Data Breaches. Contractor shall notify the School District in writing as soon as commercially practicable, however no later than forty-eight (48) hours, after Contractor has either actual or constructive knowledge of a breach which affects the School District’s Data (an “Incident”) unless it is determined by law enforcement that such notification would impede or delay their investigation. Contractor shall have actual or constructive knowledge of an Incident if Contractor actually knows there has been an Incident or if Contractor has reasonable basis in facts or circumstances, whether acts or omissions, for its belief that an Incident has occurred. The notification required by this section shall be made as soon as commercially practicable after the law enforcement agency determines that notification will not impede or compromise the investigation. Contractor shall cooperate with law enforcement in accordance with applicable law provided however, that such cooperation shall not result in or cause an undue delay to remediation of the Incident. Contractor shall promptly take appropriate action to mitigate such risk or potential problem at Contractor’s or OPERATOR’s expense. In the event of an Incident, Contractor shall, at its sole cost and expense, restore the Confidential Information, to as close its original state as practical, including, without limitation any and all Data, and institute appropriate measures to prevent any recurrence of the problem as soon as is commercially practicable. Contractor will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Contractor will also have a written incident response plan, to include prompt notification of the District in the event of a security or privacy incident, as well as best practices for responding to a breach of PII.
Data Breaches. 4.1 Data Processor does not guarantee that its security measures shall be effective under all circumstances. If Data Processor discovers a data breach within the meaning of Article 4 sub 12 of the GDPR, it shall notify Client without undue delay. The "Data Breach Protocol" section of the Data Pro Statement outlines the way in which Data Processor shall notify Client of data breaches.
4.2 It is up to the Controller (the Client or its customer) to assess whether the data breach of which Data Processor has notified the Controller must be reported to the Dutch Data Protection Authority or to the Data Subject concerned. The Controller (Client or its customer) shall at all times remain responsible for reporting data breaches which must be reported to the Dutch Data Protection Authority and/or Data Subjects pursuant to Articles 33 and 34 of the GDPR. Data Processor is not obliged to report data breaches to the Dutch Data Protection Authority and/or to the Data Subject.
4.3 Where necessary, Data Processor shall provide further information on the data breach and shall assist Client to meet its breach notification requirements within the meaning of Articles 33 and 34 of the GDPR by providing all the necessary information available to Data Processor.
4.4 If Data Processor incurs any reasonable costs in doing so, it is entitled invoice Client for these, at the rates applicable at the time.
Data Breaches. 4.1 The Data Processor does not guarantee that its security measures will be effective under all conditions. If the Data Processor discovers a data breach within the meaning of Article
Data Breaches. A. Upon the discovery by the Contractor of a breach of security that results in the unauthorized release, disclosure, or acquisition of student data, the Contractor will comply with the breach notice requirements of Public Act 16189 (“Initial Notice”). The Initial Notice shall be delivered to the Board by electronic mail to the SysAdmins xxxxxxxxxxxx@xxxxxxxxxxxxx.xxx and shall include the following information, to the extent known at the time of notification:
1. Date and time of the breach;
2. Names of student(s) whose student data was released, disclosed or acquired;
3. The nature and extent of the breach;
4. The Contractor’s proposed plan to investigate and remediate the breach.
B. Upon discovery by the Contractor of a breach, the Contractor shall conduct an investigation and restore the integrity of its data systems and, without unreasonable delay, but not later than thirty (30) days after discovery of the breach, shall provide the Board with a more detailed notice of the breach, including but not limited to the date and time of the breach; name(s) of the student(s) whose student data was released, disclosed or acquired; nature and extent of the breach; and measures taken to ensure that such a breach does not occur in the future.
C. The Contractor agrees to cooperate with the Board with respect to investigation of the breach and to reimburse the Board for costs associated with responding to the breach, including but not limited to the costs relating to notifications as required by Public Act 16189.
D. Notwithstanding the breach notifications required in this Article, the Contractor shall provide the Board with a copy of the notification that it provides to a student or the parents or guardians of such student pursuant to Public Act 16189. The copy of such notice shall be provided to the Board by electronic mail on the same date that it is provided to the student or parents or guardians of such student. The Parties agree that the following information shall be included in the Contractor’s notice of breach to a student or parent or guardian of a student:
1. Name of the student being notified whose student data was released, disclosed or acquired, which shall not include the names of other students;
Data Breaches. A. Upon the discovery by the Contractor of a confirmed breach of security that results in the unauthorized release, disclosure, or acquisition of student data, the Contractor shall provide initial notice to the Board as soon as reasonably possible, after such discovery (“Initial Notice”). The Initial Notice shall be delivered to the Board by electronic mail to Superintendent Xxxxxxx X. Xxxx, xxxxx@xxxxxxxxxxxx.xxx or to the contact currently on file and shall include the following information, to the extent known at the time of notification:
1. Date and time of the breach;
2. Names of student(s) whose student data was released, disclosed or acquired;
3. The nature and extent of the breach;
4. The Contractor’s proposed plan to investigate and remediate the breach.
B. Upon discovery by the Contractor of a confirmed breach, the Contractor shall conduct an investigation and restore the integrity of its data systems and, without unreasonable delay, but not later than thirty (30) days after discovery of the breach, shall provide the Board with a more detailed notice of the breach, including but not limited to the date and time of the breach; name(s) of the student(s) whose student data was released, disclosed or acquired; nature and extent of the breach; and measures taken to ensure that such a breach does not occur in the future.
C. The Contractor agrees to cooperate with the Board with respect to investigation of the breach and to reimburse the Board for actual documented costs legally required of the Board associated with responding to the breach if caused by the Contractor as required by Public Act 16-189.
D. 1. Data was released, disclosed or acquired, names of other students;
Data Breaches. 5.1 In respect of each Shared Data Breach, each Party shall:
(a) promptly notify the other Party of the Shared Data Breach;
(b) provide the other Party without undue delay (wherever possible, no later than 48 hours after becoming aware of the Shared Data Breach) with such details as the other Party reasonably requires regarding the Shared Personal Data.
5.2 To the extent permitted by applicable laws, neither Party shall:
(a) notify a supervisory or regulatory authority of any Shared Data Breach;
(b) issue a public statement or otherwise notify any Data Subject of such Shared Data Breach, without first consulting with, and obtaining the consent (not to be unreasonably withheld or delayed) of, the other Party.
Data Breaches. Party shall report to AHS, though its Chief Information Officer (CIO), any impermissible use or disclosure that compromises the security, confidentiality or privacy of any form of protected personal information identified above within 24 hours of the discovery of the breach. Party shall in addition comply with any other data breach notification requirements required under federal or state law.
Data Breaches. A. Upon the discovery by the Contractor of a breach of security that results in the unauthorized release, disclosure, or acquisition of student data, or the suspicion that such a breach may have occurred, the Contractor shall provide initial notice to the Board as soon as possible, but not more than forty-eight (48) hours after such discovery (“Initial Notice”). The Initial Notice shall be delivered to the Board by electronic mail to Xxxxxx Xxxxxxx (xxxxxxxx@xxxxxxx.x00.xx.
Data Breaches. 5.1 Reveal shall notify in writing Customer, without undue delay, after becoming aware of any breach of security of Personal Data resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data transmitted, stored or otherwise processed.
5.2 Reveal shall provide Customer with all reasonable assistance in investigating and mitigating the impact of any such Data Breach. Reveal will also provide all reasonable assistance to Customer in relation to its obligations to providing adequate notifications to the relevant Supervisory Authorities and affected Data Subjects.
Data Breaches. The User agrees that in the event CMS determines or has a reasonable belief that the User has made or may have made a use, reuse or disclosure of the aforesaid file(s) that is not authorized by this Agreement or another written authorization from the CMS signatory in section 20 below, CMS, at its sole discretion, may require the User to:
(a) Promptly investigate and report to CMS the User’s determinations regarding any alleged or actual unauthorized use, reuse or disclosure;
(b) Promptly resolve any problems identified by the investigation;
(c) Submit a formal response to an allegation of unauthorized use, reuse or disclosure;
(d) Submit a corrective action plan with steps designed to prevent any future unauthorized uses, reuses or disclosures; and
(e) Return data files to CMS or destroy the data files it received from CMS under this agreement. The User understands that as a result of CMS’ determination or reasonable belief that unauthorized uses, reuses or disclosures have taken place, CMS may refuse to release further CMS data to the User for a period of time to be determined by CMS. The User agrees to report within one (1) hour, any breach of personally identifiable information (PII) from the CMS data file(s), loss of these data or disclosure to any unauthorized persons to the CMS IT Service Desk by telephone at (000) 000-0000 or by e-mail notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx and to cooperate fully in the federal security incident process. While CMS retains all ownership rights to the data file(s), as outlined in section 3 above, the User shall bear the cost and liability for any breaches of PII from the data file(s), or as applicable any derivative file(s), while they are entrusted to the User. Furthermore, if CMS determines that the risk of harm requires notification of affected individual persons of the security breach and/or other remedies, the User agrees to carry out these remedies without cost to CMS.