Data Breach Response Sample Clauses

Data Breach Response. While we use industry-standard practices to safeguard data, no service can guarantee absolute data security. We have a Breach Response Plan, which we will follow if we ever discover that Personal Data has been accessed improperly. As part of our response, we will: take action to stop further data loss or unauthorized access; investigate how the breach occurred; promptly contact all affected users via email; and contact law enforcement and government agencies when appropriate. Data Retention and Deletion XtraMath retains Personal Data only for as long as necessary to ensure continuity of math skill-building for students, and for the convenience of parents and teachers. We close user accounts, and delete all associated identifiable data, upon request. Most types of data are also deleted automatically after a certain amount of time has passed. For details, see Appendix B, Record of Data Processing. We may retain de-identified, aggregate data, which cannot identify any individual user, for research and program improvement purposes. Such data is deleted once no longer necessary for these purposes.We will provide certification of data deletion upon request. Compliance with Data Privacy Laws While we use industry-standard practices to safeguard data, no service can guarantee absolute data security. We have a Breach Response Plan, which we will follow if we ever discover that Personal Data has been accessed improperly. As part of our response, we will: take action to stop further data loss or unauthorized access; investigate how the breach occurred; promptly contact all affected users via email; and contact law enforcement and government agencies when appropriate. • Children’s Online Privacy Protection Act (COPPA): As a non-profit organization, XtraMath is not subject to COPPA. Nevertheless, we fully comply with the law as if we were subject to it. Children under the age of 13 may not create accounts. We only collect usage and performance data from students as a result of their performing educational activities, and we only use that data for educational purposes. If we gain actual knowledge that a child is using XtraMath without the appropriate consent, we terminate the account.
AutoNDA by SimpleDocs
Data Breach Response a. Upon becoming aware of a Data Breach, MailMunch will notify Customer without undue delay and provide timely information relating to the Data Breach as it becomes known or as is reasonably requested by Customer. The obligations herein shall not apply to incidents that are caused by Customer or Customer's Users.
Data Breach Response a. If the nature of the Work involves Contractor Group equipment, software, product(s), host(s), network(s), or environment(s) that may expose University Data to a potential Data Breach, then Contractor shall have an appropriate incident response plan. University may, at its discretion, request Contractor to participate in response planning for Data Breach scenarios and/or “lessons learned” activities following an event that was or might have been a Data Breach. b. If the Contractor has reason to believe that a Data Breach has occurred, then, without undue delay, the CONTRACTOR shall notify the University of said Data Breach. Such notification to the University shall include sufficient information to enable the University to meet its obligations under applicable law. c. In the event of a Data Breach, the CONTRACTOR shall cooperate with the University to: i. Investigate and identify the nature of the Data Breach; ii. Preserve relevant evidence; iii. Contain, remediate, and mitigate the Data Breach; and iv. Notify the University of any additional or newly-emerged information beyond the initial Data Breach notification to the University described above. d. In the event of a Data Breach caused in whole or part by the CONTRACTOR, the University may i. instruct the CONTRACTOR, at the CONTRACTOR’s expense, to provide notice when required by applicable law, or when a Data Breach could result in harm to individuals and/or risk to the University; ii. and/or Services such as credit monitoring or identity theft protection to individuals when the absence of such services could result in harm to individuals and/or individuals would have a reasonable expectation that such services be provided. iii. Alternatively, the University may elect to provide the aforementioned notice and services itself. e. If recovery from the adverse effects of the Data Breach necessitates Contractor’s assistance in the reinstallation of Contractor Group’s technology product(s) (including hardware or software) that are connected with the Work, then Contractor shall cause such assistance in reinstallation to be provided. If Contractor Group is responsible for the Data Breach, then reinstallation assistance shall be at no cost to the University. f. If it appears to the University, in its sole discretion, that services or technology provided by the Contractor are a source of the Data Breach, and present an unreasonable risk, then the University may opt to discontinue use of that source of the Data ...
Data Breach Response. In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by Vendor Vendor shall provide notification to School District within five (5) business days of Vendor’s confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Vendor shall follow the following process:‌ (a) The security breach notification described above shall include, at a minimum, the following information to the extent known by Vendor and as it becomes available: (1) The name and contact information of the reporting School District subject to this section. (2) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (3) If the information is possible to determine at the time the notice is provided, then either (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (4) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and (5) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (b) Vendor agrees to adhere to all applicable federal and state legal requirements with respect to a data breach related to the Student Data, including, when required, the required responsibilities and procedures for notification and mitigation of any such data breach. (c) Vendor further acknowledges and agrees to have a written incident response plan that is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School District, upon written request, with a summary of said written incident response plan. (d) School District shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (e) In the event of a breach originating from School District’s use of the Service, Vendor shall cooperate with Scho...
Data Breach Response. Contractor may need to communicate with
Data Breach Response. Data Breach Response: (i) identifies certain personal information identifiers; and (ii) prepares a notification report, as further described in the Documentation. Customer will be charged the greater of: (a) the actual Relativity Data Breach Response Fees, which are based on the Data Breach Response Monthly Count multiplied by the Unit Price; or (b) a minimum monthly fee of $2,500 per Standard Workspace with the Data Breach Response application installed. The “Data Breach Response Monthly
Data Breach Response. If the nature of Vendor’s business involves Vendor’s equipment, software, products, hosts, networks or environments that may expose NMU IT Data or Confidential Information to a potential data breach, then Vendor shall have in place at all times a commercially reasonable incident response plan, which shall be made available to NMU for review upon request. If Vendor has any reason to believe that a data breach may have occurred on any of Vendor’s equipment, software, products, hosts, networks or environments, Vendor shall immediately provide notice to NMU of all pertinent details related to the same while also taking such immediate actions as may be necessary to preserve relevant evidence, identify the nature of the event and contain any data breach. If it appears to NMU, in its sole discretion, that services or technology provided by Vendor are a source of the data breach and present an unreasonable risk, then, in addition to any other remedies, NMU may opt to discontinue use of that source of the data breach and NMU’s corresponding payment obligations under the Contract shall be adjusted equitably. NMU shall have full control over determining notification requirements in the event of a potential or actual data breach affecting any of its Confidential Information or IT Data.
AutoNDA by SimpleDocs
Data Breach Response. Upon becoming aware of a Data Breach Metaforce shall notify the Controller within 48 hours.
Data Breach Response a. If the nature of the Work involves Vendor Group equipment, software, product(s), host(s), network(s), or environment(s) that may expose University Data to a potential Data Breach, then Vendor shall have an appropriate incident response plan. University may, at its discretion, require Vendor to participate in response planning for Data Breach scenarios and/or “lessons learned” activities following an event that was or might have been a Data Breach. b. If Vendor has reason to believe that Data Breach(es) may have occurred on any of Vendor Groups’ equipment, software, products, host(s), network(s), or environment(s), then Vendor shall promptly (and shall not exceed the time periods as may be required by applicable law) alert the University while also taking such immediate actions as may be necessary to preserve relevant evidence, identity the nature of the event, and contain any Data Breach. As soon as becomes practicable, Vendor shall provide the University a written notice describing the Data Breach incident, and provide University further information updates to help University understand the nature and scope of the event. Vendor shall advise University as to what information and assistance is needed from University in order to eliminate the cause, and mitigate the adverse effects of any Data Breach. Vendor shall prioritize devoting sufficient resources as may be required for this effort. c. University may direct Vendor to provide notice and credit monitoring, at Vendor’s expense, to the third parties (such as private individuals, entities, and official bodies) determined by University to require notification, or University may do so itself. Unless Vendor is compelled by law to provide notification to third parties in a particular manner, University shall control the time, place, and manner of such notification. d. If recovery from the adverse effects of the Data Breach necessitates Vendor’s assistance in the reinstallation of Vendor Group’s technology product(s) (including hardware or software) that are connected with the Work, then Vendor shall cause such assistance in reinstallation to be provided. If Vendor Group is responsible for the Data Breach, then reinstallation assistance shall be at no cost to the University. e. If it appears to the University, in its sole discretion, that services or technology provided by the Vendor are a source of the Data Breach, and present an unreasonable risk, then the University may opt to discontinue use of that sour...
Data Breach Response a. Upon becoming aware of a Data Breach, ConvertKit will notify Customer without undue delay and provide timely information relating to the Data Breach as it becomes known or as is reasonably requested by Customer. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!