Data Security and Unauthorized Data Release Sample Clauses
The Data Security and Unauthorized Data Release clause establishes the obligations of parties to protect sensitive information from unauthorized access, disclosure, or breaches. It typically requires the implementation of appropriate technical and organizational measures to safeguard data, and may outline procedures for responding to and notifying affected parties in the event of a data breach. This clause is essential for ensuring compliance with data protection laws and for minimizing the risk of harm or liability resulting from unauthorized data exposure.
POPULAR SAMPLE Copied 2 times
Data Security and Unauthorized Data Release. The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures ...
Data Security and Unauthorized Data Release. The Requester and Approved Users acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access data and any Data Derivatives according to NIH’s expectations set forth in the current NIH Security Best Practices for Users of Controlled-Access Data and the Requester’s IT security requirements and policies. The Requester and PI agree to notify the NIH Incident Response Team, NIH DAC(s) on the project request, and NIH Office of Extramural Research Data Sharing Policy Implementation (OER/DSPI) Team of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. For the NIH Incident Response Team notifications can be made by phone (▇▇▇) ▇▇▇-▇▇▇▇ (4357); Toll Free Number: (866) 319-4357or TTY: (▇▇▇) ▇▇▇-▇▇▇▇ and can also be sent by email to ▇▇▇▇▇▇▇▇▇▇@▇▇▇.▇▇▇ or via the Report an Incident Link: ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇▇.▇▇▇.▇▇▇/. For OER/DSPI Team, notifications can be sent to ▇▇▇_▇▇▇@▇▇▇▇.▇▇▇.▇▇▇. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) and the OER/DSPI Team a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide any additional documentation requested by the NIH DAC(s) or the OER/DSPI Team on the incident, including verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident. Approved Users and their associates agree to support such investigations and provide any information, within the limits of applicable local, state, Tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.
Data Security and Unauthorized Data Release i. The Requesting Institution and PI agree to notify CPCSSN of any unauthorized Data sharing, breaches of data security, or inadvertent Data releases that may compromise Data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of CPCSSN notification, the Requesting Institution agrees to submit to CPCSSN a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requesting Institution agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to CPCSSN requests may result in further compliance measures affecting the Requesting Institution.
ii. Requesting Institution, Approved Users and their associates agree to support CPCSSN investigations arising from any breaches reported in accordance with section 7(i) above and provide information, within the limits of applicable laws and regulations. In addition, Requesting Institution and Approved Users agree to work with CPCSSN to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.