Common use of Data Breaches Clause in Contracts

Data Breaches. The User agrees that in the event CMS determines or has a reasonable belief that the User has made or may have made a use, reuse or disclosure of the aforesaid file(s) that is not authorized by this Agreement or another written authorization from the CMS signatory in section 20 below, CMS, at its sole discretion, may require the User to: (a) Promptly investigate and report to CMS the User’s determinations regarding any alleged or actual unauthorized use, reuse or disclosure; (b) Promptly resolve any problems identified by the investigation; (c) Submit a formal response to an allegation of unauthorized use, reuse or disclosure; (d) Submit a corrective action plan with steps designed to prevent any future unauthorized uses, reuses or disclosures; and (e) Return data files to CMS or destroy the data files it received from CMS under this agreement. The User understands that as a result of CMS’ determination or reasonable belief that unauthorized uses, reuses or disclosures have taken place, CMS may refuse to release further CMS data to the User for a period of time to be determined by CMS. The User agrees to report within one (1) hour, any breach of personally identifiable information (PII) from the CMS data file(s), loss of these data or disclosure to any unauthorized persons to the CMS IT Service Desk by telephone at (000) 000-0000 or by e-mail notification at xxx_xx_xxxxxxx_xxxx@xxx.xxx.xxx and to cooperate fully in the federal security incident process. While CMS retains all ownership rights to the data file(s), as outlined in section 3 above, the User shall bear the cost and liability for any breaches of PII from the data file(s), or as applicable any derivative file(s), while they are entrusted to the User. Furthermore, if CMS determines that the risk of harm requires notification of affected individual persons of the security breach and/or other remedies, the User agrees to carry out these remedies without cost to CMS.