Breaches and Misuse. A Security Incident is a suspected, attempted, or imminent threat of unauthorized access, use, disclosure, breach, modification, disruption or destruction to or of District Data. In the event of a Security Incident, Company shall investigate the Security Incident, identify the impact of the Security Incident and take commercially reasonable actions to mitigate the effects of any such Security Incident. If the Security Incident results in a Security Breach, a documented, unsecured disclosure, access, alteration or use of the data, not permitted in this Agreement, which poses a significant risk of financial, reputational or other harm to the affected End User or the District, Company shall, (i) timely provide any notifications to individuals affected by the Security Breach that Company is required to provide, and, (ii) notify District of the Security Breach, subject to applicable confidentiality obligations and to the extent allowed and/or required by Applicable Laws. Except to the extent prohibited by Applicable Laws, Company shall, upon District's written request, provide District with a description of the Security Breach and the type of data that was the subject of the Security Breach. The parties will each cooperate fully in resolving any actual or suspected acquisition or misuse of Confidential Information.
