Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At LEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan. f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service. g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 89 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by XXXLEA. If XXX requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 82 contracts
Samples: Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 69 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 67 contracts
Samples: California Student Data Privacy Agreement, California Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, the Provider shall cooperate with LEA XXX to the extent necessary to expeditiously secure Student Data.
Appears in 33 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 31 contracts
Samples: Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s 's use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 25 contracts
Samples: California Student Data Privacy Agreement, California Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 15 contracts
Samples: California Student Data Privacy Agreement, California Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by XXX. If XXX requests request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 15 contracts
Samples: Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 12 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 12 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within twenty (20) days from when Provider confirms or reasonably believes that a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursData Breach has occurred. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, to the extent known by Provider at the time, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.unauthorized
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s At the request and with the assistance providing notice of unauthorized access, the District and if such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 10 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s 's use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 8 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA within as required by the applicable state law (each a reasonable amount of time of the incident, and not exceeding forty-eight (48“Security Incident Notification”) hours. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Breach Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation
v. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEAx. Xx Provider’s discretion, the security breach notification Security Breach Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing x. Xx the extent LEA determines that the Security Incident triggers third party notice of unauthorized access, and such assistance is not unduly burdensome to Providerrequirements under applicable laws, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall will cooperate with LEA as to the extent necessary timing and content of the notices to expeditiously secure Student Databe sent. Except as otherwise required by law, Provider will not provide notice of the Security Incident directly to individuals whose Personally Identifiable Information was affected, to regulatory agencies, or to other entities, without first providing written notice to LEA.
Appears in 6 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within twenty (20) days from when Provider confirms or reasonably believes that a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursData Breach has occurred. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, to the extent known by Provider at the time, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s At the request and with the assistance providing notice of unauthorized access, the District and if such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.or
Appears in 6 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that of an unauthorized release, disclosure or acquisition of Student Data is accessed that compromises the security, confidentiality or obtained integrity of the Student Data maintained by an unauthorized individual, the Provider the Provider shall provide notification to LEA within the most expedient time possible and without unreasonable delay, but no later than five (5) calendar days, unless specified differently in Exhibit G, after the determination that a breach has occurred, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable amount of time of after the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. (1) The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either either
(1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.; and
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. (2) Provider agrees to adhere to all applicable federal and state requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects reasonable best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information information, and agrees to provide XXX, upon request, with a copy summary of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing (4) LEA shall provide notice of unauthorized access, and such assistance is not unduly burdensome known facts surrounding the breach to Provider, Provider shall notify the affected parentstudents, legal guardian parents or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Serviceguardians.
g. (5) In the event of a breach originating from XXX’s use of the Service, Provider shall reasonably cooperate with LEA XXX to the extent necessary to expeditiously secure Student Data.
Appears in 6 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 5 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.law
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 5 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Vermont K 12 Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider Contractor shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortytwenty-eight four (4824) hours. Provider Contractor shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice”.
b. The security breach notification described above in section 2(a) Notice shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security data breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider Contractor agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider Contractor is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests ProviderContractor’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to ProviderContractor, Provider Contractor shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider Contractor shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 5 contracts
Samples: Data Privacy & Security, Utah Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA within LEA, as required by the applicable state law (each a reasonable amount of time of the incident, and not exceeding forty-eight (48“Security Incident Notification”) hours. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information (“Incident Response Plan”) and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian Incident Response Plan or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and a summary or such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA plan to the extent necessary such a plan includes sensitive or confidential information of Provider.
e. To the extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider will cooperate with XXX as to expeditiously secure Student Datathe timing and content of the notices to be sent. Except as otherwise required by law, Provider will not provide notice of the Security Incident directly to individuals whose Personally Identifiable Information was affected, to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall not restrict Provider’s ability to provide separate security breach notification to customers, including parents and other individuals with Outside School Accounts.
Appears in 4 contracts
Samples: Student Data Privacy Addendum, Student Data Privacy Addendum, Student Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.law
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 4 contracts
Samples: Vermont K 12 Student Data Privacy Agreement, Vermont K 12 Student Data Privacy Agreement, Vermont K 12 Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 4 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, the Provider shall cooperate with LEA XXX to the extent necessary to expeditiously secure Student Data.
Appears in 4 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.appropriate
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 4 contracts
Samples: Vermont K 12 Student Data Privacy Agreement, Student Data Privacy Agreement, Vermont K 12 Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.notice
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within twenty (20) days from when Provider confirms or reasonably believes that a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursData Breach has occurred. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, to the extent known by Provider at the time, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s At the request and with the assistance providing notice of unauthorized access, the District and if such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.or
Appears in 3 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA within LEA, as required by the applicable state law (each a reasonable amount of time of the incident, and not exceeding forty-eight (48“Security Incident Notification”) hours. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information (“Incident Response Plan”) and agrees to provide XXXLEA, upon request, with a copy of said written incident response planIncident Response Plan or a summary or such plan to the extent such a plan includes sensitive or confidential information of Provider.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing e. To the extent LEA determines that the Security Incident triggers third party notice of unauthorized access, and such assistance is not unduly burdensome to Providerrequirements under applicable laws, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall will cooperate with LEA as to the extent necessary timing and content of the notices to expeditiously secure Student Databe sent. Except as otherwise required by law, Provider will not provide notice of the Security Incident directly to individuals whose Personally Identifiable Information was affected, to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall not restrict Provider’s ability to provide separate security breach notification to customers, including parents and other individuals with Outside School Accounts.
Appears in 3 contracts
Samples: Student Data Privacy Addendum, Student Data Privacy Addendum, Student Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.when
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow undertake the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) 2a. shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either either: (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident incident, or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.any
f. Provider is prohibited from directly contacting a parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian guardian, or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) b. and (c), abovec. hereof. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Samples: Illinois Student Data Privacy Agreement, Illinois Student Data Privacy Agreement, Illinois Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.including
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 3 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.notice
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have build a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student DataStudentData.
Appears in 3 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law statelaw for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by XXXLEA. If XXX requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Samples: Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Samples: Vermont K 12 Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data Data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data Data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.and
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Samples: Data Privacy Agreement, Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within a reasonable amount of time ten (10) days of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent that it can be determined:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.personally
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s At the request and with the assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Providerthe District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA within as required by the applicable state law (each a reasonable amount of time of the incident, and not exceeding forty-eight (48“Security Incident Notification”) hours. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Breach Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEAProvider’s discretion, the security breach notification Security Breach Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing e. To the extent LEA determines that the Security Incident triggers third party notice of unauthorized access, and such assistance is not unduly burdensome to Providerrequirements under applicable laws, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall will cooperate with LEA as to the extent necessary timing and content of the notices to expeditiously secure Student Databe sent. Except as otherwise required by law, Provider will not provide notice of the Security Incident directly to individuals whose Personally Identifiable Information was affected, to regulatory agencies, or to other entities, without first providing written notice to LEA.
Appears in 2 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time following discovery of the incident, and not exceeding forty-eight five (485) hoursbusiness days. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXXXX and required by applicable law, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.is
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.that
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Provider becomes aware of an unauthorized release, disclosure or acquisition of Student Data is accessed or obtained by resulting in an unauthorized individualaccess to or disclosure of the Student Data maintained by the Provider in violation of applicable state or federal law or this DPA (“Incident”), the Provider shall will provide notification in seven (7) calendar days. Upon notification by the Provider, the LEA shall be responsible for reporting the Incident to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:its Chief Privacy Officer and/or other officials as required by law.
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach incident notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information Personally Identifiable Information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.range
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentIncident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. b. Provider agrees to adhere to all applicable federal and state requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. c. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information, and agrees to provide XXX, upon request, with a copy summary of said written incident response plan. To the extent LEA determines that the security incident triggers notice requirements under Applicable Laws, LEA shall provide notice and facts surrounding the breach to the affected students and parents.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. d. In the event of a breach an Incident originating from XXX’s use of the Service, Provider XXX shall cooperate with LEA with
e. This provision shall not restrict Provider’s ability to the extent necessary provide separate breach notification to expeditiously secure Student Data.its
Appears in 1 contract
Samples: Student Data Privacy Addendum
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected breach of security resulting in an unauthorized release or disclosure of or access to Student Data is accessed by Provider or obtained by an unauthorized individualits assignees in violation of applicable state of federal law, the Parents Bill of Rights, or the data privacy and security policies of the LEA (a “Security Incident”), Provider shall provide notification to LEA within a reasonable amount of time as required by the applicable state law, and in the most expedient way possible and without unreasonable delay, but in no event later than seven (7) calendar days of the incidentincident (each a “Security Incident Notification”).The LEA shall, upon notification by the Provider, be required to report to the Chief Privacy Officer, who is appointed by the State Education Department, any such breach of security and not exceeding forty-eight (48) hoursunauthorized release of such data. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(aSection 5.2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information, to the extent available:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in applicable state State and federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachSecurity Incident.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Security Incident involving Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information (“Incident Response Plan”) and agrees to provide XXXLEA, upon request, with a copy of said written incident response planthe Incident Response Plan or a summary of such Incident Response Plan to the extent such plan includes sensitive or confidential information of Provider.
f. To the extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider is prohibited from will cooperate with XXX as to the timing and content of the notices to be sent. Except as otherwise required by law, Provider will not provide notice of the Security Incident directly contacting parentto individuals whose Personally Identifiable Information was affected, legal guardian to regulatory agencies, or eligible pupil unless expressly requested by XXXto other entities, without first providing written notice to LEA. If XXX requests This provision shall not restrict Provider’s assistance providing notice of unauthorized accessability to provide separate security breach notification to customers, including parents and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Serviceother individuals with Outside School Accounts.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.Education Law 2-d additional requirements regarding Security Incident Notifications:
Appears in 1 contract
Samples: Student Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1I) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s XXX's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If xx XXX requests Provider’s Xxxxxxxx's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s 's use of the Service.
g. In the event of a breach originating from XXX’s 's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.when
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, the Provider shall cooperate with LEA XXX to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.the
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parentparents, legal guardian guardians or eligible pupil pupils unless expressly requested by XXXLEA. If XXX LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Data Privacy Agreement
Data Breach. In the event that of an unauthorized release, disclosure or acquisition of Student Data is accessed that compromises the security, confidentiality or obtained integrity of the Student Data maintained by an unauthorized individual, the Provider the Provider shall provide notification to LEA within the most expedient time possible and without unreasonable delay, but no later than five (5) calendar days, unless specified differently in Exhibit G, after the determination that a breach has occurred, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable amount of time of after the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. (1) The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either either
(1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.; and
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. (2) Provider agrees to adhere to all applicable federal and state requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects reasonable best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or DocuSign Envelope ID: 8140F21F-DA4E-4A31-855A-2BA46FF14D1D use of Student Data or any portion thereof, including personally identifiable information information, and agrees to provide XXXLEA, upon request, with a copy summary of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing (4) LEA shall provide notice of unauthorized access, and such assistance is not unduly burdensome known facts surrounding the breach to Provider, Provider shall notify the affected parentstudents, legal guardian parents or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Serviceguardians.
g. (5) In the event of a breach originating from XXXLEA’s use of the Service, Provider shall reasonably cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time fifteen (15) days of the incident. Following reasonable investigation, and not exceeding forty-eight (48) hours. Provider shall follow the following process:will provide a security breach notification to LEA.
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided, including the number of affected individuals and how the security breach occurred.
c. At Upon reasonable written request from the LEA’s discretion, the security breach notification may Provider will also include any of the following:provide LEA
i. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. b. Provider agrees to adhere to all requirements in applicable state 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. c. In the event of a reportable breach, the Provider shall keep a complete copy of the LEA’s data it held at the time of the breach in a LEA approved secured, encrypted form and format. Vendor shall retain said data on the LEA’s behalf unless and until the LEA directs its transmission or certified destruction. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice d. At the request of unauthorized access, and such assistance is not unduly burdensome to Providerthe District, Provider shall further agrees it will fully cooperate and assist LEA in LEA’s efforts to notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEAx. Xx XXX’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In x. Xx the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA XXX to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA, or required by law. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data, at the cost of the LEA.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. d. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. e. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. f. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to the LEA within a reasonable amount of time thirty (30) days of the Provider’s knowledge of such incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At the LEA’s reasonable discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all applicable requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information thereof and agrees to provide XXXthe LEA, upon written request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized accessSolely as required under applicable laws, and such at the reasonable written request and with the assistance is not unduly burdensome to Providerof the LEA, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) 72 hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known and practicable:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a an outline copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA or required by appliable law. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon requestsigning a non- disclosure agreement, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.assistance
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At x. Xx LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In x. Xx the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s XXX's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s 's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s 's use of the Service.
g. In the event of a breach originating from XXX’s 's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach Data Breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachData Breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breachData Breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.law
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount twenty four (24) hours of time becoming aware of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (487) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service. The reimbursement will not exceed the value of the agreement.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s 's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said ofsaid written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s 's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information infonnation listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the ofthe Service.
g. In the event of a breach originating from XXX’s LEA' s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s XXX's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.law
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s 's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s 's use of the Service.
g. In the event of a breach originating from XXX’s 's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachbreach subject to the limitations of liability in the Services Agreement.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to any Student Data is accessed or obtained covered by an unauthorized individualthis Agreement (“Security Incident”), Provider shall provide notification to LEA within a reasonable amount of time as required by the applicable state law following discovery of the incidentSecurity Incident (each a “Security Breach Notification”). Unless otherwise required by the applicable law, and not exceeding forty-eight (48) hours. Provider the Security Breach Notification shall follow contain the following processfollowing:
a. The security breach notification Security Breach Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Breach Notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification shall also include the date of the notice.
iv. Whether Whether, to the notification knowledge of the Provider, the Security Breach Notification was delayed because as a result of a law enforcement investigation and the law enforcement agency determined that notification would impede a criminal investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification Security Breach Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information PII has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information PII has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements applicable to Provider in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law applicable to Provider for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use Security Incident of Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Except as otherwise required by law, Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach Security Incident originating from XXXLEA’s actions, use or misuse of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursthree business days. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.notice
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that of an unauthorized release, disclosure or acquisition of Student Data is accessed that compromises the security, confidentiality or obtained integrity of the Student Data maintained by an unauthorized individualthe Provider (“Data Breach”), the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident Data Breach, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable amount of time of after the incident, and not exceeding forty-eight (48) hoursincident Data Breach. Provider shall follow the following processprocess in connection with a incident Data Breach:
a. (1) The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach bBreach incident notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a breachData bBreach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachData bBreach, (2) the estimated date of the breachData bBreach, or (3) the date range within which the breach Data bBreach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.; and
v. A general description of the breach security Data bBreach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. (2) Provider agrees to adhere to all applicable federal and state requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachData bBreach.
e. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon written request, with a copy summary of said written incident response plan,. In the event said written incident response plan contains sensitive or proprietary information, Provider's provision of such written incident response plan shall be subject to XXX's execution of Xxxxxxxx's non-disclosure agreement.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing (4) LEA shall provide notice of unauthorized access, and such assistance is not unduly burdensome facts surrounding the Data bBreach to Provider, Provider shall notify the affected parentstudents, legal guardian parents or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Serviceguardians.
g. (5) In the event of a breach Data bBreach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within a reasonable amount of time ten (10) business days of the incident, and not exceeding forty-eight (48) hours. Provider shall follow be responsible for managing the investigation and providing LEA with updates that include the following processto the extent known and legally permissible to be disclosed :
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:information (to the extent it is known):
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s and Providers joint discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA within a reasonable amount of time thirty (30) days of the incident, and not exceeding forty-eight incident (48each a “Security Incident Notification”) hours. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. i. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. ii. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification Security Incident h Notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.or
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight seventy two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information, if known:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Provider has knowledge or a reasonable belief that Student Data is has been accessed or obtained by an unauthorized individualindividual (“Data Breach”), Provider shall provide notification to LEA as soon as practicable and no later than within a reasonable amount of time ten (10) business days of the incident, and not exceeding forty-eight (48) hoursData Breach. Provider shall follow the following process:
a. The security breach Data Breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” language and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” as available. Additional information may be provided as a supplement to the notice.
b. The security breach Data Breach notification described above in section 2(a) shall include, at a minimum, include the following informationinformation as available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information PII that were or are reasonably believed to have been the subject of a breachData Breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachData Breach, (2) the estimated date of the breachData Breach, or (3) the date range within which the breach Data Breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentData Breach, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretionrequest, the security breach Data Breach notification may to the LEA will also include any of the followingfollowing as it becomes available:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice To the extent required under New Hampshire law, advise on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all applicable requirements in applicable state the New Hampshire Data Breach law and in federal law with respect to a data breach Data Breach related to the Student DataPII, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachData Breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breachData Breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice At the request of unauthorized access, and such assistance is not unduly burdensome to Providerthe LEA, Provider shall notify reasonably assist the LEA with their legally required notifications to the affected parent, legal guardian or eligible pupil of the unauthorized accessData Breach, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse The LEA remains ultimately responsible for costs incurred to notify parents/families the timing and content of a breach not originating from XXX’s use of the Servicesuch legally required notifications.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.law
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s 's use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. b. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. c. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.or
e. d. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. e. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. f. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. ii. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. iii. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. iv. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian guardian, or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. v. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil regarding a breach unless expressly requested by XXXLEA or required by applicable law. If XXX LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the ServiceService to the extent such notifications are required by applicable law .
g. In the event of a breach originating from XXXLEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s XXX's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.pupil
g. In the event of a breach originating from XXX’s 's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s ' s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of securityofsecurity, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said ofsaid written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by XXXLEA. If XXX requests IfLEA request Provider’s 's assistance providing notice of unauthorized ofunauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the student ofthe unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a ofa breach not originating from XXX’s LEA's use of the ofthe Service.
g. In the event of a breach originating from XXX’s LEA' s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow undertake the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) 2a. shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either either: (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident incident, or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.any
f. Provider is prohibited from directly contacting a parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian guardian, or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) b. and (c), abovec. hereof. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached. ii.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hourshours of confirmation. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursfive business days. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.acquisition
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA School Unit within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursunless notification within this time limit would disrupt investigation of the incident by law enforcement. Provider shall follow the following processprocess for such notification:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA School Unit subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under under, to the extent available, the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, the Provider shall cooperate with LEA XXX to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or requiredrequired by law, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.state
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA reasonably requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the ServiceStudent Data caused by Provider.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall reasonably cooperate with LEA to remediate the extent necessary to expeditiously secure Student Datavulnerability that caused the security breach.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1I) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s 's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA. If XXX LEA requests Provider’s 's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s LEA's use of the Service.
g. In the event of a breach originating from XXX’s LEA's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by XXXLEA. If XXX requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above; provided that LEA shall reimburse or pay the costs associated with such notification. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight ten (4810) hoursdays. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by XXXLEA. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow shall, upon request of the LEA, provide assistance and information so that the LEA can implement the following process:
a. The security breach notification provided to affected individuals shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s 's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has parties have done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees Any organization that is required to adhere issue a security breach notification pursuant to all requirements in applicable state and federal law with respect this section to more than 500 California residents as a data result of a single breach related of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachAttorney General. Provider shall assist LEA in these efforts.
e. Provider further acknowledges At the request and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach the assistance of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to ProviderLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of but not more than seven (7) days after discovery the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
ii1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
vii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. viii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
c. Provider agrees to adhere to all requirements in applicable state 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
d. In the event of a reportable breach, the Provider shall keep a complete copy of the LEA’s data it held at the time of the breach in a LEA approved secured, encrypted form and format. Provider shall retain said data on the LEA’s behalf
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best commercially reasonable practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information and agrees to provide XXXLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s At the request and with the assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Providerthe District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.breachTeydp. e text here
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or requiredaTpyppreopterixatteheorrerequired, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response planinformation.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXXLEA or required by law. If XXX LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXFor the avoidance of doubt, Provider shall reimburse have no liability unless a breach incident is caused by Provider’s actions, in which event Provider’s liability shall be limited to the aggregate amount paid by LEA for costs incurred to notify parents/families Provider under applicable Services Agreement during the 12-month period immediately preceding the occurrence of the first event giving rise to the required delivery by Provider of a breach not originating from XXX’s use Notice of the ServiceData Breach.
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXLEA, upon requestsigning a non-disclosure agreement, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by XXXLEA. If XXX requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXXLEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXXLEA’s use of the Service., but
g. In the event of a breach originating from XXXLEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. : ⦁ The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. . ⦁ The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. : ⦁ The name and contact information of the reporting LEA subject to this section.
ii. ⦁ A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. ⦁ If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. ⦁ Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. . ⦁ A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. . ⦁ At LEAXXX’s discretion, the security breach notification may also include any of the following:
i. : ⦁ Information about what the agency has done to protect individuals whose information has been breached.
ii. ⦁ Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. . ⦁ Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. ⦁ Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. . ⦁ Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. . ⦁ In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA XXX to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s XXX's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. Any agency that is required to issue a security breach notification pursuant to this section to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. Provider shall assist XXX in these efforts.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.'s
g. In the event of a breach originating from XXX’s 's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s XXX' s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXXprovideLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s 's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s 's use of the Service.
g. In the event of a breach originating from XXX’s 's use of the Service, Provider shall cooperate with LEA withLEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
