Data Security Breaches. State Street will monitor and record security related events on all systems and log such events. If State Street discovers or become aware of an actual breach of security relating to BTC Data, except to the extent instructed by legal or regulatory authorities not to do so:
(i) promptly notify the BTC Regional Program Manager by telephone and e-mail as soon as practicable but in any event within the earlier of any of the following: (i) 5:00 PM, local time, the next Business Day after detecting or becoming aware of such breach; (ii) forty-eight (48) hours after detecting or becoming aware of such breach; or (iii) within a shorter timeframe if required under a State Street known law;
(ii) provider confirmatory written notice or fax to the BTC Regional Program Manager as soon as practicable after detecting or becoming aware of such breach; and
(iii) investigate and remediate the effects of the breach, and provide the applicable BTC Recipients with reasonable assurance that safeguards consistent with State Street’s obligations under this Article 10 have been implemented.
Data Security Breaches. 7.1 TMS/USA and Dealer understand and agree that with regard to data accessible through this Program, they each shall:
7.1.1 use the data in accordance with Laws;
7.1.2 use commercially reasonable efforts to maintain the confidentiality and security of the data; and
7.1.3 not to disclose or use the data other than as agreed to herein.
7.2 Dealer understands that its Dealer Data will be shared with TMS/USA and its respective affiliates to be used for, with respect to TMS/USA and its affiliates, its and/or their own business purposes, including but not limited to, data analytics and reporting.
7.3 DEALER ACKNOWLEDGES AND AGREES THAT IT SHALL NOT LOOK TO TMS/USA OR ITS AFFILIATES FOR ANY DAMAGES (AS DEFINED BELOW) THAT ARISE FROM ANY SECURITY BREACH EXCEPT IF, AND ONLY TO THE EXTENT, SUCH SECURITY BREACH ARISES OUT OF TMS/USA’S ACTS OR OMISSIONS OR OCCURS IN TMS/USA SYSTEMS AND DOES NOT ARISE OUT OF ANY ACT OR OMISSION OF DEALER. TMS/USA, FOR ITSELF AND ITS AFFILIATES, HEREBY EXPRESSLY AND IRREVOCABLY DISCLAIMS ANY AND ALL LIABILITY OF TMS/USA OR ITS AFFILIATES ARISING OUT OF OR IN CONNECTION WITH ANY SECURITY BREACH, EXCEPT IF, AND ONLY TO THE EXTENT, SUCH SECURITY BREACH ARISES OUT OF TMS/USA’S ACTS OR OMISSIONS OR OCCURS IN TMS/USA SYSTEMS AND DOES NOT ARISE OUT OF ANY ACT OR OMISSION OF DEALER.
7.4 TMS/USA ACKNOWLEDGES AND AGREES THAT IT SHALL NOT LOOK TO DEALER FOR ANY DAMAGES THAT ARISE FROM ANY SECURITY BREACH EXCEPT IF, AND ONLY TO THE EXTENT, SUCH SECURITY BREACH ARISES OUT OF DEALER’S ACTS OR OMISSIONS OR OCCURS IN DEALER SYSTEMS AND DOES NOT ARISE OUT OF ANY ACT OR OMISSION OF TMS/USA. DEALER, FOR ITSELF AND ITS AFFILIATES, HEREBY EXPRESSLY AND IRREVOCABLY DISCLAIMS ANY AND ALL LIABILITY OF TMS/USA OR ITS AFFILIATES ARISING OUT OF OR IN CONNECTION WITH ANY SECURITY BREACH, EXCEPT IF, AND ONLY TO THE EXTENT, SUCH SECURITY BREACH ARISES OUT OF TMS/USA’S ACTS OR OMISSIONS OR OCCURS IN TMS/USA SYSTEMS AND DOES NOT ARISE OUT OF ANY ACT OR OMISSION OF DEALER.
Data Security Breaches. In the event of a security breach involving the Data, the Company shall without undue delay notify the Publisher in writing, with a description of the nature of the breach, the likely consequences of the breach, and measures taken (or intended to be taken) to address the breach and to mitigate its possible adverse effects. The parties shall in good faith collaborate in relation to potential notification requirements to data protection authorities. Without the Publisher's prior written approval, the Company is not entitled to mention or refer to the name or trademark of the Publisher in any breach notification to a supervisory authority or to the affected data subjects unless strictly necessary to comply with Applicable Law and always provided that the Publisher has been duly notified in writing.
Data Security Breaches. Each party shall promptly notify the other parties (except in instances where notice is prohibited by applicable Law or a Governmental Authority requests that notice be withheld or delayed) in the event it becomes aware of any unauthorized use, modification, destruction or disclosure of, or access to, Sears Customer Information, Cardholder Information or Transaction Data, as applicable (any of the foregoing, a “Data Security Breach”), and take such actions as are commercially reasonable or necessary to assess the nature and scope of such Data Security Breach to prevent further Data Security Breaches. The party that experienced the Data Security Breach shall have the sole right to determine whether to provide notice to Governmental Authorities and any affected Cardholders, as well as the timing and form of such notice, and the other party shall provide such cooperation as may reasonably be requested in connection with such notice to Governmental Authorities and Cardholders; provided, that if the Data Security Breach is experienced by Sears and Sears determines not to provide notice to Governmental Authorities or affected Cardholders, Purchaser may nonetheless notify Cardholders of such Data Security Breach and shall consult with Sears with respect to such notice. The party that experienced the Data Security Breach shall pay the applicable costs and expenses relating to each such Data Security Breach set forth on Schedule 8.9(j) of the Program Agreement.
Data Security Breaches. Company shall, within twenty-four (24) hours of discovery, notify Client of any Data Security Breach or any other unauthorized access, disclosure, acquisition, or use of the Client Data provided to it by Client or Client’ customers. As soon as possible thereafter, Company shall provide Client full details of the unauthorized access, disclosure, acquisition, and/or use. Company will cooperate with Client in a commercially reasonable manner to investigate the incident and will exert commercially reasonable efforts to (i) terminate the unauthorized access, disclosure, acquisition, and/or use and (ii) prevent the reoccurrence thereof. Company shall provide reasonable assistance to Client to regain possession of and terminate any unauthorized access, disclosure, acquisition, and/or use of the Client Data. Company shall reasonably cooperate with Client in the conduct of any investigation of or litigation involving third parties related to said incident. Company shall assist and cooperate with Client concerning any disclosures to affected parties, government or regulatory bodies, and other remedial measures as reasonably requested by Client or as required under any applicable privacy or data protection law. If the Data Security Breach was caused by Company’s negligence or fault, Company shall discharge all responsibilities set forth herein at Company’s cost and expense.
Data Security Breaches. 12.1 The Parties shall have in place their own guidance and policy that must be followed in the event of a Data Security Breach.
12.2 The Parties shall appoint a single point of contact (SPoC) for Data Security Breaches who shall:
a) maintain records in relation to Data protection requests, decisions made and information exchanged
b) maintain records of any Data breach
c) notify each other of the breach within 24 hours of its discovery
d) inform the Data Protection Commission when a breach has occurred The points of contact for each of the Parties are: The person holding the position of Data Protection Officer Currently: Xxxxx Xxxxxxx Xxxx 0000, Xxxx Xxxx, Xxxxx, Cork, Ireland. 021-4547722/0858709023 Currently: Xxx X’ Xxxxxx Data Protection Officer PO Box 3000, Johnstown Xxxxxx Xxxxxx, Xxxxxx Xxxxxxx, X00 X000, Ireland. 053-9160630
12.3 The Parties agree to notify any potential or actual loss of Data to each SPoC as soon as possible to enable the Parties to consider what action is required to resolve the issue in accordance with the Data Protection Laws and guidance.
12.4 The Parties agree to provide reasonable assistance as is necessary to each other to facilitate the handling of any Data Security Breach in an expeditious and compliant manner.
Data Security Breaches. In the event of a breach of data system, each Party shall report to other Parties, within three (3) calendar days since they found out about the Security Breach, any actual or suspected unauthorized or unintentional access to, acquisition of, or disclosure of Personal Data (“Security Breach”). The report shall include the date, time and nature of the Security Breach. Contractual parties shall take all reasonable and necessary steps to remedy and mitigate any harm arising from the Security Breach.
Data Security Breaches. 10.1 The CUA Project Team (or any member thereof) shall notify the CUA Members of any actual or potential Personal Data Breach in relation to the Personal Data Processed pursuant to this Agreement as soon as possible (and in any event within 48 hours) to enable the parties to consider what further action is required either individually or jointly.
10.2 The parties agree to provide reasonable assistance to each other to facilitate the handling of any Personal Data Breach in an expeditious and compliant manner.
Data Security Breaches. In the event of a breach of Institution’s data system, Institution or Investigator shall report to Abbott , within fourteen (14) calendar days, any confirmed unauthorized or unintentional access to, acquisition of, or disclosure of personal health information as defined under HIPAA (“Security Breach”). The report shall include the timing and nature of the Security Breach. Institutions’ notice to Abbott and report of a confirmed breach shall be treated as Confidential Information under this Agreement. Institution shall take all reasonable and necessary steps to remedy and mitigate any harm arising from the Security Breach.
Data Security Breaches. REMEDIATION OF MALICIOUS CODE.
(a) Data Security Breaches. State Street will monitor and record security related events on all systems and log such events. If State Street discovers or become aware of an actual breach of security relating to BTC Data, except to the extent instructed by legal or regulatory authorities not to do so:
(i) promptly notify the BTC Regional Program Manager by telephone and e-mail as soon as practicable but in any event within the earlier of any of the following: (i) 5:00 PM, local time, the next Business Day after detecting or becoming aware of such breach; (ii) forty-eight (48) hours after detecting or becoming aware of such breach; or (iii) within a shorter timeframe if required under a State Street Known Law;
(ii) provider confirmatory written notice or fax to the BTC Regional Program Manager as soon as practicable after detecting or becoming aware of such breach; and
(iii) investigate and remediate the effects of the breach, and provide the applicable BTC Recipients with reasonable assurance that safeguards consistent with State Street's obligations under this Section 10 have been implemented.
