Breach Notification to Individuals and Reporting to Authorities. 4.4.1. DHHS may direct Contractor to provide Breach notification to individuals, regulators or third-parties, as specified by DHHS following a Breach. 4.4.2. Contractor must comply with all applicable legal and regulatory requirements, including but not limited to those contained in the Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006, Neb. Rev. Stat. §§ 87-801 et seq., in the time, manner and content of any notification to individuals, regulators or third-parties, or any notice required by other state or federal authorities. Notice letters will be in Contractor's name and on Contractor's letterhead, unless otherwise directed by DHHS, and will contain contact information, including the name and title of Contractor's representative, an email address and a toll-free telephone number, for the individual to obtain additional information. 4.4.3. Contractor shall provide DHHS with draft notifications for DHHS approval prior to distribution and copies of distributed and approved communications. 4.4.4. Contractor shall have the burden of demonstrating to the satisfaction of DHHS that any required notification was timely made. If there are delays outside of Contractor's control, Contractor shall provide written documentation to DHHS of the reasons for the delay. 4.4.5. If DHHS directs Contractor to provide notifications, DHHS shall, in the time and manner reasonably requested by Contractor, cooperate and assist with Contractor’s information requests in order to make such notifications.
Appears in 4 contracts
Samples: Data Use Agreement (Dua), Data Use Agreement (Dua), Data Use Agreement
