Data Security Breaches. State Street will monitor and record security related events on all systems and log such events. If State Street discovers or become aware of an actual breach of security relating to BTC Data, except to the extent instructed by legal or regulatory authorities not to do so:
(i) promptly notify the BTC Regional Program Manager by telephone and e-mail as soon as practicable but in any event within the earlier of any of the following: (i) 5:00 PM, local time, the next Business Day after detecting or becoming aware of such breach; (ii) forty-eight (48) hours after detecting or becoming aware of such breach; or (iii) within a shorter timeframe if required under a State Street known law;
(ii) provider confirmatory written notice or fax to the BTC Regional Program Manager as soon as practicable after detecting or becoming aware of such breach; and
(iii) investigate and remediate the effects of the breach, and provide the applicable BTC Recipients with reasonable assurance that safeguards consistent with State Street’s obligations under this Article 10 have been implemented.
Data Security Breaches. 7.1 TMS/USA and Dealer understand and agree that with regard to data accessible through this Program, they each shall:
7.1.1 use the data in accordance with Laws;
7.1.2 use commercially reasonable efforts to maintain the confidentiality and security of the data; and
7.1.3 not to disclose or use the data other than as agreed to herein.
7.2 Dealer understands that its Dealer Data will be shared with TMS/USA and its respective affiliates to be used for, with respect to TMS/USA and its affiliates, its and/or their own business purposes, including but not limited to, data analytics and reporting.
7.3 DEALER ACKNOWLEDGES AND AGREES THAT IT SHALL NOT LOOK TO TMS/USA OR ITS AFFILIATES FOR ANY DAMAGES (AS DEFINED BELOW) THAT ARISE FROM ANY SECURITY BREACH EXCEPT IF, AND ONLY TO THE EXTENT, SUCH SECURITY BREACH ARISES OUT OF TMS/USA’S ACTS OR OMISSIONS OR OCCURS IN TMS/USA SYSTEMS AND DOES NOT ARISE OUT OF ANY ACT OR OMISSION OF DEALER. TMS/USA, FOR ITSELF AND ITS AFFILIATES, HEREBY EXPRESSLY AND IRREVOCABLY DISCLAIMS ANY AND ALL LIABILITY OF TMS/USA OR ITS AFFILIATES ARISING OUT OF OR IN CONNECTION WITH ANY SECURITY BREACH, EXCEPT IF, AND ONLY TO THE EXTENT, SUCH SECURITY BREACH ARISES OUT OF TMS/USA’S ACTS OR OMISSIONS OR OCCURS IN TMS/USA SYSTEMS AND DOES NOT ARISE OUT OF ANY ACT OR OMISSION OF DEALER.
7.4 TMS/USA ACKNOWLEDGES AND AGREES THAT IT SHALL NOT LOOK TO DEALER FOR ANY DAMAGES THAT ARISE FROM ANY SECURITY BREACH EXCEPT IF, AND ONLY TO THE EXTENT, SUCH SECURITY BREACH ARISES OUT OF DEALER’S ACTS OR OMISSIONS OR OCCURS IN DEALER SYSTEMS AND DOES NOT ARISE OUT OF ANY ACT OR OMISSION OF TMS/USA. DEALER, FOR ITSELF AND ITS AFFILIATES, HEREBY EXPRESSLY AND IRREVOCABLY DISCLAIMS ANY AND ALL LIABILITY OF TMS/USA OR ITS AFFILIATES ARISING OUT OF OR IN CONNECTION WITH ANY SECURITY BREACH, EXCEPT IF, AND ONLY TO THE EXTENT, SUCH SECURITY BREACH ARISES OUT OF TMS/USA’S ACTS OR OMISSIONS OR OCCURS IN TMS/USA SYSTEMS AND DOES NOT ARISE OUT OF ANY ACT OR OMISSION OF DEALER.
Data Security Breaches. In the event of a security breach involving the Data, the Company shall without undue delay notify the Publisher in writing, with a description of the nature of the breach, the likely consequences of the breach, and measures taken (or intended to be taken) to address the breach and to mitigate its possible adverse effects. The parties shall in good faith collaborate in relation to potential notification requirements to data protection authorities. Without the Publisher's prior written approval, the Company is not entitled to mention or refer to the name or trademark of the Publisher in any breach notification to a supervisory authority or to the affected data subjects unless strictly necessary to comply with Applicable Law and always provided that the Publisher has been duly notified in writing.
Data Security Breaches. Each party shall promptly notify the other parties (except in instances where notice is prohibited by applicable Law or a Governmental Authority requests that notice be withheld or delayed) in the event it becomes aware of any unauthorized use, modification, destruction or disclosure of, or access to, Sears Customer Information, Cardholder Information or Transaction Data, as applicable (any of the foregoing, a “Data Security Breach”), and take such actions as are commercially reasonable or necessary to assess the nature and scope of such Data Security Breach to prevent further Data Security Breaches. The party that experienced the Data Security Breach shall have the sole right to determine whether to provide notice to Governmental Authorities and any affected Cardholders, as well as the timing and form of such notice, and the other party shall provide such cooperation as may reasonably be requested in connection with such notice to Governmental Authorities and Cardholders; provided, that if the Data Security Breach is experienced by Sears and Sears determines not to provide notice to Governmental Authorities or affected Cardholders, Purchaser may nonetheless notify Cardholders of such Data Security Breach and shall consult with Sears with respect to such notice. The party that experienced the Data Security Breach shall pay the applicable costs and expenses relating to each such Data Security Breach set forth on Schedule 8.9(j) of the Program Agreement.
Data Security Breaches. Company shall, within twenty-four (24) hours of discovery, notify Client of any Data Security Breach or any other unauthorized access, disclosure, acquisition, or use of the Client Data provided to it by Client or Client’ customers. As soon as possible thereafter, Company shall provide Client full details of the unauthorized access, disclosure, acquisition, and/or use. Company will cooperate with Client in a commercially reasonable manner to investigate the incident and will exert commercially reasonable efforts to (i) terminate the unauthorized access, disclosure, acquisition, and/or use and (ii) prevent the reoccurrence thereof. Company shall provide reasonable assistance to Client to regain possession of and terminate any unauthorized access, disclosure, acquisition, and/or use of the Client Data. Company shall reasonably cooperate with Client in the conduct of any investigation of or litigation involving third parties related to said incident. Company shall assist and cooperate with Client concerning any disclosures to affected parties, government or regulatory bodies, and other remedial measures as reasonably requested by Client or as required under any applicable privacy or data protection law. If the Data Security Breach was caused by Company’s negligence or fault, Company shall discharge all responsibilities set forth herein at Company’s cost and expense.
Data Security Breaches. 12.1 The Parties shall have in place their own guidance and policy that must be followed in the event of a Data Security Breach.
12.2 The Parties shall appoint a single point of contact (SPoC) for Data Security Breaches who shall:
a) maintain records in relation to Data protection requests, decisions made and information exchanged
b) maintain records of any Data breach
c) notify each other of the breach within 24 hours of its discovery
d) inform the Data Protection Commission when a breach has occurred The points of contact for each of the Parties are: The person holding the position of Data Protection Officer Currently: Xxxxx Xxxxxxx Xxxx 0000, Xxxx Xxxx, Xxxxx, Cork, Ireland. 021-4547722/0858709023 Currently: Xxx X’ Xxxxxx Data Protection Officer PO Box 3000, Johnstown Xxxxxx Xxxxxx, Xxxxxx Xxxxxxx, X00 X000, Ireland. 053-9160630
12.3 The Parties agree to notify any potential or actual loss of Data to each SPoC as soon as possible to enable the Parties to consider what action is required to resolve the issue in accordance with the Data Protection Laws and guidance.
12.4 The Parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Data Security Breach in an expeditious and compliant manner.
Data Security Breaches. 7.1 Where a Data Security Breach occurs in respect of Shared Personal Data held by a Party that Party shall:
(a) notify the other Party as soon as possible and, in any event, within twenty-four (24) hours of identification of the Data Security Breach; and
(b) be responsible for any required notification of that Data Security Breach to the Information Commissioner’s Office.
7.2 The notification referred to in clause 7.1 shall as a minimum detail:
(a) the nature of the Data Security Breach including where possible, the categories and approximate number of Data Subjects concerned, and the categories and approximate number of Personal Data records concerned;
(b) the likely consequences of the Data Security Breach; and
(c) the measures taken or proposed to be taken by the Party issuing the notice to address the Data Security Breach, including, where appropriate, measures to mitigate its possible adverse effects.
7.3 Each Party shall have in place effective policies and procedures to ensure compliance with the Data Protection Legislation in the event of a Data Security Breach.
7.4 The Parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Data Security Breach in an expeditious and compliant manner.
Data Security Breaches. Each Party shall notify the other Party promptly, and in any event within three (3) days (except in instances where notice is prohibited by applicable law or a governmental authority requests that notice be withheld or delayed) of any identified unauthorized access or use of any Program NPI by a third party (a “Data Breach”) that reasonably could be expected to have a material and adverse effect on the Program or the other Party, and take such actions as are commercially reasonable or necessary to assess the nature and scope of such Data Breach and to mitigate the effects on such Data Breach.
Data Security Breaches. In the event of a breach of data system, each Party shall report to other Parties, within three (3) calendar days since they found out about the Security Breach, any actual or suspected unauthorized or unintentional access to, acquisition of, or disclosure of Personal Data (“Security Breach”). The report shall include the date, time and nature of the Security Breach. Contractual parties shall take all reasonable and necessary steps to remedy and mitigate any harm arising from the Security Breach.
Data Security Breaches. The DATA PROCESSOR shall inform the DATA CONTROLLER without undue hesitation and in any case, within 48 hours, of any security breaches with respect to the personal data in its charge which comes to its notice, including relevant information for documenting and reporting the incident. The DATA PROCESSOR shall provide at least the following information, if it has it: - A description of the nature of the personal data security breach, including, if possible, the categories and approximate number of affected interested parties and the categories and approximate number of affected personal data records. - The name and contact data of the data protection supervisor or another contact point where more information can be obtained. - A description of the measures taken or proposed to remedy the personal data security breach, including, as necessary, measures taken to mitigate any negative effects. - A description of the possible consequences of the personal data security breach. If it is not possible to provide the information simultaneously, and if not provided simultaneously, the information shall be furnished gradually without undue delay, and in all cases, within 24 hours.