Data Security Incidents. (a) The Supplier must document, implement and maintain a plan setting out the Suppliers' policies, systems and procedures for responding to any Data Security Incident (the Data Security Response Plan). The Supplier must make the Data Security Response Plan available for inspection during Business Hours by Suncorp if requested by Suncorp.
(b) The Supplier must implement and maintain robust mechanisms in place to detect and respond to any actual or suspected Data Security Incidents.
(c) The Supplier must:
(i) as soon as reasonably practicable, and in any event within twenty four (24) hours, inform their Suncorp representative in writing by email at xxxxxxxx@xxxxxxx.xxx.xx of (A) any actual or suspected Data Security Incident or (B) any data security incident that has been notified to other regulators in Australia or other jurisdictions. The notification given by the Supplier must, at a minimum:
A. describe the nature of the Data Security Incident and, if applicable, the categories and numbers of persons, and the categories and numbers of Personal Information records, affected or otherwise concerned;
B. include the name and contact details of the data protection officer or other relevant contact from whom more information may be obtained;
C. where available, describe the likely consequences of the Data Security Incident and any measures taken or proposed to be taken to address it;
(ii) regularly update Suncorp on all known details about the Data Security Incident, including details of the Suncorp Data, Personal Information and/or systems of Suncorp and/or the Supplier that have been accessed or compromised, whether the Data Security Incident has ceased or is ongoing, the root cause of the Data Security Incident, and the progress of any remedial actions;
(iii) immediately take all reasonable steps to stop the Data Security Incident (including where relevant by preventing access) and minimise and mitigate its effects;
(iv) retain and preserve all data critical to identifying the nature, extent and cause of the Data Security Incident;
(v) follow all reasonable directions from Suncorp regarding the Data Security Incident and cooperate with Suncorp in any investigation or audit in respect of the Data Security Incident.
(d) Suncorp, acting in good faith, is solely responsible for determining whether a Data Security Incident would be likely to result in serious harm to any of the individuals to whom any Personal Information the subject of the actual or suspected Dat...
Data Security Incidents. 4.1 Data Security Incidents. AuditBoard will notify Customer of any Data Security Incident as outlined in section 6 of the Agreement for Personal Data breaches.
Data Security Incidents. Each Party is responsible for any and all Data Security Incidents involving Confidential Utility Information that is Processed by, or on behalf of, Confidential Third Party. Information that is solely caused by each Party, or Third Party’s Data Service Providers The Parties agree to notify each other in writing immediately (and in any event within twenty-four seventy-two (24 72) hours whenever such Party reasonably believes that there has been a Data Security Incident. After providing such notice, the Parties agree that each will investigate the Data Security Incident, and immediately take all necessary steps to eliminate or contain any exposure of Confidential Utility Information or Confidential Third Party Information, and keep the other Party advised of the status of such Data Security Incident and all matters related thereto. The Parties further agree to provide, at their sole cost, as mutually agreed beforehand, reasonable assistance and cooperation requested by the other Party and/or the other Party’s designated Data Service Providers, in the furtherance of any correction, remediation, or investigation of any such Data Security Incident and/or the mitigation of any damage, including any notification required by law or that Utility may determine appropriate to send to individuals impacted or potentially impacted by the Data Security Incident, and/or the provision of any credit reporting service required by law. In addition, within thirty (30) days of discovery of a confirmed Data Security Incident, the Parties agree that each shall develop and execute a plan that Utility deems appropriate to provide to reduces the likelihood of a recurrence of such individuals. Unless Data Security Incidents. Further, unless required by law, Third Party shall not notify any individual or any third party other than law enforcement of any potential Data Security Incident involving Confidential Utility Information without first consulting with, and obtaining the permission of, Utility. Notwithstanding anything herein to the contrary, in the event that each of the Parties engages the same electronic data exchange contractor in the course of its performance hereunder, neither Party is more responsible than the other for Data Security Incidents caused by the acts or omissions of such electronic data exchange contractor. In addition, within 30 days of identifyingor being informed of a Data Security Incident, Third Partyshall develop and execute a plan, subject to Utility’s a...
Data Security Incidents. SRCL Limited has a fully documented data security incident which includes:- Reporting procedures Incident reporting portal Defined escalation procedures Procedures audited in line with ISO 27001 requirements.
Data Security Incidents. If you suspect that your User Account, Personal Data or any of your password security details have been compromised, or become aware of any fraud, attempted fraud or any other security incident (including a cyber-attack) affecting you and/or WisdomTree, you must notify WisdomTree customer support as soon as possible at Customer Support Contacts, and continue to provide accurate and complete information throughout the duration of the security incident. You agree to take any steps or proactive measures reasonably required by WisdomTree to mitigate, manage or report any security incident. Failure to provide prompt notification of any security incident may be affect the appropriate resolution of the matter.
Data Security Incidents. Third Party is responsible for any and all Data Security Incidents involving Confidential Utility Information that is Processed by, or on behalf of, Third Party. Third Party shall notify Utility in writing immediately (and in any event within twenty-four (24) hours) whenever Third Party reasonably believes that there has been a Data Security Incident. After providing such notice, Third Party will investigate the Data Security Incident, and immediately take all necessary steps to eliminate or contain any exposure of Confidential Utility Information and keep Utility advised of the status of such Data Security Incident and all matters related thereto. Third Party further
Data Security Incidents. Third Party is responsible for any and all Data Security Incidents involving Confidential Utility Information that is Processed by, or on behalf of, Third Party. Third Party shall notify Utility in writing immediately (and in any event within twenty-four (24) hours) whenever Third Party reasonably believes that there has been a Data Security Incident. After providing such notice, Third Party will investigate the Data Security Incident, and immediately take all necessary steps to eliminate or contain any exposure of Confidential Utility Information and keep Utility advised of the status of such Data Security Incident and all matters related thereto. Third Party further agrees to provide, at Third Party’s sole cost, reasonable assistance and cooperation requested by Utility and/or Utility’s designated representatives, in the furtherance of any correction, remediation, or investigation of any such Data Security Incident and/or the mitigation of any damage, including any notification required by law or that Utility may determine appropriate to send to individuals impacted or potentially impacted by the Data Security Incident, and/or the provision of any credit reporting service required by law or that Utility deems appropriate to provide to such individuals. Unless required by law, Third Party shall not notify any individual or any third party other than law enforcement of any potential Data Security Incident involving Confidential Utility Information without first consulting with, and obtaining the permission of, Utility. In addition, within 30 days of identifying or being informed of a Data Security Incident, Third Party shall develop and execute a plan, subject to Utility’s approval, that reduces the likelihood of a recurrence of such Data Security Incident. Third Party agrees that Utility may at its discretion and without penalty immediately suspend performance hereunder and/or terminate the Agreement if a Data Security Incident occurs.
Data Security Incidents. (a) Upon becoming aware of a Data Security Incident, the Processor shall inform the other Party without undue delay and shall provide such timely information and assistance in accordance with clause 3.7 as the other Party may require in order for the other Party to fulfil its data breach reporting obligations under Data Protection Law and to mitigate the effects of the Data Security Incident.
(b) Where China Unicom is acting as the Processor, the Customer understands and accepts that the performance by China Unicom of certain Services may carry a risk to the Customer of loss or corruption of data. China Unicom's obligations in respect of data backup or retention shall be set out in the applicable Services Agreement. The Customer understands and accepts that, save to the extent of any obligations detailed in this Data Processing Agreement or the relevant Services Agreement, the Customer shall bear full responsibility for the loss or corruption of data that may result from a Data Security Incident.
Data Security Incidents. If Origin becomes aware of a Security Incident, Origin will promptly:
(a) notify Customer in writing via e-mail of the Security Incident without undue delay in reasonable detail and to the best of its knowledge at that time the likely consequences for Customer specifically and other Parties in general of the breach or unauthorized use or disclosure of, or access to, Customer Data, including where possible, the categories and approximate amount of Customer Data concerned;
(b) open a security ticket with OCI and work to sequester the affected system components;
(c) open a techline with relevant partner and customer personnel for coordination and status updates until resolution or stabilization;
(d) take reasonable steps to mitigate the suspected effects and to minimize any damage resulting from the Security Incident, which may include new system build with data lift and shift or other measures, and;
(e) notify cyber insurance team to initiate communication and documentation protocols.
Data Security Incidents. 4.1. Notice. KlearNow shall notify User within 48 hours of discovering that an Information Security Incident has occurred or is reasonably likely to occur to the extent such notice is required by the GDPR.