of this Agreement. 5.5.4 Contractor shall make reasonable efforts to trace lost or translate indecipherable transmissions. Contractor shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission of Contractor. 5.5.5 Contractor shall take appropriate security measures to protect the confidentiality, integrity and availability of the District's PROTECTED INFORMATION that it creates receives, maintains, or transmits on behalf of the District and to prevent any use or disclosure of the District's INFORMATION other than as provided by the Agreement. Appropriate security measures include the implementation of the best practices as specified by the ISO 27001/2, NIST, or similar security industry guidelines. 5.5.6 Contractor acknowledges and agrees that pupil record information protected by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. Section 1232g) may only be used in accordance with the terms and conditions of this Agreement and may not be re-released or otherwise redisclosed without the consent of parent(s)/guardian(s) or eligible pupil(s). Contractor understands and agrees that Contractor shall not permit any other party to have access to such information without the written consent of each pupil's parent/guardian or eligible pupil as well as prior notice to the District. Contractor further acknowledges and agrees that failure to comply with this requirement shall constitute a breach of this Agreement and will result in available penalties under the law, including but not limited to liquidated damages, third party beneficiary rights for parties injured by the breach, and/or the prohibition against Contractor having access to personally identifiable information from education records from the District for a period of time determined in the sole discretion of the District. The Contractor further agrees that pupil record information is of a special character, such that money damages would not be sufficient to avoid or compensate the District, its employees, agents and students for any unauthorized use or disclosure thereof, and that injunctive and other equitable relief would be appropriate to DocuSign Envelope ID: 57FE9282-E46A-43D1-831B-4F549CBE8B96 prevent any actual or threatened unauthorized use or disclosure. This remedy may be pursued in addition to any other remedies available at law or in equity, and Contractor agrees to waive any requirement for the securing or posting of any bond. In the event of litigation to enforce any provision hereof, the prevailing party will be entitled to recover all costs, including its reasonable attorneys fees and costs, incurred in connection with the litigation.

Additional Contractor Duties Pertaining to Protected Information. 5.5.1 In addition to any Contractor obligations stated elsewhere in this Agreement, Contractor shall notify the District in writing as soon as possible, but in no event more than two (2) business days, after Contractor becomes aware of any breach of or security Incident involving the District's PROTECTED INFORMATION (see Section 2.2). Contractor shall be deemed to be aware of any breach or security incident as of the first day on which such breach or security incident is known or reasonably should have been known to its officers, employees, agents or subcontractors. Contractor shall identify as soon as practicable each individual whose unsecured PROTECTED INFORMATION has been, or is reasonably believed by Contractor to have been, accessed, acquired, or disclosed during such breach or security incident. Contractor shall cooperate in good faith with the District in the investigation of any breach or security incident. 5.5.2 Contractor shall take prompt corrective action to remedy any breach or security incident, mitigate, to the extent practicable, any harmful effect of a use or disclosure of PROTECTED INFORMATION, and take any other action required by applicable federal and state laws and regulations pertaining to such breach or security incident. 5.5.3 Contractor will provide written notice to the District as soon as possible but no later than twenty (20) calendar days after discovery of the breach or security incident of the actions taken by Contractor to mitigate any harmful effect of such breach or security incident and the corrective action Contractor has taken or shall take to prevent future similar breaches or security incidents. Upon the District's request, Contractor will also provide to the District a copy of Contractor’s policies and procedures that pertain to the breach or security incident involving the District's PROTECTED INFORMATION, including procedures for curing any material breach of this Agreement. 5.5.4 Contractor shall make reasonable efforts to trace lost or translate indecipherable transmissions. Contractor shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission of Contractor. 5.5.5 Contractor shall take appropriate security measures to protect the confidentiality, integrity and availability of the District's PROTECTED INFORMATION that it creates receives, maintains, or transmits on behalf of the District and to prevent any use or disclosure of the District's INFORMATION other than as provided by the Agreement. Appropriate security measures include the implementation of the best practices as specified by the ISO 27001/2, NIST, or similar security industry guidelines. 6. 5.5.6 Contractor acknowledges and agrees that pupil record information protected by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. Section 1232g) may only be used in accordance with the terms and conditions of this Agreement and may not be re-released or otherwise redisclosed without the consent of parent(s)/guardian(s) or eligible pupil(s). Contractor understands and agrees that Contractor shall not permit any other party to have access to such information without the written consent of each pupil's parent/guardian or eligible pupil as well as prior notice to the District. Contractor further acknowledges and agrees that failure to comply with this requirement shall constitute a breach of this Agreement and will result in available penalties under the law, including but not limited to liquidated damages, third party beneficiary rights for parties injured by the breach, and/or the prohibition against Contractor having access to personally identifiable information from education records from the District for a period of time determined in the sole discretion of the District.

Additional Contractor Duties Pertaining to Protected Information. 5.5.1 In addition to any Contractor obligations stated elsewhere in this Agreement, Contractor shall notify the District in writing as soon as possible, but in no event more than two (2) business days, after Contractor becomes aware of any breach of or security Incident involving the District's ’s PROTECTED INFORMATION (see Section 2.2). Contractor shall be deemed to be aware of any breach or security incident as of the first day on which such breach or security incident is known or reasonably should have been known to its officers, employees, agents or subcontractors. Contractor shall identify as soon as practicable each individual whose unsecured PROTECTED INFORMATION has been, or is reasonably believed by Contractor to have been, accessed, acquired, or disclosed during such breach or security incident. Contractor shall cooperate in good faith with the District in the investigation of any breach or security incident. 5.5.2 Contractor shall take prompt corrective action to remedy any breach or security incident, mitigate, to the extent practicable, any harmful effect of a use or disclosure of PROTECTED INFORMATION, and take any other action required by applicable federal and state laws and regulations pertaining to such breach or security incident. 5.5.3 Contractor will provide written notice to the District as soon as possible but no later than twenty (20) calendar days after discovery of the breach or security incident of the actions taken by Contractor to mitigate any harmful effect of such breach or security incident and the corrective action Contractor has taken or shall take to prevent future similar breaches or security incidents. Upon the District's ’s request, Contractor will also provide to the District a copy of Contractor’s policies and procedures that pertain to the breach or security incident involving the District's ’s PROTECTED INFORMATION, including procedures for curing any material breach of this Agreement. 5.5.4 Contractor shall make reasonable efforts to trace lost or translate indecipherable transmissions. Contractor shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission of Contractor. 5.5.5 Contractor shall take appropriate security measures to protect the confidentiality, integrity and availability of the District's ’s PROTECTED INFORMATION that it creates receives, maintains, ,or transmits on behalf of the District and to prevent any use or disclosure of the District's ’s INFORMATION other than as provided by the Agreement. Appropriate security measures include the implementation of the best practices as specified by the ISO 27001/2, NIST, or similar security industry guidelines. 5.5.6 Contractor acknowledges and agrees that pupil record information protected by the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. Section 1232g) may only be used in accordance with the terms and conditions of this Agreement and may not be re-released or otherwise redisclosed without the consent of parent(s)/guardian(s) or eligible pupil(s). Contractor understands and agrees that Contractor shall not permit any other party to have access to such information without the written consent of each pupil's parent/guardian or eligible pupil as well as prior notice to the District. Contractor further acknowledges and agrees that failure to comply with this requirement shall constitute a breach of this Agreement and will result in available penalties under the law, including but not limited to liquidated damages, third party beneficiary rights for parties injured by the breach, and/or the prohibition against Contractor having access to personally identifiable information from education records from the District for a period of time determined in the sole discretion of the District.