Common use of Data Breach Response Plan Clause in Contracts

Data Breach Response Plan. After it becomes aware of or suspects that any PII received from IDE has been subject to a Confidential Information Breach, IVRS shall (i) notify IDE of such Confidential Information Breach as soon as practicable, but no more than 24 hours after discovery of the Confidential Information Breach and (ii) promptly investigate the Confidential Information Breach and provide IDE with detailed information about the Confidential Information Breach. Unless the parties agree otherwise, IVRS shall be responsible, at its expense, for notifying affected individuals of the Confidential Information Breach as required by law (including but not limited to Iowa Code Chapter 715C) or as mutually agreed upon by the parties. IVRS shall, at its expense, take reasonable steps to mitigate the effects and to minimize any damage resulting from the Confidential Information Breach. Such steps shall include when appropriate a credit monitoring or protection plan. The credit monitoring or protection plan shall include, but is not limited to, reimbursement for the full cost of commencing a security freeze, temporary suspension, or removal of a security freeze per credit file pursuant to Iowa Code Section 714G.5 and shall cover a length of time commensurate with the circumstances of the Confidential Information Breach. The foregoing obligations may be delayed or waived if a law enforcement agency determines that the performance of the obligations would impede a criminal investigation.

Data Breach Response Plan. After it becomes aware of or suspects that any PII received from IDE has been subject to a Confidential Information Breach, IVRS shall shall (i) notify IDE of such Confidential Information Breach as soon as practicable, but no more than 24 hours after discovery of the Confidential Information Breach and (ii) promptly investigate the Confidential Information Breach and provide IDE with detailed information about the Confidential Information Breach. Unless the parties agree otherwise, IVRS shall be responsible, at its expense, for notifying affected individuals of the Confidential Information Breach as required by law (including but not limited to Iowa Code Chapter 715C) or as mutually agreed upon by the parties. IVRS shall, at its expense, take reasonable steps to mitigate the effects and to minimize any damage resulting from the Confidential Information Breach. Such steps shall include when appropriate a credit monitoring or protection plan. The credit monitoring or protection plan shall include, but is not limited to, reimbursement for the full cost of commencing a security freeze, temporary suspension, or removal of a security freeze per credit file pursuant to Iowa Code Section 714G.5 and shall cover a length of time commensurate with the circumstances of the Confidential Information Breach. The foregoing obligations may be delayed or waived if a law enforcement agency determines that the performance of the obligations would impede a criminal investigation.