Data Breach In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process: (1) The security breach notification described above shall include, at a minimum, the following information to the extent known by the Provider and as it becomes available: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (2) Provider agrees to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a summary of said written incident response plan. (4) LEA shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (5) In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with XXX to the extent necessary to expeditiously secure Student Data.
Independence from Material Breach Determination Except as set forth in Section X.E.1.d, these provisions for payment of Stipulated Penalties shall not affect or otherwise set a standard for OIG’s decision that UHS has materially breached this CIA, which decision shall be made at OIG’s discretion and shall be governed by the provisions in Section X.E, below.
Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach. 2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33
Termination for Material Breach Either Party (the “Terminating Party”) may terminate this Agreement in its entirety, or on a country-by-country and Product-by-Product basis, in the event the other Party (the “Breaching Party”) has materially breached this Agreement, and such material breach has not been cured within sixty (60) days after receipt of written notice of such breach by the Breaching Party from the Terminating Party (the “Cure Period”). The written notice describing the alleged material breach shall provide sufficient detail to put the Breaching Party on notice of such material breach. Any termination of this Agreement pursuant to this Section 10.3 shall become effective at the end of the Cure Period, unless the Breaching Party has cured any such material breach prior to the expiration of such Cure Period; provided that in the event a claim of material breach is being contested diligently and in good faith by appropriate proceedings hereunder, any termination pursuant to this Section shall not become effective unless and until such material breach has been established in such proceedings and, in the event that, following such establishment, a cure may then be accomplished by the payment of money or the taking of certain actions, such payment or actions are not paid or taken within sixty (60) days of the conclusion of such proceedings. The right of either Party to terminate this Agreement as provided in this Section 10.3 shall not be affected in any way by such Party’s waiver of or failure to take action with respect to any previous breach under this Agreement.