COMPLIANCE TO REGULATIONS. In accordance with IT Security Standard, COV ITRM Standard 501-06, Section 9.5 Data Breach Notification, if an employee from either agency, or subcontractor, or agent of either, knows or reasonably suspects that any citizen personally identifiable information obtained has been lost, stolen or otherwise subject to unauthorized access, the discovering agency shall immediately notify the other through the appropriate Program Manager and the Chief Information Security Officer (ISO) at Virginia Information Technologies Agency (VITA). The notification must include the following information: a. Cause(s) of the breach incident b. Date(s) of the breach incident c. Estimated size of the affected population (number of personal records) d. The type of data exposed e. Any mitigating factors In the event of a security breach, CA1 and CA2 must comply with all notification actions as required by law and the COV Security Standards. Any costs associated with the breach will be the responsibility of the agency that caused the breach.
Appears in 4 contracts
Samples: Memorandum of Agreement (Moa), Memorandum of Agreement (Moa), Memorandum of Agreement (Moa)
