Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. vi. The estimated number of students and teachers affected by the breach, if any. c. At LEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 181 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 53 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. For purposes of this section, “data breach” means the unauthorized disclosure of data, unauthorized provision of physical or electronic means of gaining access to data that compromises the security, confidentiality, or integrity of School Student Data, or other unauthorized access, alteration, use or release of School District Data, as well as any other circumstances that could have resulted in such unauthorized disclosure, access, alteration, or use.
5.5.1 In the event that Student Data is accessed or obtained of a data breach, the Company agrees to the following:
(1) notify the School District by an unauthorized individualtelephone and email within the most expedient time possible and without unreasonable delay, Provider shall provide notification to LEA as soon as practicable and but no later than within ten 24 hours after the determination that a breach has occurred; (102) days at the time notification of the incident. Provider shall follow breach is made, provide the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present School District with the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information for an employee of the reporting LEA subject Company who shall serve as the Company’s primary security contact; (3) assist the School District with any investigation, including interviews with Company employees and review of all relevant records; (4) provide the School District within the most expedient time possible and without unreasonable delay, and in no case later than fifteen (15) days after notification to this section.
ii. A list the School District that a data breach occurred, the number of students whose covered information is involved in the breach; the date, estimated date, or estimated date range of the types breach; a description of personal the covered information that were was compromised or are reasonably believed to have been compromised in the subject breach; and contact information for the person who parents/guardians may contact at the Company regarding the breach; and (4) assist the School District with any notification the School District deems necessary related to the security breach. The Company agrees to comply with the terms of this Section 5.5.1 regardless of whether the misuse or unauthorized release of School District Data is the result of or constitutes a breachmaterial breach of the Agreement or this Addendum.
iii. If 5.5.2 The Company shall not, unless required by law, provide any notices except to the information is possible to determine School District without prior written permission from the School District.
5.5.3 The Company shall reimburse and indemnify the School District for all costs imposed on the School District or reasonably undertaken by the School District at the time the notice is provided, then either (1) the date of the its discretion associated with a data breach, (2) including but not limited to reimbursement of costs associated with notifying individuals whose information was compromised and notifying required regulatory agencies; fees paid to provide credit monitoring to impacted individuals; legal fees, audit costs, fines, and any other fees or damages reasonably undertaken by or imposed against the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed School District as a result of a law enforcement investigationthe security breach; and any other notifications, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentlegally mandated responses, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected or responses reasonably undertaken by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements School District in the New Hampshire Data Breach law and in federal law with respect to a data breach related response to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 29 contracts
Samples: Data Privacy Addendum, Data Privacy Addendum, Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten twenty (1020) days of the incidentfrom when Provider confirms or reasonably believes that a Data Breach has occurred. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section Section 2(a) shall include, at a minimum, to the extent known by Provider at the time, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), ) above.
Appears in 19 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that LEA’s Student Data or Teacher Data maintained by Provider is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and in accordance with applicable law, taking into consideration the legitimate needs of law enforcement and no later than within ten (10) business days of the incidentfollowing a confirmed data breach. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section, when applicable.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any, if that information is possible to determine at the time the notice is provided. If not possible at the time of the notice, the Provider will provide the information when available.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data and Teacher Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach as applicable to Provider’s role in the data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach of LEA’s Student Data, Teacher Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictIf required by applicable federal or state law, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized accessdata breach, which notice shall include the information listed in subsections (b) and (c), aboverequired by applicable law.
Appears in 18 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In When Operator reasonably suspects and/or becomes aware of a disclosure or security breach concerning any Data covered by this Agreement, Operator shall immediately notify the event that Student Data is accessed or obtained by an unauthorized individualDistrict and take immediate steps to limit and mitigate the damage of such security breach to the greatest extent possible.
a. Subject to the following requirements, Provider the Operator shall provide a security breach notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:LEA.
a. i. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. ii. The security breach notification described above in section 2(a2(a)(i) shall include, at a minimum, the following information:
i. 1. The name and contact information of the reporting LEA subject to this section.
ii2. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii3. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv4. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. 5. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
viiii. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also must include any of the followingat least:
i. 1. Information about what the agency Operator has done to protect individuals whose information has been breached.
ii2. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider 3. Information about the steps the Operator has taken to cure the breach and the estimated timeframe for such cure.
b. Operator agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider c. Operator further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. d. At the request and with the assistance of the DistrictLEA, Provider Operator shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections subsection (ba) and (c), above.
e. The Parties agree that any breach of the privacy and/or confidentiality obligation set forth in the DPA may, at the LEA’s discretion, result in the LEA immediately terminating the Service Agreement and any other agreement for goods and services with Operator. Termination does not absolve the Operator’s responsibility to comply with the disposition procedures of Data.
Appears in 16 contracts
Samples: Data Privacy Agreement, Data Privacy Agreement, Texas Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected breach of security resulting in an unauthorized release or disclosure of or access to Student Data is accessed by Provider or obtained by an unauthorized individualits assignees in violation of applicable state of federal law, the Parents Bill of Rights, or the data privacy and security policies of the LEA which have been previously provided to Provider (a “Security Incident”), Provider shall provide notification to LEA as soon as practicable required by the applicable state law, and in the most expedient way possible and without unreasonable delay, but in no event later than within ten seven (107) calendar days of the incidentincident (each a “Security Incident Notification”).The LEA shall, upon notification by the Provider, be required to report to the Chief Privacy Officer, who is appointed by the State Education Department, any such breach of security and unauthorized release of such data. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a5.2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information, to the extent available:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed as a result of a law enforcement investigation
v. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.been
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachSecurity Incident.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a Security Incident involving Student Data or any portion thereof, including Personally Identifiable Information (“Incident Response Plan”) and agrees to provide LEA, upon request, with a copy of the Incident Response Plan or a summary of such Incident Response Plan to the extent such plan includes sensitive or confidential information of Provider.
f. At To the request extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider will cooperate with XXX as to the timing and with the assistance content of the Districtnotices to be sent. Except as otherwise required by law, Provider shall notify the affected parent, legal guardian or eligible pupil will not provide notice of the unauthorized accessSecurity Incident directly to individuals whose Personally Identifiable Information was affected, which to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall include the information listed in subsections (b) not restrict Provider’s ability to provide separate security breach notification to customers, including parents and (c), aboveother individuals with Outside School Accounts.
g. Education Law 2-d additional requirements regarding Security Incident Notifications:
Appears in 13 contracts
Samples: Student Data Privacy Addendum, Student Data Privacy Addendum, Student Data Privacy Addendum
Data Breach. In the event that Student Data or Teacher Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data and Teacher Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data, Teacher Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 11 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA as soon as practicable and required by the applicable state law, but in no event later than within ten thirty (1030) days of the incident. incident (each a “Security Incident Notification”) Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a5.2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information, to the extent available:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed as a result of a law enforcement investigation
v. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachSecurity Incident.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a Security Incident involving Student Data or any portion thereof, including Personally Identifiable Information (“Incident Response Plan”) and agrees to provide LEA, upon request, with a copy of the Incident Response Plan or a summary of such Incident Response Plan to the extent such plan includes sensitive or confidential information of Provider.
f. At To the request and with extent LEA determines that the assistance of the DistrictSecurity Incident triggers third party notice requirements under applicable laws, Provider shall notify will cooperate with LEA as to the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.timing and
Appears in 10 contracts
Samples: Student Data Privacy Addendum, Student Data Privacy Addendum, Student Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 9 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 8 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 7 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 7 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected breach of security resulting in an unauthorized release or disclosure of or access to Student Data is accessed by Provider or obtained by an unauthorized individualits assignees in violation of applicable state of federal law, the Parents Xxxx of Rights, or the data privacy and security policies of the LEA which have been previously provided to Provider (a “Security Incident”), Provider shall provide notification to LEA as soon as practicable required by the applicable state law, and in the most expedient way possible and without unreasonable delay, but in no event later than within ten seven (107) calendar days of the incidentincident (each a “Security Incident Notification”).The LEA shall, upon notification by the Provider, be required to report to the Chief Privacy Officer, who is appointed by the State Education Department, any such breach of security and unauthorized release of such data. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a5.2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information, to the extent available:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed as a result of a law enforcement investigation
v. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.been
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachSecurity Incident.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a Security Incident involving Student Data or any portion thereof, including Personally Identifiable Information (“Incident Response Plan”) and agrees to provide LEA, upon request, with a copy of the Incident Response Plan or a summary of such Incident Response Plan to the extent such plan includes sensitive or confidential information of Provider.
f. At To the request extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider will cooperate with LEA as to the timing and with the assistance content of the Districtnotices to be sent. Except as otherwise required by law, Provider shall notify the affected parent, legal guardian or eligible pupil will not provide notice of the unauthorized accessSecurity Incident directly to individuals whose Personally Identifiable Information was affected, which to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall include the information listed in subsections (b) not restrict Provider’s ability to provide separate security breach notification to customers, including parents and (c), aboveother individuals with Outside School Accounts.
g. Education Law 2-d additional requirements regarding Security Incident Notifications:
Appears in 7 contracts
Samples: Student Data Privacy Addendum, Student Data Privacy Addendum, Student Data Privacy Addendum
Data Breach. In the event that XXX’s Student Data or Teacher Data maintained by Provider is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and in accordance with applicable law, taking into consideration the legitimate needs of law enforcement and no later than within ten (10) business days of the incidentfollowing a confirmed data breach. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section, when applicable.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any, if that information is possible to determine at the time the notice is provided. If not possible at the time of the notice, the Provider will provide the information when available.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data and Teacher Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach as applicable to Provider’s role in the data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach of XXX’s Student Data, Teacher Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictIf required by applicable federal or state law, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized accessdata breach, which notice shall include the information listed in subsections (b) and (c), aboverequired by applicable law.
Appears in 6 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In When Operator reasonably suspects and/or becomes aware of a disclosure or security breach concerning any Data covered by this Agreement, Operator shall immediately notify the event that Student Data is accessed or obtained by an unauthorized individualDistrict and take immediate steps to limit and mitigate the damage of such security breach to the greatest extent possible.
a. Subject to the following requirements, Provider the Operator shall provide a security breach notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:LEA.
a. i. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “When it Occurred,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. ii. The security breach notification described above in section 2(a2(a)(i) shall include, at a minimum, the following information:
i. 1. The name and contact information of the reporting LEA subject to this section.
ii2. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii3. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv4. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. 5. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
viiii. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also must include any of the followingat least:
i. 1. Information about what the agency Operator has done to protect individuals whose information has been breached.
ii2. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider 3. Information about the steps the Operator has taken to cure the breach and the estimated timeframe for such cure.
b. Operator agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider c. Operator further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. d. At the request and with the assistance of the DistrictLEA, Provider Operator shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections subsection (ba) and (c), above.
e. The Parties agree that any breach of the privacy and/or confidentiality obligation set forth in the DPA may, at the LEA's discretion, result in the LEA immediately terminating the Service Agreement and any other agreement for goods and services with Operator. Termination does not absolve the Operator's responsibility to comply with the disposition procedures of Data.
f. Operator shall timely notify law enforcement as appropriate of any breach or suspected breach.
Appears in 6 contracts
Samples: Data Privacy Agreement, Texas Data Privacy Agreement, Texas Data Privacy Agreement
Data Breach. In the event that Student Confidential Data is accessed or obtained by an unauthorized individual, Provider Vendor shall provide notification to LEA as soon as practicable the School District without unreasonable delay and no later not more than within ten seven (107) calendar days after the discovery of the incidentsuch breach. Provider Vendor shall follow the following process:
a. (a) The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” ”, shall be clear, concise, use language that is plain and easy to understand, and to the extent available, shall present include: a brief description of the breach or unauthorized release; the dates of the incident and the date of discovery; a description of the types of Confidential Data affected; an estimate of the number of records affected; a brief description of the Vendors investigation or plan to investigate; and contact information described herein for representatives who can assist the School District with additional questions.
(b) The Vendor shall also prepare a statement for parents and eligible students which provides information under the following headingscategories: “What Happened,” ”, “What Information Was Involved,” “When it Occurred,” ”, “What We Are Doing,” ”, “What You Can Do,” ”, and “For More Information.” Additional information may be provided as a supplement to the notice”.
b. The security (c) Where a breach or unauthorized release of Confidential Data is attributed to Vendor, and/or a subcontractor or affiliate of Vendor, Vendor shall pay for or promptly reimburse the School District for the cost of notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name to parents and contact information eligible students of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If (d) Vendor shall cooperate with the information is possible School District and law enforcement to determine at protect the time the notice is provided, then either (1) the date integrity of the breach, (2) the estimated date of the breach, or (3) the date range within which investigations into the breach occurred. The notification shall also include the date or unauthorized release of the noticeConfidential Data.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider (e) Vendor further acknowledges and agrees to have a written incident response plan that
f. At that is consistent with industry standards and Federal and State laws for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Confidential Data or any portion thereof. Upon request, Vendor shall provide a copy of said written incident response plan to the request and with the assistance of the School District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 5 contracts
Samples: Software Agreement, Software Agreement, Software Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. d. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request that is consistent with federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with the assistance a copy of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), abovesaid written incident response plan.
Appears in 5 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, and such unauthorized access is caused by the fault of the Provider and not that of LEA or its agents. Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein herein, under the following headingsheadings or equivalent organizational structure: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, if practicable, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A To the extent feasible, a list of the types of personal information that were or are reasonably believed to have been the subject of a the breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is providedprovided .
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification to the LEA may also include any of the following:also
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects commercially reasonable practices and is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a summary of said written incident response plan containing non- proprietary and confidential information.
f. At the request and with the assistance of the DistrictUpon LEA’s written request, Provider shall notify will assist the LEA in the LEA’s notification of the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 5 contracts
Samples: Student Data Privacy Agreement, Massachusetts Student Data Privacy Agreement, Massachusetts Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten twenty (1020) days of the incidentfrom when Provider confirms or reasonably believes that a Data Breach has occurred. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section Section 2(a) shall include, at a minimum, to the extent known by Provider at the time, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), ) above.
Appears in 4 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.and
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 4 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, and such unauthorized access is caused by the fault of the Provider and not that of LEA or its agents. Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headingsheadings or equivalent organizational structure: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A To the extent feasible, a list of the types of personal information that were or are reasonably believed to have been the subject of a the breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.to
c. At LEA’s discretion, the security breach notification to the LEA may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects commercially reasonable practices and is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a summary of said written incident response plan.
f. At the request and with the assistance of the DistrictUpon LEA’s written request, Provider shall notify will assist in the notification of the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 3 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Confidential Data is accessed or obtained by an unauthorized individual, Provider Vendor shall provide notification to LEA as soon as practicable the School District without unreasonable delay and no later not more than within ten seven (107) calendar days after the discovery of the incidentsuch breach. Provider Vendor shall follow the following process:
a. (a) The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” shall be clear, concise, use language that is plain and easy to understand, and to the extent available, shall present include: a brief description of the breach or unauthorized release; the dates of the incident and the date of discovery; a description of the types of Confidential Data affected; an estimate of the number of records affected; a brief description of the Vendors investigation or plan to investigate; and contact information described herein for representatives who can assist the School District with additional questions.
(b) The Vendor shall also prepare a statement for parents and eligible students which provides information under the following headingscategories: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as ”
(c) Where a supplement breach or unauthorized release of Confidential Data is attributed to Vendor, and/or a subcontractor or affiliate of Vendor, Vendor shall pay for or promptly reimburse the notice.
b. The security breach School District for the cost of notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name to parents and contact information eligible students of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If (d) Vendor shall cooperate with the information is possible School District and law enforcement to determine at protect the time the notice is provided, then either (1) the date integrity of the breach, (2) the estimated date of the breach, or (3) the date range within which investigations into the breach occurred. The notification shall also include the date or unauthorized release of the noticeConfidential Data.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider (e) Vendor further acknowledges and agrees to have a written incident response plan that
f. At that is consistent with industry standards and Federal and State laws for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Confidential Data or any portion thereof. Upon request, Vendor shall provide a copy of said written incident response plan to the request and with the assistance of the School District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 3 contracts
Samples: Data Privacy Agreement, Data Privacy Agreement, Service Agreement
Data Breach. In the event that LEA’s Student Data or Teacher Data maintained by Provider is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and in accordance with applicable law, taking into consideration the legitimate needs of law enforcement and no later than within ten (10) business days of the incidentfollowing a confirmed data breach. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.”
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section, when applicable.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any, if that information is possible to determine at the time the notice is provided. If not possible at the time of the notice, the Provider will provide the information when available.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data and Teacher Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach as applicable to Provider’s role in the data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach of LEA’s Student Data, Teacher Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictIf required by applicable federal or state law, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized accessdata breach, which notice shall include the information listed in subsections (b) and (c), aboverequired by applicable law.
Appears in 3 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Confidential Data is accessed or obtained by an unauthorized individual, Provider the Town shall provide notification to LEA as soon as practicable the School District without unreasonable delay and no later not more than within ten (10) seven calendar days after the discovery of the incidentsuch breach. Provider The Town shall follow the following process:
a. (a) The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " shall be clear, concise, use language that is plain and easy to understand, and to the extent available, shall present include: a brief description of the breach or unauthorized release; the dates of the incident in the date of discovery; a description of the types of Confidential affected; an estimate of the number of records affected; a brief description of the Town's investigation or plan to investigate; and contact information described herein for representatives who can assist the School District with additional questions.
(b) The Town shall also prepare a statement for parents and eligible students which provides information under the following headingscategories: “"What Happened,” “" "What Information Was Involved,” “When it Occurred,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” Additional information may be provided as "
(c) Where a supplement breach or unauthorized release of Confidential Data is attributed to Contractor, and/or a subcontractor or affiliate of the noticeTown, The Town shall pay for or promptly reimburse the School District for the cost of notification to parents and eligible students of the breach.
b. (d) The security Town shall cooperate with the School District and law enforcement to protect the integrity of investigations into the breach notification described above in section 2(a) shall include, at a minimum, the following information:or unauthorized release of Confidential Data.
i. The name and contact information of the reporting LEA School District subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 3 contracts
Samples: School Information Resource Officer Agreement, School Information Resource Officer Agreement, School Information Resource Officer Agreement
Data Breach. In the event that Student Data or Teacher Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data and Teacher Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data, Teacher Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 3 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In When Operator reasonably suspects and/or becomes aware of a disclosure or security breach concerning any Data covered by this Agreement, Operator shall immediately notify the event that Student Data is accessed or obtained by an unauthorized individualDistrict and take immediate steps to limit and mitigate the damage of such security breach to the greatest extent possible.
a. Subject to the following requirements, Provider the Operator shall provide a security breach notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:LEA.
a. i. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. ii. The security breach notification described above in section 2(a2(a)(i) shall include, at a minimum, the following information:
i. 1. The name and contact information of the reporting LEA subject to this section.
ii2. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii3. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv4. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. 5. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
viiii. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also must include any of the followingat least:
i. 1. Information about what the agency Operator has done to protect individuals whose information has been breached.
ii2. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider 3. Information about the steps the Operator has taken to cure the breach and the estimated timeframe for such cure.
b. Operator agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider c. Operator further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. d. At the request and with the assistance of the DistrictLEA, Provider Operator shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections subsection (ba) and (c), above.
e. The Parties agree that any breach of the privacy and/or confidentiality obligation set forth in the DPA may, at the LEA’s discretion, result in the LEA immediately terminating the Service Agreement and any other agreement for goods and services with Operator. Termination does not absolve the Operator’s responsibility to comply with the disposition procedures of Data.
Appears in 3 contracts
Samples: Data Privacy Agreement, Data Privacy Agreement, Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 3 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.is
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.that
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Samples: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to the LEA as soon as practicable and no later than within ten fifteen (1015) days following Provider’s internal confirmation of a breach that impacts the incidentLEA’s information, unless prohibited from doing so by law enforcement or a regulatory authority, in which case Provider will provide notice promptly in accordance with the circumstances. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.is
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.when
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data or Teacher Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data and Teacher Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data, Teacher Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. a. In the event that Summit Learning becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider Summit Learning shall provide notification notice to LEA the Partner School as soon as practicable and no later than within ten required by the applicable state law (10) days of each, a “Security Incident Notification”).
b. Unless otherwise required by the incident. Provider shall follow applicable law, the following process:
a. The security breach notification Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. c. The security breach notification Security Incident Notification described above in section 2(aSection 5.2(a) shall include, at a minimum, include such information required by the applicable state law and the following information:
i. (i) The name and contact information of the reporting LEA Partner School subject to this section.
(ii. ) A list of the types of personal information Personally Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
(iii. ) If the information is possible to determine known at the time the notice Security Incident Notification is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
(iv. Whether ) Whether, to the knowledge of Summit Learning at the time notice is provided, the notification was delayed as a result of a law enforcement investigationinvestigation or request.
(v) A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. d. At LEASummit Learning’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. (i) Information about what the agency Summit Learning has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
(ii. ) Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in e. To the New Hampshire Data Breach law and in federal law with respect to a data breach related to extent required by the Student Dataapplicable state law, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider Summit Learning shall notify the affected parent, legal guardian or eligible pupil of the unauthorized accessSecurity Incident, which shall include as applicable the information listed in subsections (bc) and (cd), above.
Appears in 2 contracts
Samples: Summit Learning Program Agreement, Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Samples: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Confidential Data is accessed or obtained by an unauthorized individual, Provider The Town shall provide notification to LEA as soon as practicable the School District without unreasonable delay and no later not more than within ten (10) seven calendar days after the discovery of the incidentsuch breach. Provider The Town shall follow the following process:
a. 25.1 The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” shall be clear, concise, use language that is plain and easy to understand, and to the extent available, shall present include: a brief description of the breach or unauthorized release; the dates of the incident in the date of discovery; a description of the types of Confidential affected; an estimate of the number of records affected; a brief description of the Town’s investigation or plan to investigate; and contact information described herein for representatives who can assist the School District with additional questions.
25.2 The Town shall also prepare a statement for parents and eligible students which provides information under the following headingscategories: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as ”
25.3 Where a supplement breach or unauthorized release of Confidential Data is attributed to The Town, and/or a subcontractor or affiliate of The Town, The Town shall pay for or promptly reimburse the noticeSchool District for the cost of notification to parents and eligible students of the breach.
b. 25.4 The security Town shall cooperate with the School District and law enforcement to protect the integrity of investigations into the breach notification described above in section 2(a) shall include, at a minimum, the following information:or unauthorized release of Confidential Data.
i. 25.4.1 The name and contact information of the reporting LEA School District subject to this section.
ii. 25.4.2 A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. 25.4.3 If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. 25.4.4 Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. 25.4.5 A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. 25.4.6 Information about what the agency has done to protect individuals whose information has been breached.
ii. 25.4.7 Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider 25.5 The Town further acknowledges and agrees to have a written incident response plan that
f. At the request that reflects best practices and is consistent with the assistance industry standards and federal and state law for responding to a data breach, breach of the Districtsecurity, Provider shall notify the affected parentprivacy incident or unauthorized acquisition or use of Protected Data or any portion thereof, legal guardian or eligible pupil and agrees to provide Client, upon request, with a copy of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.said written incident response plan
Appears in 2 contracts
Samples: Special Patrol Officer Agreement, Special Patrol Officer Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the verified incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.is
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. i. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all applicable requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that(the “Plan”) that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of PII or any portion thereof, and agrees to provide LEA, upon request, with the material provisions of the Plan and shall make employees available upon reasonable notice and at reasonable times to answer questions of the LEA related to the Plan.
f. At the request and with the assistance of the District, Provider shall notify assist LEA with any legally required notification to the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall may include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, such that the security, confidentiality, or integrity of the Student Data maintained by the Provider is compromised, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding seventy-two (72) hours of confirmation of the incident, unless notification within this time would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable amount of time. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification to users may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a summary of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX.
g. In the event of a breach originating from XXX’s use of the unauthorized accessService, which Provider shall include cooperate with LEA to the information listed in subsections (b) and (c), aboveextent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data on Provider’s systems is accessed or obtained by an unauthorized individualindividuals and the security, confidentiality or integrity of such data is compromised as a result of such unauthorized access, Provider shall provide comply with applicable law in providing notification to LEA as soon as practicable and no later than within ten (10) days of the incidentLEA. As required under applicable data breach notification laws, Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a summary of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Services, Provider shall reasonably cooperate with XXX to the extent necessary to expeditiously secure Student Data at XXX’s expense. XXX shall be responsible for all costs and expenses it incurs as a result of XXX’s complying with its legal obligations, including but not limited to, costs and expenses associated with LEA having to notify affected parties.
Appears in 1 contract
Data Breach. In the event that of a confirmed security incident where Student Data is accessed or obtained by an unauthorized individual, Provider shall provide initial written notification to LEA as soon as practicable and no later than within ten fifteen (1015) days of the incident. Following reasonable investigation, Provider shall follow the following process:will provide a security breach notification to LEA.
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a summary of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall further agrees that it will fully cooperate and assist LEA in LEA’s efforts to notify the affected parent, legal guardian guardian, or eligible pupil of student or the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, if legally permissible, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) 30 thirty days of the knowledge of such incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and to the extent Provider reasonably knows, shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.For
b. The security breach notification described above in section 2(a) shall include, at a minimumminimum to the extent Provider reasonably knows, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number c. With mutual agreement of students and teachers affected by the breach, if any.
c. At LEA’s discretionparties, the security breach notification to LEA’s impacted Pupils may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatpolicy that reflects industry reasonable best practices consistent with applicable federal and state law for responding to a data breach security incident and agrees to provide LEA, upon written request, with a copy of said written incident response plan policy. Provider’s’ Incident Response Plan Policy is the Provider’s confidential information and must be kept in the strictest of
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized accessaccess to Student Data, which shall include the information listed in subsections (b) and (c), above, if required by applicable law.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”) , Provider shall provide notification to LEA as soon as practicable and no later than within ten thirty (1030) days of the incident. incident (each a “Security Incident Notification”) Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. i. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach occurredSecurity Incident
iii. The notification shall also include Whether, to the date knowledge of the notice.
iv. Whether Provider at the time of the Security Incident was provided, the notification was delayed as a result of a law enforcement investigation. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
viiv. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedaffected by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in the New Hampshire Data Breach law and in federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.Security Incident
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a Security Incident of Student Data or any portion thereof, including Personally Identifiable Information (“Incident Response Plan”) and agrees to provide LEA, upon request, with a copy of the Incident Response Plan or a summary of such Incident Response Plan to the extent such Incident Response Plan includes sensitive or confidential information of Provider.
f. At To the request extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider will cooperate with LEA as to the timing and with the assistance content of the Districtnotices to be sent. Except as otherwise required by law, Provider shall notify the affected parent, legal guardian or eligible pupil will not provide notice of the unauthorized accessSecurity Incident directly to individuals whose Personally Identifiable Information was affected, which to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall include not restrict Provider’s ability to provide separate security breach notification to customers, including parents and other individuals with Outside School Accounts to the information listed in subsections (b) and (c), aboveextent that there is a Security Incident with an Outside School Account.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable within a reasonable amount of time of the incident, and no later than within ten not exceeding forty-eight (1048) days hours after the discovery of the incident. Provider shall follow the following process:
a. : The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. a. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. b. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. c. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. d. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding forty eight (48) hours from the discovery thereof. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from LEA's use of the Service.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. In the event that XXX’s Student Data or Teacher Data maintained by Provider is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and in accordance with applicable law, taking into consideration the legitimate needs of law enforcement and no later than within ten (10) business days of the incidentfollowing a confirmed data breach. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section, when applicable.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any, if that information is possible to determine at the time the notice is provided. If not possible at the time of the notice, the Provider will provide the information when available.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data and Teacher Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach as applicable to Provider’s role in the data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach of XXX’s Student Data, Teacher Data or any portion thereof, including personally identifiable information and agrees to share with XXX, upon request, a summary of said written incident response plan.
f. At the request and with the assistance of the DistrictIf required by applicable federal or state law, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized accessdata breach, which notice shall include the information listed in subsections (b) and (c), aboverequired by applicable law.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law law, to the extent applicable, and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.the
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.and
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify assist the District in District’s notification to the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above, including reimbursing the District for reasonable costs incurred therewith.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is known to Provider as having been accessed or obtained by an unauthorized individual, Provider shall provide prompt notification to LEA as soon as practicable and no later than within ten forty-five (1045) calendar days of the discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information, if known:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided, including the number of affected individuals and how the security breach occurred.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
ii1. Advice on steps that the person whose information has been breached may take to protect himself or herself.The credit reporting agencies
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.2. Remediation service providers
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.3. The attorney general
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. For purposes of this section, “data breach” means the unauthorized disclosure of data, unauthorized provision of physical or electronic means of gaining access to data that compromises the security, confidentiality, or integrity of School Student Data, or other unauthorized access, alteration, or use or release of School District Data.
5.5.1 In the event that Student Data is accessed or obtained of a data breach, the Company agrees to the following: (1) notify the School District by an unauthorized individual, Provider shall provide notification to LEA telephone and email as soon as practicable and without unreasonable delay, but no later than within ten 10 days after the determination that a breach has occurred; (102) days at the time notification of the incident. Provider shall follow breach is made, provide the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present School District with the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information for an employee of the reporting LEA subject Company who shall serve as the Company’s primary security contact; (3) assist the School District with any investigation, including interviews with Company employees and review of all relevant records; (4) provide the School District as soon as practicable and without unreasonable delay, and in no case later than fifteen (15) days after notification to this section.
ii. A list the School District that a data breach occurred, the number of students whose covered information is involved in the breach; the date, estimated date, or estimated date range of the types breach; a description of personal the covered information that were was compromised or are reasonably believed to have been compromised in the subject breach; and contact information for the person who parents/guardians may contact at the Company regarding the breach; and (5) assist the School District with any notification the School District deems necessary related to the security breach. The Company agrees to comply with the terms of this Section 5.5.1 regardless of whether the misuse or unauthorized release of School District Data is the result of or constitutes a breachmaterial breach of the Agreement or this Addendum.
iii. If 5.5.2 The Company shall not, unless required by law, provide any notices except to the information is possible to determine School District without prior written permission from the School District.
5.5.3 The Company shall reimburse and indemnify the School District for all costs imposed on the School District or reasonably undertaken by the School District at the time the notice is provided, then either (1) the date of the its discretion associated with a data breach, (2) including but not limited to reimbursement of costs associated with notifying individuals whose information was compromised and notifying required regulatory agencies; fees paid to provide credit monitoring to impacted individuals; legal fees, audit costs, fines, and any other fees or damages reasonably undertaken by or imposed against the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed School District as a result of a law enforcement investigationthe security breach; and any other notifications, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentlegally mandated responses, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected or responses reasonably undertaken by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements School District in the New Hampshire Data Breach law and in federal law with respect to a data breach related response to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges 5.5.4 Except as otherwise required by law or agreed in writing between the parties and agrees excluding student data or any other data that belongs to have a written incident response plan that
f. At the request and with the assistance of the School District, Provider all information provided by Company to the School District pursuant to this Agreement shall notify be treated as Company’s confidential information. The School District agrees that it will disclose such information only to such parties that the affected parentSchool District determines are necessary to assist it in its review and require such parties to enter into non- disclosure agreements or otherwise agree in writing to maintain its confidentiality. To the extent permitted by law, legal guardian or eligible pupil of the unauthorized access, which shall include the School District will withhold such information listed in subsections (b) and (c), abovefrom public disclosure.
Appears in 1 contract
Samples: Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and in no event more than seventy-two (72) hours and consistent with any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s XXX's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to make its head of IT Security available to LEA upon request, to discuss said written
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider's assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to provide legally required notification to parents/families of a data breach not originating from XXX's use of the Service.
g. In the event of a breach originating from XXX's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. For purposes of this section, "data breach" means the unauthorized disclosure of data, unauthorized provision of physical or electronic means of gaining access to data that compromises the security, confidentiality, or integrity of School Student Data, or other unauthorized access, alteration, use or release of School District Data, as well as any other circumstances that could have resulted in such unauthorized disclosure, access, alteration, or use.
5.5.1 In the event that Student Data is accessed or obtained of a data breach, the Company agrees to the following:
(1) notify the School District by an unauthorized individualtelephone and email within the most expedient time possible and without unreasonable delay, Provider shall provide notification to LEA as soon as practicable and but no later than within ten 24 hours after the determination that a breach has occurred; (102) days at the time notification of the incident. Provider shall follow breach is made, provide the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present School District 2872140.1 2/1/21 with the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information for an employee of the reporting LEA subject Company who shall serve as the Company's primary security contact; (3) assist the School District with any investigation, including interviews with Company employees and review of all relevant records; (4) provide the School District within the most expedient time possible and without unreasonable delay, and in no case later than fifteen (15) days after notification to this section.
ii. A list the School District that a data breach occurred, the number of students whose covered information is involved in the breach; the date, estimated date, or estimated date range of the types breach; a description of personal the covered information that were was compromised or are reasonably believed to have been compromised in the subject breach; and contact information for the person who parents/guardians may contact at the Company regarding the breach; and (4) assist the School District with any notification the School District deems necessary related to the security breach. The Company agrees to comply with the terms of this Section 5.5.1 regardless of whether the misuse or unauthorized release of School District Data is the result of or constitutes a breachmaterial breach of the Agreement or this Addendum.
iii. If 5.5.2 The Company shall not, unless required by law, provide any notices except to the information is possible to determine School District without prior written permission from the School District.
5.5.3 The Company shall reimburse and indemnify the School District for all costs imposed on the School District or reasonably undertaken by the School District at the time the notice is provided, then either (1) the date of the its discretion associated with a data breach, (2) including but not limited to reimbursement of costs associated with notifying individuals whose information was compromised and notifying required regulatory agencies; fees paid to provide credit monitoring to impacted individuals; legal fees, audit costs, fines, and any other fees or damages reasonably undertaken by or imposed against the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed School District as a result of a law enforcement investigationthe security breach; and any other notifications, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentlegally mandated responses, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected or responses reasonably undertaken by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements School District in the New Hampshire Data Breach law and in federal law with respect to a data breach related response to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individualindividual as a result of breach of security by Provider, , Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of in accordance with the incidentrequirements 11-49.3-1, et. seq . Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated , including the number of students affected individuals and teachers affected by the breach, if any.
c. At LEA’s discretion, how the security breach notification may also include any of the following:occurred.
i. vii. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
ii1. Advice on steps that the person whose information has been breached may take to protect himself or herself.The credit reporting agencies
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.2. Remediation service providers
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.3. The attorney general
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding seventy-two (72) hours after confirmation that the confidentiality or integrity of the Student Data has been compromised. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Provider has knowledge or a reasonable belief that Student Data is has been accessed or obtained by an unauthorized individualindividual (“Data Breach”), Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) business days of the incidentData Breach. Provider shall follow the following process:
a. The security breach Data Breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” herein, as available. Additional information may be provided as a supplement to the notice.
b. The security breach Data Breach notification described above in section 2(a) shall include, at a minimum, include the following informationinformation as available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information PII that were or are reasonably believed to have been the subject of a breachData Breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachData Breach, (2) the estimated date of the breachData Breach, or (3) the date range within which the breach Data Breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentData Breach, if that information is possible to determine at the time the notice is provided.
vi. The estimated provided including the number of students affected individuals and teachers affected by how the breach, if anysecurity breach occurred.
c. At the LEA’s discretionrequest, the security breach Data Breach notification may to the LEA will also include any of the followingfollowing as it becomes available:
i. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers The attorney general
ii. Advice To the extent required under R.I.G.L., 11-49.3 et. seq, advice on steps that the person whose information has been breached may take to protect himself or herself.
iii. To the extent required under Rhode Island law and with reasonable assistance from the LEA, a clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
d. Provider agrees to adhere to all applicable requirements in the New Hampshire Rhode Island Data Breach law and in federal law with respect to a data breach Data Breach related to the Student DataPII, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachData Breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify reasonably assist the LEA with their legally required notifications to the affected parent, legal guardian or eligible pupil of the unauthorized accessSecurity Breach, which shall include the information listed in subsections (b) and (c), above. The LEA remains ultimately responsible for the timing and content of such legally required notification.
Appears in 1 contract
Data Breach. a. In the event that Summit becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider Summit shall provide notification notice to LEA the Partner School as soon as practicable and no later than within ten required by the applicable state law (10) days of each, a “Security Incident Notification”).
b. Unless otherwise required by the incident. Provider shall follow applicable law, the following process:
a. The security breach notification Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. c. The security breach notification Security Incident Notification described above in section 2(aSection 5.2(a) shall include, at a minimum, include such information required by the applicable state law and the following information:
i. (i) The name and contact information of the reporting LEA Partner School subject to this section.
(ii. ) A list of the types of personal information Personally Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
(iii. ) If the information is possible to determine known at the time the notice Security Incident Notification is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
(iv. Whether ) Whether, to the knowledge of Summit at the time notice is provided, the notification was delayed as a result of a law enforcement investigationinvestigation or request.
(v) A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. d. At LEASummit’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. (i) Information about what the agency Summit has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
(ii. ) Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in e. To the New Hampshire Data Breach law and in federal law with respect to a data breach related to extent required by the Student Dataapplicable state law, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider Summit shall notify the affected parent, legal guardian or eligible pupil of the unauthorized accessSecurity Incident, which shall include the information listed in subsections (bc) and (cd), above.
Appears in 1 contract
Samples: Summit Learning Program Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten thirty (1030) days of confirmation of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
vii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
ii1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
i. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Rhode Island Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) business days of becoming aware of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above, and shall be at LEA’s expense, unless the unauthorized access to the Student Data is the result of Provider’s failure to comply with the terms of this Agreement. For the avoidance of doubt, Provider shall have no liability for any breach incident arising, directly or indirectly, out of the LEA’s access of the services or hosted data using usernames and passwords combinations assigned to LEA or any student, employee, former employee or contractor thereof or any unauthorized access to LEA’s computer systems or network.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident, except in the event of good faith acquisition by an employee or agent to the Provider for business purpose, provided that the Student Data is not used or subject to further unauthorized disclosure. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided, including the number of affected individuals and how the security breach occurred.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. iii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
b. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. . Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. c. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA as soon as practicable and no later than within ten required by the applicable state law (10each a “Security Incident Notification”) days of the incident. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Breach Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.Security Incident
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed as a result of a law enforcement investigation
v. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEAProvider’s discretion, the security breach notification Security Breach Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachSecurity Incident.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At To the request extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider will cooperate with LEA as to the timing and with the assistance content of the Districtnotices to be sent. Except as otherwise required by law, Provider shall notify the affected parent, legal guardian or eligible pupil will not provide notice of the unauthorized accessSecurity Incident directly to individuals whose Personally Identifiable Information was affected, which shall include the information listed in subsections (b) and (c)to regulatory agencies, aboveor to other entities, without first providing written notice to LEA.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide employees at reasonable times to answer the LEA’s questions on the written incident plan..
f. At In the event that a breach is due to the Provider’s failure to comply with the terms of this Agreement, Provider shall, at the request and with the assistance of the DistrictLEA, Provider shall notify assist the LEA in notifying the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), ) above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. b.i. The name and contact information of the reporting LEA subject to this section.
iib.ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iiib.iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
ivb.iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. b.v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. c.i. Information about what the agency has done to protect individuals whose information has been breached.
iic.ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incidentconfirmation of an unauthorized . Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.notifying LEA..
e. Provider further acknowledges and agrees to have has a written incident response plan that
f. At the request for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with the assistance a copy of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), abovesaid written incident response plan.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.when
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.and
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incidenta confirmed incident of unauthorized access. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information information, where available and known to the Provider, described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected c. As agreed upon by the breach, if any.
c. At LEA’s discretionParties, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of Provider becoming aware of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein herein, to the extent known to Provider, under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, to the extent known to Provider, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigationenforcementinvestigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by LEA, Provider shall reimburse LEA for reasonable costs incurred to notify parents/families of a breach not originating from LEA’s use of the Service.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall reasonably cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, and such unauthorized access is caused by the fault of the Provider and not that of LEA or its agents. Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headingsheadings or equivalent organizational structure: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A To the extent feasible, a list of the types of personal information that were or are reasonably believed to have been the subject of a the breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification to the LEA may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects commercially reasonable practices and is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a summary of said written incident response plan.
f. At the request and with the assistance of the DistrictUpon LEA’s written request, Provider shall notify will assist in the notification of the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and to make Xxxx Xxxxxx, Associate Counsel, xxxx.xxxxxx@xxxxxx.xxx available at reasonable times to answer questions related to incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. For purposes of this section, “data breach” means the unauthorized disclosure of data, unauthorized provision of physical or electronic means of gaining access to data that compromises the security,
5.5.1 In the event that Student Data is accessed or obtained of a data breach, the Company agrees to the following:
(1) notify the School District by an unauthorized individualtelephone and email within the most expedient time possible and without unreasonable delay, Provider shall provide notification to LEA as soon as practicable and but no later than within ten 72hours after the determination that a breach has occurred;
(102) days at the time notification of the incident. Provider shall follow breach is made, provide the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present School District with the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information for an employee of the reporting LEA subject Company who shall serve as the Company’s primary security contact;
(3) assist the School District with any investigation, including interviews with Company employees and review of all relevant records;
(4) provide the School District within the most expedient time possible and without unreasonable delay, and in no case later than fifteen (15) days after notification to this section.
ii. A list the School District that a data breach occurred, the number of students whose covered information is involved in the breach; the date, estimated date, or estimated date range of the types breach; a description of personal the covered information that were was compromised or are reasonably believed to have been compromised in the subject breach; and contact information for the person who parents/guardians may contact at the Company regarding the breach; and (4) assist the School District with any notification the School District required by law related to the security breach. The Company agrees to comply with the terms of this Section 5.5.1 regardless of whether the misuse or unauthorized release of School District Data is the result of or constitutes a breachmaterial breach of the Agreement or this Addendum.
iii. If 5.5.2 The Company shall not, unless required by law, provide any notices except to the information School District without prior written permission from the School District.
5.5.3 The Company shall reimburse and indemnify the School District for all costs imposed on the School District or reasonably undertaken by the School District for which the Company is possible to determine the proximate cause at the time the notice is provided, then either (1) the date of the its discretion associated with a data breach, (2) including but not limited to reimbursement of costs associated with notifying individuals whose information was compromised and notifying required regulatory agencies; fees paid to provide credit monitoring to impacted individuals; legal fees, audit costs, fines, and any other fees or damages reasonably undertaken by or imposed against the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed School District as a result of a law enforcement investigationthe security breach; and any other notifications, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentlegally mandated responses, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected or responses reasonably undertaken by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements School District in the New Hampshire Data Breach law and in federal law with respect to a data breach related response to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Data Privacy Addendum
Data Breach. In the event that unencrypted Student Data is accessed or obtained by an unauthorized individual, in accordance with applicable law, Provider shall provide notification agrees to notify the LEA as soon as practicable and no later than within ten fifteen (1015) days following Provider’s internal confirmation of a breach that impacts the incidentLEA’s unencrypted information, unless prohibited from doing so by law enforcement or a regulatory authority, in which case Provider will provide notice promptly in accordance with the circumstances. Unless the applicable law of an impacted user’s state of resident provides otherwise, Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was InvolvedInvolved and the Number of Students and Teachers Affected,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. It shall include all the information required under RSA 189:66(III)(b).
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all applicable state and federal requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. c. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to make employees available at reasonable times to discuss the written incident plan.
f. d. At the request and with the assistance of the District, Provider shall provide reasonable assistance to the District notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding seventy-two forty-eight (48 72) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a copy of said written incident response plan.
f. At The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests the request Provider’s assistance providing notice of unauthorized access, and with such assistance is not unduly burdensome to the assistance of Provider, the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, the Provider shall cooperate with XXX to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data or Teacher Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all applicable requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data and Teacher Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of Provider becoming aware of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, and agrees to make staff available at reasonable times to answer questions of the LEA on the written incident plan. .
f. At the request If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of becoming aware of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.date
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from LEA’s use of the Service.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of the unauthorized access, which and such assistance is not
g. In the event of a breach originating from LEA’s use of the Service, Provider shall include cooperate with LEA to the information listed in subsections (b) and (c), above.extent necessary to expeditiously secure Student Data. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of knowledge of the incident, and not exceeding forty-eight (48) hours. Provider shall follow its data incident process which is substantially similar to and contains substantially similar information (provided such information is available at the time of notice) as in the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to review with XXX via teleconference, upon request, said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include substantially similar information as the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach caused by Provider’s or Provider’s subcontractors’ breach of this DPA.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data at XXX’s expense.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.and
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a summary of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident., and not exceeding seventy-two (72 hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:information if applicable, to the extent known and without violating Provider’s confidentiality obligations
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. c. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, The Provider shall notify the affected is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA.
g. In the event of a breach originating from LEA’s use of the unauthorized accessService, which the Provider shall include cooperate with LEA to the information listed in subsections (b) and (c), aboveextent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA as soon as practicable and required by the applicable state law, but in no event later than within ten Seventy Two (1072) days hours of the incident. incident (each a “Security Incident Notification”) Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a5.2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information, to the extent available:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed as a result of a law enforcement investigation
v. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachSecurity Incident.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a Security Incident involving Student Data or any portion thereof, including Personally Identifiable Information (“Incident Response Plan”) and agrees to provide LEA, upon request, with a copy of the Incident Response Plan or a summary of such Incident Response Plan to the extent such plan includes sensitive or confidential information of Provider.
f. At To the request extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider will cooperate with XXX as to the timing and with the assistance content of the Districtnotices to be sent. Except as otherwise required by law, Provider shall notify the affected parent, legal guardian or eligible pupil will not provide notice of the unauthorized accessSecurity Incident directly to individuals whose Personally Identifiable Information was affected, which to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall include the information listed in subsections (b) not restrict Provider’s ability to provide separate security breach notification to customers, including parents and (c), aboveother individuals with Outside School Accounts.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. Notwithstanding the foregoing, Provider will not be responsible for such notification procedures and requirements if such data breach was caused by or due to the actions or inactions of the District or any third party application developer.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above, if such data breach was directly caused by Provider.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten thirty (1030) days of confirmation of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected breach of security resulting in an unauthorized release or disclosure of or access to Student Data is accessed by Provider or obtained by an unauthorized individualits assignees in violation of applicable state of federal law, the Parents Bill of Rights, or the data privacy and security policies of the LEA which have been previously provided to Provider (a “Security Incident”), Provider shall provide notification to LEA as soon as practicable required by the applicable state law, and in the most expedient way possible and without unreasonable delay, but in no event later than within ten seven (107) calendar days of the incidentincident (each a “Security Incident Notification”).The LEA shall, upon notification by the Provider, be required to report to the Chief Privacy Officer, who is appointed by the State Education Department, any such breach of security and unauthorized release of such data. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a5.2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information, to the extent available:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed as a result of a law enforcement investigation
v. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breached.
breached by the Security Incident. ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachSecurity Incident.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a Security Incident involving Student Data or any portion thereof, including Personally Identifiable Information (“Incident Response Plan”) and agrees to provide LEA, upon request, with a copy of the Incident Response Plan or a summary of such Incident Response Plan to the extent such plan includes sensitive or confidential information of Provider.
f. At To the request extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider will cooperate with XXX as to the timing and with the assistance content of the Districtnotices to be sent. Except as otherwise required by law, Provider shall notify the affected parent, legal guardian or eligible pupil will not provide notice of the unauthorized accessSecurity Incident directly to individuals whose Personally Identifiable Information was affected, which to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall include the information listed in subsections (b) not restrict Provider’s ability to provide separate security breach notification to customers, including parents and (c), aboveother individuals with Outside School Accounts.
g. Education Law 2-d additional requirements regarding Security Incident Notifications:
Appears in 1 contract
Samples: Student Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten thirty (1030) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.is
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Personally Identifiable Information from Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the reasonable assistance of the DistrictProvider, Provider LEA shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s XXX's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days confirmation of the incidenta breach days of a confirmed incident of unauthorized access. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein information, where available and known to the Provider, under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected c. As agreed upon by the breach, if any.
c. At LEA’s discretionParties, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In Except for unauthorized access by LEA, in the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding seven (7) days. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigationenforcementinvestigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If requested by LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from LEA’s use of the unauthorized accessService.
g. In the event of a breach originating from LEA’s use of the Service, which Provider shall include cooperate with LEA to the information listed in subsections (b) and (c), aboveextent necessary to expeditiously secure StudentData.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding forty eight (48) hours of confirmation of such breach. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by LEA, Provider shall reimburse LEA for reasonable costs incurred to notify parents/families of a breach not originating from LEA's use of the Service.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable within a reasonable amount of time of the incident, and no later than not exceeding forty-eight (48) hours, unless notification within ten (10) days this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to the LEA as soon as practicable and no later than within ten thirty (1030) days of the Provider’s knowledge of such incident. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At the LEA’s reasonable discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all applicable requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan thatthat is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof and agrees to provide the LEA, upon written request, with a copy of said written incident response plan.
f. At Solely as required under applicable laws, and at the reasonable written request and with the assistance of the DistrictLEA, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, and such unauthorized access is caused by the fault of the Provider and not that of LEA or its agents. Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headingsheadings or equivalent organizational structure: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.More
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A To the extent feasible, a list of the types of personal information that were or are reasonably believed to have been the subject of a the breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification to the LEA may also include any of the following:of
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects commercially reasonable practices and is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a summary of said written incident response plan.
f. At the request and with the assistance of the DistrictUpon LEA’s written request, Provider shall notify will assist in the notification of the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA as soon as practicable and no later than within ten thirty (1030) days of the incident. incident (each a “Security Incident Notification”) Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. i. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iviii. Whether Whether, to the knowledge of the Provider at the time of the Security Incident was provided, the notification was delayed as a result of a law enforcement investigation. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of iv. What the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.impacted by the Security Incident, including toll free numbers and websites to contact:
ii1. Advice on steps that the person whose information has been breached may take to protect himself or herself.The credit reporting agencies
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.2. Remediation service providers
e. Provider further acknowledges and agrees to have a written incident response plan that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.3. The attorney general
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process, when technically practicable:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the Tthe security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.,
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon written request, with a copy sumary of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for actual costs incurred to notify parents/families of a breach not originating from XXX’s use of the Service which is solely attributed to Provider’s negligence or omission.
g. In the event of a breach originating from XXX’s use of the Service, Provider shall reasonably cooperate with XXX to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individualindividuaL, Provider shall shaLL provide notification to LEA as soon as practicable and no later than within ten (10) days a reasonabLe amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow shaLL foLLow the following foLLowing process:
a. The security breach notification shall shaLL be written in plain languagepLain Language, shall shaLL be titled “titLed "Notice of Data Breach,” " and shall shaLL present the information infiormation described herein under the following foLLowing headings: “"What Happened,” “" "What Information Infiormation Was InvolvedInvoLved,” “When it Occurred,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More InformationInfiormation.” Additional " AdditionaL information may be provided as a supplement suppLement to the notice.
b. The security breach notification described above in section 2(a) shall includeshaLL incLude, at a minimum, the following foLLowing information:
i. The name and contact information infiormation of the reporting LEA subject to this section.
ii. A list List of the types of personal personaL information that were or are reasonably believed reasonabLy beLieved to have been the subject of a breach.
iii. If the information infiormation is possible possibLe to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which wțich the breach occurred. The notification shall also include shaLL aLso incLude the date of the notice.
iv. Whether the notification was delayed deLayed as a result resuLt of a law Law enforcement investigation, if that information is possible possibLe to determine at the time the notice is provided.
v. A general generaL description of the breach incident, if that information infiormation is possible possibLe to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s XXX's discretion, the security breach notification may also include aLso incLude any of the followingfoLLowing:
i. Information about what the agency has done to protect individuals individuaLs whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself himseLf or herselfherseLf.
d. Provider agrees to adhere to all aLL requirements in the New Hampshire Data Breach law appLicabLe State and in federal law federaL Law with respect to a data breach related reLated to the Student Data, includingincLuding, when appropriate or required, the required responsibilities responsibiLities and procedures for notification and mitigation of any such data breach.
e. Provider further hrther acknowledges and agrees to have a written incident response plan thattfiat reflects best practices and is consistent wiṭh industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable infiormation and agrees to provideLEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited 3om directly contacting parent, legal guardian or eligible pupil unless expressly requested by XXX. If XXX requests Provider's assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by XXX, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating 3om XXX's use of the Service.
g. In the event of a breach originating 3om XXX's use of the Service, Provider shall cooperate wiṭhLEA to the extent necessary to expeditiously secure Student Data. Provider may, by signing the attached Form of General Offer of Privacy Terms (General Offer, attached hereto as Exhibit "E"), be bound by the terms of this DPA to any other LEA who signs the acceptance on in said Exhibit.The Form is limited by the terms and conditions described therein.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within ten fifteen (1015) days of Provider’s reasonable knowledge of the incidentoccurrence of a breach of PII. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information PII that were or are reasonably believed to have been the subject of a breach.
iii. If the information breached PII is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the New Hampshire Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. d. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. e. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Samples: Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected breach of security resulting in an unauthorized release or disclosure of or access to Student Data is accessed by Provider or obtained by an unauthorized individualits assignees in violation of applicable state of federal law, the Parents Bill of Rights, or the data privacy and security policies of the LEA which have been previously provided to Provider (a “Security Incident”), Provider shall provide notification to LEA as soon as practicable required by the applicable state law, and in the most expedient way possible and without unreasonable delay, but in no event later than within ten seven (107) calendar days of the incidentincident (each a “Security Incident Notification”).The LEA shall, upon notification by the Provider, be required to report to the Chief Privacy Officer, who is appointed by the State Education Department, any such breach of security and unauthorized release of such data. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a5.2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information, to the extent available:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed as a result of a law enforcement investigation
v. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in the New Hampshire Data Breach law applicable State and in federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.Security Incident. Commented [A11]: Language here addresses §2-d(6) and Part
e. Provider further acknowledges and agrees to have a written incident response plan thatthat reflects best practices and is consistent with industry standards and federal and state law for responding to a Security Incident involving Student Data or any portion thereof, including Personally Identifiable Information (“Incident Response Plan”) and agrees to provide LEA, upon request, with a copy of the Incident Response Plan or a summary of such Incident Response Plan to the extent such plan includes sensitive or confidential information of Provider.
f. At To the request extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider will cooperate with XXX as to the timing and with the assistance content of the Districtnotices to be sent. Except as otherwise required by law, Provider shall notify the affected parent, legal guardian or eligible pupil will not provide notice of the unauthorized accessSecurity Incident directly to individuals whose Personally Identifiable Information was affected, which to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall include the information listed in subsections (b) not restrict Provider’s ability to provide separate security breach notification to customers, including parents and (c), aboveother individuals with Outside School Accounts.
g. Education Law 2-d additional requirements regarding Security Incident Notifications:
Appears in 1 contract
Samples: Student Data Privacy Addendum
