Common use of Data Incident Response Clause in Contracts

Data Incident Response. Vendor shall maintain documented policies and procedures for Data Incident and breach reporting, notification, and mitigation. If Vendor becomes aware of any Data Incident, it shall notify Xxxxxxxx immediately and cooperate with Xxxxxxxx regarding recovery, remediation, and the necessity to involve law enforcement, as determined by Thornton. If there is a Data Incident impacting residents of Colorado or any other jurisdiction, Vendor shall cooperate with Thornton to satisfy notification requirements as currently defined in either federal, state, or local law. Unless Vendor can establish that neither Vendor nor any of its agents, employees, assigns or Subcontractors are the cause or source of the Data Incident, Vendor shall be responsible for the cost of notifying each person who may have been impacted by the Data Incident as required by law. After a Data Incident, Vendor shall take steps to reduce the risk of incurring a similar type of Data Incident in the future as directed by Xxxxxxxx, which may include, but is not limited to, developing and implementing a remediation plan that is approved by Xxxxxxxx at no additional cost to Xxxxxxxx. Vendor shall report, either orally or in writing, to Xxxxxxxx any Data Incident involving City Data, or circumstances that could have resulted in unauthorized access to, disclosure, or use of City Data, not authorized by this Agreement or in writing by Xxxxxxxx, including any reasonable belief that an unauthorized individual has accessed City Data. Vendor shall make the report to Xxxxxxxx immediately upon discovery of the unauthorized disclosure, but in no event more than forty-eight (48) hours after Vendor reasonably believes there has been such unauthorized use or disclosure. Oral reports by Vendor regarding Data Incidents will be reduced to writing and supplied to Xxxxxxxx as soon as reasonably practicable, but in no event more than forty-eight (48) hours after oral report. Immediately upon becoming aware of any such Data Incident, Vendor shall fully investigate the circumstances, extent and causes of the Data Incident, and report the results to Xxxxxxxx and continue to keep Xxxxxxxx informed daily of the progress of its investigation until the issue has been effectively resolved. Vendor’s report discussed herein shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the data used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure (if known), (iv) what Vendor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action Vendor has taken or shall take to prevent future similar unauthorized use or disclosure. Within five (5) Calendar Days of the date the Vendor becomes aware of any such Data Incident, the Vendor shall have completed implementation of corrective actions to remedy the Data Incident, restore Xxxxxxxx’x access to the Services as directed by Xxxxxxxx, and prevent further similar unauthorized use or disclosure. Vendor, at its expense, shall cooperate fully with Xxxxxxxx’x investigation of and response to any such Data Incident. Except as otherwise required by law, Vendor will not disclose or otherwise provide notice of the incident directly to any person, regulatory agencies, or other entities, without prior written permission from Xxxxxxxx. Notwithstanding any other provision of this Agreement, and in addition to any other remedies available to Xxxxxxxx under law or equity, Vendor will promptly reimburse Xxxxxxxx in full for all costs incurred by Xxxxxxxx in any investigation, remediation or litigation resulting from any such Data Incident, including but not limited to, providing notification to Third Parties whose data were compromised and to regulatory bodies, law-enforcement agencies or other entities as required by law or contract; establish and monitor call center(s), and credit monitoring and/or identity restoration services to assist each person impacted by a Data Incident in such a fashion that, in Xxxxxxxx’x sole discretion, could lead to identity theft; and the payment of legal fees and expenses, audit costs, fines and penalties, and other fees imposed by regulatory agencies, courts of law, or contracting partners as a result of the Data Incident.

Data Incident Response. Vendor shall maintain documented policies and procedures for Data Incident and breach reporting, notification, and mitigation. If Vendor becomes aware of any Data Incident, it shall notify Xxxxxxxx immediately and cooperate with Xxxxxxxx regarding recovery, remediation, and the necessity to involve law enforcement, as determined by ThorntonXxxxxxxx. If there is a Data Incident impacting residents of Colorado or any other jurisdiction, Vendor shall cooperate with Thornton Xxxxxxxx to satisfy notification requirements as currently defined in either federal, state, or local law. Unless Vendor can establish that neither Vendor nor any of its agents, employees, assigns or Subcontractors are the cause or source of the Data Incident, Vendor shall be responsible for the cost of notifying each person who may have been impacted by the Data Incident as required by law. After a Data Incident, Vendor shall take steps to reduce the risk of incurring a similar type of Data Incident in the future as directed by Xxxxxxxx, which may include, but is not limited to, developing and implementing a remediation plan that is approved by Xxxxxxxx at no additional cost to Xxxxxxxx. Vendor shall report, either orally or in writing, to Xxxxxxxx any Data Incident involving City Data, or circumstances that could have resulted in unauthorized access to, disclosure, or use of City Data, not authorized by this Agreement or in writing by Xxxxxxxx, including any reasonable belief that an unauthorized individual has accessed City Data. Vendor shall make the report to Xxxxxxxx immediately upon discovery of the unauthorized disclosure, but in no event more than forty-eight (48) hours after Vendor reasonably believes there has been such unauthorized use or disclosure. Oral reports by Vendor regarding Data Incidents will be reduced to writing and supplied to Xxxxxxxx as soon as reasonably practicable, but in no event more than forty-eight (48) hours after oral report. Immediately upon becoming aware of any such Data Incident, Vendor shall fully investigate the circumstances, extent and causes of the Data Incident, and report the results to Xxxxxxxx and continue to keep Xxxxxxxx informed daily of the progress of its investigation until the issue has been effectively resolved. Vendor’s report discussed herein shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the data used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure (if known), (iv) what Vendor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action Vendor has taken or shall take to prevent future similar unauthorized use or disclosure. Within five (5) Calendar Days of the date the Vendor becomes aware of any such Data Incident, the Vendor shall have completed implementation of corrective actions to remedy the Data Incident, restore Xxxxxxxx’x access to the Services as directed by Xxxxxxxx, and prevent further similar unauthorized use or disclosure. Vendor, at its expense, shall cooperate fully with Xxxxxxxx’x investigation of and response to any such Data Incident. Except as otherwise required by law, Vendor will not disclose or otherwise provide notice of the incident directly to any person, regulatory agencies, or other entities, without prior written permission from Xxxxxxxx. Notwithstanding any other provision of this Agreement, and in addition to any other remedies available to Xxxxxxxx under law or equity, Vendor will promptly reimburse Xxxxxxxx in full for all costs incurred by Xxxxxxxx in any investigation, remediation or litigation resulting from any such Data Incident, including but not limited to, providing notification to Third Parties whose data were compromised and to regulatory bodies, law-enforcement agencies or other entities as required by law or contract; establish and monitor call center(s), and credit monitoring and/or identity restoration services to assist each person impacted by a Data Incident in such a fashion that, in Xxxxxxxx’x sole discretion, could lead to identity theft; and the payment of legal fees and expenses, audit costs, fines and penalties, and other fees imposed by regulatory agencies, courts of law, or contracting partners as a result of the Data Incident.

Data Incident Response. 1. Vendor shall maintain documented policies and procedures for Data Incident and breach reporting, notification, and mitigation. If Vendor becomes aware of any Data Incident, it shall notify Xxxxxxxx immediately and cooperate with Xxxxxxxx regarding recovery, remediation, and the necessity to involve law enforcement, as determined by ThorntonXxxxxxxx. If there is a Data Incident impacting residents of Colorado or any other jurisdiction, Vendor shall cooperate with Thornton Xxxxxxxx to satisfy notification requirements as currently defined in either federal, state, or local law. Unless Vendor can establish that neither Vendor nor any of its agents, employees, assigns or Subcontractors are the cause or source of the Data Incident, Vendor shall be responsible for the cost of notifying each person who may have been impacted by the Data Incident as required by law. After a Data Incident, Vendor shall take steps to reduce the risk of incurring a similar type of Data Incident in the future as directed by Xxxxxxxx, which may include, but is not limited to, developing and implementing a remediation plan that is approved by Xxxxxxxx at no additional cost to Xxxxxxxx. 2. Vendor shall report, either orally or in writing, to Xxxxxxxx any Data Incident involving City Data, or circumstances that could have resulted in unauthorized access to, disclosure, or use of City Data, not authorized by this Agreement or in writing by Xxxxxxxx, including any reasonable belief that an unauthorized individual has accessed City Data. Vendor shall make the report to Xxxxxxxx immediately upon discovery of the unauthorized disclosure, but in no event more than forty-eight (48) hours after Vendor reasonably believes there has been such unauthorized use or disclosure. Oral reports by Vendor regarding Data Incidents will be reduced to writing and supplied to Xxxxxxxx as soon as reasonably practicable, but in no event more than forty-eight (48) hours after oral report. 3. Immediately upon becoming aware of any such Data Incident, Vendor shall fully investigate the circumstances, extent and causes of the Data Incident, and report the results to Xxxxxxxx and continue to keep Xxxxxxxx informed daily of the progress of its investigation until the issue has been effectively resolved. 4. Vendor’s report discussed herein shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the data used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure (if known), (iv) what Vendor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action Vendor has taken or shall take to prevent future similar unauthorized use or disclosure. 5. Within five (5) Calendar Days of the date the Vendor becomes aware of any such Data Incident, the Vendor shall have completed implementation of corrective actions to remedy the Data Incident, restore Xxxxxxxx’x access to the Services as directed by Xxxxxxxx, and prevent further similar unauthorized use or disclosure. 6. Vendor, at its expense, shall cooperate fully with Xxxxxxxx’x investigation of and response to any such Data Incident. 7. Except as otherwise required by law, Vendor will not disclose or otherwise provide notice of the incident directly to any person, regulatory agencies, or other entities, without prior written permission from Xxxxxxxx. 8. Notwithstanding any other provision of this Agreement, and in addition to any other remedies available to Xxxxxxxx under law or equity, Vendor will promptly reimburse xxxxxxxxx Xxxxxxxx in full for all costs incurred by Xxxxxxxx in any investigation, remediation or litigation resulting from any such Data Incident, including but not limited to, providing notification to Third Parties whose data were compromised and to regulatory bodies, law-enforcement agencies or other entities as required by law or contract; establish and monitor call center(s), and credit monitoring and/or identity restoration services to assist each person impacted by a Data Incident in such a fashion that, in Xxxxxxxx’x sole discretion, could lead to identity theft; and the payment of legal fees and expenses, audit costs, fines and penalties, and other fees imposed by regulatory agencies, courts of law, or contracting partners as a result of the Data Incident.

Data Incident Response. Vendor 10.1 The Contractor shall maintain documented policies and procedures for Data Incident and breach reporting, notification, and mitigation. If Vendor the Contractor becomes aware of any Data Incident, it shall notify Xxxxxxxx the City immediately and cooperate with Xxxxxxxx the City regarding recovery, remediation, and the necessity to involve law enforcement, as determined by Thorntonthe City. If there is a Data Incident impacting residents of Colorado or any other jurisdictionCity Data, Vendor the Contractor shall cooperate with Thornton the City to satisfy notification requirements as currently defined in either federal, state, or local law. Unless Vendor Contractor can establish that neither Vendor nor none of Contractor or any of its agents, employees, assigns or Subcontractors are the cause or source of the Data Incident, Vendor Contractor shall be responsible for the cost of notifying each person who may have been impacted by the Data Incident as required by lawIncident. After a Data Incident, Vendor Contractor shall take steps to reduce the risk of incurring a similar type of Data Incident in the future as directed by Xxxxxxxxthe City, which may include, but is not limited to, developing and implementing a remediation plan that is approved by Xxxxxxxx the City at no additional cost to Xxxxxxxx. Vendor the City. 10.2 Contractor shall report, either orally or in writing, to Xxxxxxxx City any Data Incident involving City Data, or circumstances that could have resulted in unauthorized access to, disclosure, to or disclosure or use of City Data, not authorized by this Agreement or in writing by XxxxxxxxCity, including any reasonable belief that an unauthorized individual has accessed City Data. Vendor Contractor shall make the report to Xxxxxxxx City immediately upon discovery of the unauthorized disclosure, but in no event more than forty-eight (48) hours after Vendor Contractor reasonably believes there has been such unauthorized use or disclosure. Oral reports by Vendor Contractor regarding Data Incidents will be reduced to writing and supplied to Xxxxxxxx City as soon as reasonably practicable, but in no event more than forty-forty- eight (48) hours after oral report. . 10.3 Immediately upon becoming aware of any such Data Incident, Vendor Contractor shall fully investigate the circumstances, extent and causes of the Data Incident, and report the results to Xxxxxxxx City and continue to keep Xxxxxxxx City informed daily of the progress of its investigation until the issue has been effectively resolved. Vendor. 10.4 Contractor’s report discussed herein shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the data used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure (if known), (iv) what Vendor Contractor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action Vendor Contractor has taken or shall take to prevent future similar unauthorized use or disclosure. . 10.5 Within five (5) Calendar Days calendar days of the date the Vendor Contractor becomes aware of any such Data Incident, the Vendor Contractor shall have completed implementation of corrective actions to remedy the Data Incident, restore Xxxxxxxx’x City access to the Services as directed by XxxxxxxxCity, and prevent further similar unauthorized use or disclosure. Vendor. 10.6 Contractor, at its expense, shall cooperate fully with Xxxxxxxx’x City’s investigation of and response to any such Data Incident. . 10.7 Except as otherwise required by law, Vendor Contractor will not disclose or otherwise provide notice of the incident directly to any person, regulatory agencies, or other entities, without prior written permission from Xxxxxxxx. City. 10.8 Notwithstanding any other provision of this Agreement, and in addition to any other remedies available to Xxxxxxxx City under law or equity, Vendor Contractor will promptly reimburse Xxxxxxxx City in full for all costs incurred by Xxxxxxxx City in any investigation, remediation or litigation resulting from any such Data Incident, including but not limited to, to providing notification to Third Parties whose data were compromised and to regulatory bodies, law-enforcement agencies or other entities as required by law or contract; establish establishing and monitor monitoring call center(s), and credit monitoring and/or identity restoration services to assist each person impacted by a Data Incident in such a fashion that, in Xxxxxxxx’x City’s sole discretion, could lead to identity theft; and the payment of legal fees and expenses, audit costs, fines and penalties, and other fees imposed by regulatory agencies, courts of law, or contracting partners as a result of the Data Incident.

Data Incident Response. 1. Vendor shall maintain documented policies and procedures for Data Incident and breach reporting, notification, and mitigation. If Vendor becomes aware of any Data Incident, it shall notify Xxxxxxxx immediately and cooperate with Xxxxxxxx regarding recovery, remediation, and the necessity to involve law enforcement, as determined by ThorntonXxxxxxxx. If there is a Data Incident impacting residents of Colorado or any other jurisdiction, Vendor shall cooperate with Thornton Xxxxxxxx to satisfy notification requirements as currently defined in either federal, state, or local law. Unless Vendor can establish that neither Vendor nor any of its agents, employees, assigns or Subcontractors are the cause or source of the Data Incident, Vendor shall be responsible for the cost of notifying each person who may have been impacted by the Data Incident as required by law. After a Data Incident, Vendor shall take steps to reduce the risk of incurring a similar type of Data Incident in the future as directed by Xxxxxxxx, which may include, but is not limited to, developing and implementing a remediation plan that is approved by Xxxxxxxx at no additional cost to Xxxxxxxx. 2. Vendor shall report, either orally or in writing, to Xxxxxxxx any Data Incident involving City Data, or circumstances that could have resulted in unauthorized access to, disclosure, or use of City Data, not authorized by this Agreement or in writing by Xxxxxxxx, including any reasonable belief that an unauthorized individual has accessed City Data. Vendor shall make the report to Xxxxxxxx immediately upon discovery of the unauthorized disclosure, but in no event more than forty-eight (48) hours after Vendor reasonably believes there has been such unauthorized use or disclosure. Oral reports by Vendor regarding Data Incidents will be reduced to writing and supplied to Xxxxxxxx as soon as reasonably practicable, but in no event more than forty-eight (48) hours after oral report. 3. Immediately upon becoming aware of any such Data Incident, Vendor shall fully investigate the circumstances, extent and causes of the Data Incident, and report the results to Xxxxxxxx and continue to keep Xxxxxxxx informed daily of the progress of its investigation until the issue has been effectively resolved. 4. Vendor’s report discussed herein shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the data used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure (if known), (iv) what Vendor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action Vendor has taken or shall take to prevent future similar unauthorized use or disclosure. 5. Within five (5) Calendar Days of the date the Vendor becomes aware of any such Data Incident, the Vendor shall have completed implementation of corrective actions to remedy the Data Incident, restore Xxxxxxxx’x access to the Services as directed by Xxxxxxxx, and prevent further similar unauthorized use or disclosure. 6. Vendor, at its expense, shall cooperate fully with Xxxxxxxx’x investigation of and response to any such Data Incident. 7. Except as otherwise required by law, Vendor will not disclose or otherwise provide notice of the incident directly to any person, regulatory agencies, or other entities, without prior written permission from Xxxxxxxx. 8. Notwithstanding any other provision of this Agreement, and in addition to any other remedies available to Xxxxxxxx under law or equity, Vendor will promptly reimburse Xxxxxxxx in full for all costs incurred by Xxxxxxxx in any investigation, remediation or litigation resulting from any such Data Incident, including but not limited to, providing notification to Third Parties whose data were compromised and to regulatory bodies, law-enforcement agencies or other entities as required by law or contract; establish and monitor call center(s), and credit monitoring and/or identity restoration services to assist each person impacted by a Data Incident in such a fashion that, in Xxxxxxxx’x sole discretion, could lead to identity theft; and the payment of legal fees and expenses, audit costs, fines and penalties, and other fees imposed by regulatory agencies, courts of law, or contracting partners as a result of the Data Incident.