Breach Notification and Action. The California Information Practices Act (California Civil Codes sections 1798, et seq.) requires users to be notified if there is a break-in, or attempted break-in, to any system that may contain personal information. Supplier will coordinate with the Participating Agency to promptly notify Participating Agency’s users in the event of any break-in or attempted break-in to Supplier provided software systems or security protocols, network(s), or data center(s) which contain personal records of the Participating Agency’s users. Supplier shall report any confirmed or suspected breach to Participating Agency upon discovery, both orally and in writing, but in no event more than two (2) business days after Supplier reasonably believes the breach to have occurred, unless Supplier is otherwise prohibited by other applicable law from providing such notice to Participating Agency. Supplier’s report shall identify: (i) the nature of the unauthorized access, use or disclosure; (ii) the protected information accessed, used and disclosed; (iii) the person(s) who accessed, used and disclosed and/or received the protected information (if known); (iv) what Supplier has done or will do to mitigate the deleterious effect of the unauthorized access, use or disclosure; and (v) what corrective action Supplier has taken or will take to prevent further unauthorized access, use or disclosure. Supplier will cooperate with Participating Agency in complying with the notification requirements of California Civil Code sections 1798.29 and 1798.82. All costs associated with breach including but not limited to notification, claims and reparations are the sole responsibility of Supplier.
Breach Notification and Action. The California Information Practices Act (California Civil Codes sections 1798, et seq.) requires users to be notified if there is a break-in, or attempted break- in, to any system that may contain personal information. Supplier will coordinate with the Participating Agency to promptly notify Participating Agency’s users in the event of any break-in or attempted break-in to Supplier provided software systems or security protocols, network(s), or data center(s) which contain personal records of the Participating Agency’s users. Supplier shall report any confirmed or suspected breach to Participating Agency upon discovery, both orally and in writing, but in no event more than two (2) business days after Supplier reasonably believes the breach to have occurred, unless Supplier is otherwise prohibited by other applicable law from providing such notice to Participating Agency. Supplier’s report shall identify: (i) the nature of the unauthorized access, use or disclosure; (ii) the protected information accessed, used and disclosed;
