Breach Notification and Recovery Sample Clauses

Breach Notification and Recovery. The PROVIDER must notify the State of Delaware immediately of any incident resulting in the destruction, loss, unauthorized disclosure, or alteration of State of Delaware data. If data is not encrypted (see DU7, below), Delaware Code (6 Del. C. §12B-100 et seq.) requires public breach notification of any incident resulting in the loss or unauthorized disclosure of Delawareans’ Personally Identifiable Information (PII, as defined in Delaware’s Terms and Conditions Governing Cloud Services policy) by PROVIDER or its subcontractors. The PROVIDER will provide notification to persons whose information was breached without unreasonable delay but not later than 60 days after determination of the breach, except 1) when a shorter time is required under federal law; 2) when law enforcement requests a delay; 3) reasonable diligence did not identify certain residents, in which case notice will be delivered as soon as practicable. All such communication shall be coordinated with the State of Delaware. Should the PROVIDER or its contractors be liable for the breach, the PROVIDER shall bear all costs associated with investigation, response, and recovery from the breach. This includes, but is not limited to, credit monitoring services with a term of at least three (3) years, mailing costs, website, and toll-free telephone call center services. The State of Delaware shall not agree to any limitation on liability that relieves the PROVIDER or its subcontractors from its own negligence, or to the extent that it creates an obligation on the part of the State to hold a PROVIDER harmless. Contract/Agreement #/name , Appendix
Sample 1Sample 2Sample 3See All (19)
AutoNDA by SimpleDocs
Breach Notification and Recovery. Unauthorized access or disclosure of non-public data is considered to be a security breach. The Seller will provide immediate notification and all communication shall be coordinated with the State and Purchaser. When the Seller or the parties listed in 47.2.10 sub- contractors are liable for the loss, the Seller shall bear all costs associated with the investigation, response and recovery from the breach including but not limited to credit monitoring services with a term of at least 3 years, mailing costs, website, and toll-free telephone call center services. The State and Purchaser shall not agree to any limitation on liability that relieves a Seller from its own negligence or to the extent that it creates an obligation on the part of the State or Purchaser to hold a Seller harmless.
Sample 1Sample 2Sample 3See All (11)
Breach Notification and Recovery. The PROVIDER must notify the State of Delaware at: xxxxxxxxx@xxxxxxxx.xxx immediately, but no later than within 48 hours of PROVIDER’s confirmation of any incident resulting in the destruction, loss, unauthorized disclosure, or alteration of State of Delaware data. If data is not encrypted (see CS3, below), Delaware Code (6 Del. C. §12B-100 et seq.) requires public breach notification of any incident resulting in the loss or unauthorized disclosure of Delawareans’ Personally Identifiable Information (PII, as defined in Delaware’s Terms and Conditions Governing Cloud Services policy) by PROVIDER or its subcontractors. The PROVIDER will provide notification to persons whose information was breached without unreasonable delay but not later than 60 days after determination of the breach, except 1) when a shorter time is required under federal law; 2) when law enforcement requests a delay; 3) when reasonable diligence did not identify certain residents, in which case notice will be delivered as soon as practicable. All such communication shall be coordinated with the State of Delaware. Should the PROVIDER or its contractors be liable for the breach, the PROVIDER shall pay directly all reasonable and actual costs associated with investigation, response, and recovery from the breach. This mayinclude creditmonitoringservices with a term of at least three (3) years, mailing costs, website, and toll-free telephone call center services. The State of Delaware shall not agree to any limitation on liability that relieves the PROVIDER or its subcontractors from its own negligence, or to the extent that it creates an obligation on the part of the State to hold a PROVIDER harmless. STATE OF DELAWARE between State of Delaware and Cisco Systems, Inc. Public Data Non Public Data Cloud Services (CS) Terms PROVIDER must satisfy Clause CS1-A OR Clauses CS1-B and CS1-C, AND Clause CS4 for all engagements involving non-public data. Clause CS2 is mandatory for all engagements involving non-public data. Clause CS3 is only mandatory for SaaS or PaaS engagements involving non-public data.
Sample 1See All (4)
Breach Notification and Recovery. Delaware Code requires public breach notification when citizens’ personally identifiable information is lost or stolen. Reference: 6 Del. C. § 12B-102. Additionally, unauthorized access or disclosure of non-public data is considered to be a breach. The Service Provider will provide notification without unreasonable delay and all communication shall be coordinated with the State of Delaware. When the Service Provider or their sub- contractors are liable for the loss, the Service Provider shall bear all costs associated with the investigation, response and recovery from the breach including but not limited to credit monitoring services with a term of at least 3 years, mailing costs, website, and toll free telephone call center services. The State of Delaware shall not agree to any limitation on liability that relieves a Contractor from its own negligence or to the extent that it creates an obligation on the part of the State to hold a Contractor harmless.
Sample 1Sample 2
Breach Notification and Recovery. Contractor is liable in the event of any Contractor-caused negligent act, error or omission, gross negligence, misconduct, or breach that compromises or is suspected to compromise the security, confidentiality, or integrity of County Data or the physical, technical, administrative, or organizational safeguards put in place by Contractor that relate to the protection of the security, confidentiality, or integrity of County Data. Contractor shall, as applicable: (a) notify County as soon as practicable but no later than twenty-four (24) hours of becoming aware of any occurrence of County Data being compromised; (b) cooperate with County in investigating the occurrence, including making available all relevant records, logs, files, data reporting, and other materials required to comply with applicable law or as otherwise required by County; (c) in the case of personally identifiable information (PII), at County’s sole election, (i) notify the affected individuals who comprise the PII as soon as practicable but no later than is required to comply with applicable law, or, in the absence of any legally required notification period, within ten (10) calendar days of the occurrence or after an investigative security assessment report has been finalized, whichever is later; or, (ii) reimburse County for any costs in notifying the affected individuals, if, in County’s sole discretion, County notifies the affected individuals; (d) in the case of PII, provide third-party credit and identity monitoring services to each of the affected individuals whose PII has been compromised for the period required to comply with applicable law, or, in the absence of any legally required monitoring services, for no less than twelve (12) months following the date of notification to such individuals; (e) perform or take any other actions required to comply with applicable law as a result of the occurrence; (f) without limiting County’s obligations of indemnification as further described in this Agreement, indemnify, defend, and hold harmless County for any and all losses, claims, liens, demands, and causes of action of every kind and character including, but not limited to, the amounts of judgments, penalties, interest, court costs, legal fees, and all other expenses incurred by County arising in favor of any party, , which may be suffered by, accrued against, charged to, or recoverable from County in connection with the occurrence; (g) be responsible for restoring lost County Data in th...
Sample 1
Breach Notification and Recovery. The City requires public breach notification when citizens’ personally identifiable information is lost or stolen. Additionally, unauthorized access or disclosure of non-public data is considered to be a breach. The Vendor will provide notification without unreasonable delay and all communication shall be pre- coordinated with the City. When the Vendor or their subcontractors are responsible for the loss, the Vendor shall bear all costs associated with the investigation, response and recovery from the breach, including without limitation credit monitoring services with a term of at least 3 years, mailing costs, website, and toll free telephone call center services. The City rejects any limitation on liability that purports to relieve a vendor from its own negligence or to the extent that it purports to creates an obligation on the part of the City or State of Washington to hold a vendor harmless.
Sample 1
Breach Notification and Recovery. All breaches should be reported to Placer County Security Officer (000- 000-0000) within 24 hours of discovery. California Civil Codes 1798.29 and 1798.82 require public breach notification when citizens’ personally identifiable information is lost or stolen. Vendor is liable in the event of any act, error or omission, negligence, misconduct, or breach that compromises or is suspected to compromise the security, confidentiality, or integrity of County Data or the physical, technical, administrative, or organizational safeguards put in place by Vendor that relate to the protection of the security, confidentiality, or integrity of County Data. References: xxxxx://xxxxxxx.xxxxxxxxxxx.xx.xxx/face s/codes_displaySection.xhtml?lawCo de=CIV&sectionNum=1798.82 xxxxx://xxxxxxx.xxxxxxxxxxx.xx.xxx/face s/codes_displaySection.xhtml?lawCo de=CIV&sectionNum=1798.29 All breaches shall be notified to the Placer County Security Officer within 24 hours. DATE: 9/1/22 COMPANY NAME: All-Star Talent Inc COMPANY REPRESENTATIVE: Xxxxx Xxxxxx CONTRACT REQUIREMENT GUIDELINES Vendor Response 6 Background Checks Vendor will conduct criminal background checks and not utilize any staff, including sub-contractors, to fulfill the obligations of the contract who has been convicted of any crime of dishonesty. Vendor will promote and maintain an awareness of the importance of securing the County’s information among the Service Provider's employees and agents. We will conduct criminal background checks and will not use any staff, including sub-contractors who have been convicted of dishonesty. In addition, we will promote and maintain an awareness of the importance of securing the County’s information at all times.
Sample 1
AutoNDA by SimpleDocs
Breach Notification and Recovery. Contractor will provide notification without unreasonable delay when citizens’ personally identifiable information is lost or stolen or there is unauthorized access or disclosure of non-public data. All communication relating to any of the data breach situations described in this section shall be coordinated with the County. When Contractor or its subcontractors are liable for the loss, Contractor shall bear all costs associated with the investigation, response and recovery from the breach including but not limited to credit monitoring services with a term of at least three years, mailing costs, website and toll free telephone call center services. The County shall not agree to any limitation on liability that relieves Contractor or its subcontractors from their own negligence or to the extent that it creates an obligation on the part of the County to hold a contractor harmless.
Sample 1

Related to Breach Notification and Recovery

  • Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law. b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions). c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent. d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI: (1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information; (2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information; (3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and (4) DSHS will take appropriate remedial measures up to termination of this Contract.

  • Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include: a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

  • Recognition and Representation 1. The Union is the exclusive representative of all bargaining unit employees and has a right to be represented in negotiations, formal discussions, and meetings between employees and the Agency that concern conditions of employment, grievances, personnel policies and practices, or any other matter affecting general working conditions regardless of whether employees desire Union representation, to include during meetings conducted for the purpose of alternative dispute resolution (ADR) such as mediation. This may include Agency sponsored Committees/Meetings dealing with the above subjects. 2. The right to meet and confer will apply to all levels of management within the SCNG and within the Union, starting with the Union Xxxxxxx (if one is assigned) and the first level supervisor. It is the intent of the Parties to meet and confer at the lowest level for problem resolution. If the Parties at the initial point of contact feel resolution of a matter is outside their jurisdiction, the matter will be referred to a higher level. This includes Agency sponsored Committees/Meetings dealing with the subjects herein. 3. The Union’s right to be represented does not extend to informal discussions and meetings between an employee and the Agency. 4. The Agency shall recognize all Officers and Representatives designated by the Union, to include National Representatives. Upon request, the Union will provide the Agency, in writing, a list of all current Officers and Representatives, to include Stewards. 5. The Union’s primary point of contact for all matters is the designated State Representative, or any other representative appointed by the Union. The State Representative or designee will be given reasonable notice of and will be provided reasonable time to be present at meetings or formal discussions concerning any grievance, personnel policy or practice, or other general condition of employment. 6. The Agency shall not interfere in internal Union business. Internal Union business shall be conducted during non-duty hours, or while an employee is in a non-duty status. 7. The Agency agrees that there will be no restraint, interference, coercion, or discrimination against Union representatives as a result of performing their authorized duties under the Statute, and that no employee will be reassigned as a result of participating in protected activity. 8. To the extent that it does not interfere with Management’s Rights under Article 4, the Union, in consonance with its right to represent, may propose new policy, changes in policy, or resolutions to issues, involving conditions of employment or working conditions that are not covered by this Agreement. When the Union submits a proposal to the Agency IAW this Paragraph, the Parties have a duty to negotiate (to the extent that the subject is negotiable) and/or bargain the impact/implementation of said proposal IAW Section 6.3. 9. The LIUNA Local 1776 Business Manager, or their designated representative, is the only official authorized to reach final binding agreement on behalf of the Union concerning any workplace matter and regardless of whether the matter is covered by this Agreement. 10. Most of the information an employee shares with the Union is confidential, unless: a. The Union waives confidentiality; b. The Union reveals the information to someone other than a Union representative; or, c. If the Agency has an overriding need for the information or if it deems their need to know the information as a serious matter.

  • Liability for Failure to Stop Payment of Preauthorized Transfers If you order us to stop payment of a preauthorized transfer three (3) business days or more before the transfer is scheduled and we do not do so, we will be liable for your losses or damages.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!