Data Breach Reporting Sample Clauses

Data Breach Reporting. The Alabama Department of Revenue is committed to fighting stolen identity refund fraud. You must adhere to the IRS e-File Security, Privacy and Business Standards Mandated as of January 1, 2010. This mandate requires reporting security incidents as soon as possible, but no later than the next business day after the confirmation of the incident. The Alabama Department of Revenue must be notified within 48 hours if at any time it is discovered that your system (or any third party system holding or with access to your taxpayer data) has been breached or compromised exposing taxpayer personal information and/or user id information – including but not limited to SSNs, user names, and passwords. You are hereby obligated to notify the Alabama Department of Revenue within 48 hours of the discovery of the breach. Notice must be made directly to the e-File Coordinator in addition to submitting the affected accounts through the leads reporting process. Failure to notify the Department could result in your software being blocked from the electronic filing of Alabama returns.
Sample 1Sample 2Sample 3See All (4)
Data Breach Reporting. 10.1 The Licensee must, as soon as reasonably practicable, after becoming aware that there has been an Eligible Data Breach, or that there are reasonable grounds to suspect or believe that there may have been, or has been, an Eligible Data Breach: 10.1.1 notify Hostplus of the known, suspected or believed Eligible Data Breach; and 10.1.2 provide all details of the Eligible Data Breach to Hostplus to enable it to consider the nature and extent of the Eligible Data Breach. 10.2 Before notifying third parties of the Eligible Data Breach, the Licensee must provide Hostplus with a copy of the proposed notice.
Sample 1Sample 2
Data Breach Reporting. 8.1. In the event of a Data Breach, Avature will promptly notify Customer, however no later than twenty-four (24) hours of detection by Avature. Avature will provide updates every four (4) hours on the security incident via the Customer Service Portal. Avature will provide a root cause analysis to Customer upon the completion of its post event analysis of the incident. 8.2. If a Data Breach affects the privacy of Personal Data contained in Customer Data regulated by any relevant regulatory body, Avature agrees to coordinate any communication to affected individuals according to a process mutually agreed upon between Avature and Customer. 8.3. Customer shall be responsible for complying with all legally required notifications to Regulators regarding a Data Breach and Avature shall provide all necessary cooperation and information. Avature shall not disclose that a Data Breach has or may have affected Customer's data nor make any public announcements stating Customer's data has been affected by a Data Breach or otherwise naming Customer or using Customer's name, trademark or logo without Customer's prior written approval.
Sample 1Sample 2
Data Breach Reporting. Should the Receiving Party suspect unauthorized disclosure of or access to Disclosing Party confidential information, the Receiving Party shall immediately report the incident to the Disclosing Party’s Service Desk: XXX.XxxxxxxXxxx@xxx.xxxxxxxxx.xxx; (000) 000-0000.
Sample 1
Data Breach Reporting. If Contractor determines that a breach of data has occurred that may involve CALNET Customer data, the nature and scope of the breach (as it affects Customer data) shall be reported to both the Customer and the CALNET CMO within 24 hours of that determination.
Sample 1
Data Breach Reporting. All software providers executing this agreement are subject to the data breach security laws and/or regulations of the GADOR, including but not limited to provisions regarding who must comply with the law, definitions ofpersonally identifiable information”, what constitutes a breach, requirements for notice, and any exemptions. For detailed information on data breach see below links. Official Text — Georgia Senate Xxxx SB 230/AP(2005)
Sample 1

Related to Data Breach Reporting

  • Data Breach In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process: (1) The security breach notification described above shall include, at a minimum, the following information to the extent known by the Provider and as it becomes available: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (2) Provider agrees to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a summary of said written incident response plan. (4) LEA shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (5) In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with XXX to the extent necessary to expeditiously secure Student Data.

  • Data Breaches Contractor shall notify the School District in writing as soon as commercially practicable, however no later than forty-eight (48) hours, after Contractor has either actual or constructive knowledge of a breach which affects the School District’s Data (an “Incident”) unless it is determined by law enforcement that such notification would impede or delay their investigation. Contractor shall have actual or constructive knowledge of an Incident if Contractor actually knows there has been an Incident or if Contractor has reasonable basis in facts or circumstances, whether acts or omissions, for its belief that an Incident has occurred. The notification required by this section shall be made as soon as commercially practicable after the law enforcement agency determines that notification will not impede or compromise the investigation. Contractor shall cooperate with law enforcement in accordance with applicable law provided however, that such cooperation shall not result in or cause an undue delay to remediation of the Incident. Contractor shall promptly take appropriate action to mitigate such risk or potential problem at Contractor’s or OPERATOR’s expense. In the event of an Incident, Contractor shall, at its sole cost and expense, restore the Confidential Information, to as close its original state as practical, including, without limitation any and all Data, and institute appropriate measures to prevent any recurrence of the problem as soon as is commercially practicable. Contractor will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Contractor will also have a written incident response plan, to include prompt notification of the District in the event of a security or privacy incident, as well as best practices for responding to a breach of PII.

  • Data Breach Notification Seller will promptly notify Buyer of any actual or potential exposure or misappropriation of Buyer data ("breach") that comes to Seller's attention. Seller will cooperate with Xxxxx and in investigating any such breach, at Xxxxxx's expense. Seller will likewise cooperate with Buyer and, as applicable, with law enforcement agencies in any effort to notify injured or potentially injured parties, and such cooperation will be at Seller's expense, except to the extent that the breach was caused by Xxxxx. The remedies and obligations set forth in this subsection are in addition to any others Buyer may have, including, but not limited to, any requirements in the “Privacy, Confidentiality, and Security” provisions of this Agreement.

  • Adverse Event Reporting Both Parties acknowledge the obligation to comply with the Protocol and / or applicable regulations governing the collection and reporting of adverse events of which they may become aware during the course of the Clinical Trial. Both Parties agree to fulfil and ensure that their Agents fulfil regulatory requirements with respect to the reporting of adverse events.

  • Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.

  • Accident Reporting 25.1 If You or an Authorised Driver has an Accident or if the Vehicle is stolen You must report the Accident or theft to Us within 24 hours of it occurring and fully complete an Accident/Theft report form. 25.2 If the Vehicle is stolen or if You or an Authorised Driver of the Vehicle has an Accident where: (a) any person is injured; (b) the other party has failed to stop or leaves the scene of the Accident without exchanging names and addresses; or (c) the other party appears to be under the influence of drugs or alcohol, You or the Authorised Driver must also report the theft or Accident to the Police. 25.3 If You or an Authorised Driver has an Accident You and the Authorised Driver must: (a) exchange names and addresses and telephone numbers with the other driver and drivers licence details; (b) take the registration numbers of all vehicles involved; (c) take as many photos as is reasonable showing: (i) the position of the Vehicles before they are moved for towing or salvage; (ii) the Damage to the Vehicle; (iii) the damage to any third party vehicle or property; and (iv) the general area where the Accident occurred, including any road or traffic signs; (d) obtain the names, addresses and phone numbers of all witnesses; (e) not make any admission of fault or promise to pay the other party's claim or release the other party from any liability; (f) forward all third party correspondence or court documents to Us within 7 days of receipt together with a fully completed Accident Report Form (if not already submitted); and (g) co-operate with Us in the prosecution of any legal proceedings that We may institute or defence of any legal proceedings which may be instituted against You or Us as a result of an Accident, including: (i) attending Our lawyer's office; and (ii) any Court hearing.

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • CHILD ABUSE REPORTING CONTRACTOR hereby agrees to annually train all staff members, including volunteers, so that they are familiar with and agree to adhere to its own child and dependent adult abuse reporting obligations and procedures as specified in California Penal Code section 11164 et seq. and Education Code 44691. To protect the privacy rights of all parties involved (i.e., reporter, child and alleged abuser), reports will remain confidential as required by law and professional ethical mandates. A written statement acknowledging the legal requirements of such reporting and verification of staff adherence to such reporting shall be submitted to the LEA.

  • Notification of Breach / Compliance Reports The Adviser shall notify the Trust immediately upon detection of (i) any material failure to manage any Fund in accordance with its investment objectives and policies or any applicable law; or (ii) any material breach of any of the Funds’ or the Adviser’s policies, guidelines or procedures. In addition, the Adviser shall provide a quarterly report regarding each Fund’s compliance with its investment objectives and policies, applicable law, including, but not limited to the 1940 Act and Subchapter M of the Code, as applicable, and the Fund’s policies, guidelines or procedures as applicable to the Adviser’s obligations under this Agreement. The Adviser agrees to correct any such failure promptly and to take any action that the Board may reasonably request in connection with any such breach. Upon request, the Adviser shall also provide the officers of the Trust with supporting certifications in connection with such certifications of Fund financial statements and disclosure controls pursuant to the Xxxxxxxx-Xxxxx Act. The Adviser will promptly notify the Trust in the event (i) the Adviser is served or otherwise receives notice of any action, suit, proceeding, inquiry or investigation, at law or in equity, before or by any court, public board, or body, involving the affairs of the Trust (excluding class action suits in which a Fund is a member of the plaintiff class by reason of the Fund’s ownership of shares in the defendant) or the compliance by the Adviser with the federal or state securities laws or (ii) an actual change in control of the Adviser resulting in an “assignment” (as defined in the 0000 Xxx) has occurred or is otherwise proposed to occur.

  • Privacy of Customer Information The Seller’s Customer Information in the possession of the Administrative Agent or the Buyers, other than information independently obtained by the Administrative Agent or the Buyers and not derived in any manner from or using information obtained under or in connection with this Agreement, is and shall remain confidential and proprietary information of the Seller. Except in accordance with this Section 16.9, the Administrative Agent and the Buyers shall not use any Seller’s Customer Information for any purpose, including the marketing of products or services to, or the solicitation of business from, Customers, or disclose any Seller’s Customer Information to any Person, including any of the Administrative Agent’s or the Buyers’ employees, agents or contractors or any third party not affiliated with the Administrative Agent or a Buyer. The Administrative Agent and the Buyers may use or disclose Seller’s Customer Information only to the extent necessary (i) for examination and audit of the Administrative Agent’s or the Buyers’ respective activities, books and records by their regulatory authorities, (ii) to market or sell Purchased Mortgage Loans or to enforce or exercise their rights under any Repurchase Document, (iii) to carry out the Administrative Agent’s, the Buyers’ and the Custodian’s express rights and obligations under this Agreement and the other Repurchase Documents (including providing Seller’s Customer Information to Approved Investors), or (iv) in connection with an assignment or participation as authorized by Section 22 or in connection with any hedging transaction related to the Purchased Loans and for no other purpose; provided that the Administrative Agent and the Buyers may also use and disclose the Seller’s Customer Information as expressly permitted by the Seller in writing, to the extent that such express permission is in accordance with the Privacy Requirements. The Administrative Agent and the Buyers shall ensure that each Person to which the Administrative Agent or a Buyer intends to disclose Seller’s Customer Information, before any such disclosure of information, agrees to keep confidential any such Seller’s Customer Information and to use or disclose such Seller’s Customer Information only to the extent necessary to protect or exercise the Administrative Agents, the Buyers’ or the Custodian’s rights and privileges, or to carry out the Administrative Agent’s, the Buyers’ and the Custodian’s express obligations, under this Agreement and the other Repurchase Documents (including providing Seller’s Customer Information to Approved Investors). The Administrative Agent agrees to maintain an Information Security Program and to assess, manage and control risks relating to the security and confidentiality of Seller’s Customer Information pursuant to such program in the same manner as the Administrative Agent does in respect of its own customers’ information, and shall implement the standards relating to such risks in the manner set forth in the Interagency Guidelines Establishing Standards for Safeguarding Company Customer Information set forth in 12 C.F.R. Parts 30, 208, 211, 225, 263, 308, 364, 568 and 570. Without limiting the scope of the foregoing sentence, the Administrative Agent and the Buyers shall use at least the same physical and other security measures to protect all of the Seller’s Customer Information in their possession or control as each of them uses for its own customers’ confidential and proprietary information.