Data Security Incidents Clause Samples

POPULAR SAMPLE Copied 2 times

Data Security Incidents. (a) The Supplier must document, implement and maintain a plan setting out the Suppliers' policies, systems and procedures for responding to any Data Security Incident (the Data Security Response Plan). The Supplier must make the Data Security Response Plan available for inspection by Suncorp if requested by Suncorp. (b) The Supplier must implement and maintain robust mechanisms in place to detect and respond to any actual or suspected Data Security Incidents. (c) The Supplier must: (i) immediately, and in any event within 24 hours, inform Suncorp in writing of (A) any actual or suspected Data Security Incident or (B) any data security incident that has been notified to other regulators in Australia or other jurisdictions. The notification given by the Supplier must, at a minimum: A. describe the nature of the Data Security Incident and, if applicable, the categories and numbers of persons, and the categories and numbers of Personal Information records, affected or otherwise concerned; B. include the name and contact details of the data protection officer or other relevant contact from whom more information may be obtained; C. where available, describe the likely consequences of the Data Security Incident and any measures taken or proposed to be taken to address it; (ii) regularly update Suncorp on all known details about the Data Security Incident, including details of the Suncorp Data, Personal Information and/or systems of Suncorp and/or the Supplier that have been accessed or compromised, whether the Data Security Incident has ceased or is ongoing, the root cause of the Data Security Incident, and any the progress of any remedial actions; (iii) take immediate action to stop the Data Security Incident (including where relevant by preventing access) and minimise and mitigate its effects; (iv) retain and preserve all data critical to identifying the nature, extent and cause of the Data Security Incident; (v) follow all reasonable directions from Suncorp regarding the Data Security Incident and cooperate with Suncorp in any investigation or audit in respect of the Data Security Incident. (d) Suncorp is solely responsible for determining whether a Data Security Incident would be likely to result in serious harm to any of the individuals to whom any Personal Information the subject of the actual or suspected Data Security Incident relates, and the Supplier must not disclose to any third party (including any regulatory authority) the existence of or circumstan...

View Similar (5)

Data Security Incidents. 4.1. Notice. KlearNow shall notify User within 48 hours of discovering that an Information Security Incident has occurred or is reasonably likely to occur to the extent such notice is required by the GDPR.

Data Security Incidents. 4.1 Data Security Incidents. AuditBoard will notify Customer of any Data Security Incident as outlined in section 6 of the Agreement for Personal Data breaches.

View Similar (3)

Data Security Incidents. ESE is responsible for any and all confirmed Data Security Incidents involving Confidential Utility Information that is Processed by, or on behalf of, ESE. caused by the acts or omissions of ESE or its Third Party Representatives. ESE shall notify Utility in writing immediately (and in any event within forty-eight (48) hours) whenever ESE reasonably believes that there has been a Data Security Incident. After providing such notice, ESE will investigate the Data Security Incident, and immediately take all necessary steps to eliminate or contain any exposure of Confidential Utility Information and keep Utility advised of the status of such Data Security Incident and all matters related thereto. ESE further agrees to provide, at ESE’s sole cost if a confirmed Data Security Incident is due to an act or omission of ESE or its Representatives, reasonable assistance and cooperation requested by Utility and/or Utility’s designated representatives, in the furtherance of any correction, remediation, or investigation of any such confirmed Data Security Incident and/or the mitigation of any damage, including any notification required by law or that Utility may determine appropriate to send to individuals impacted or potentially impacted by thea confirmed Data Security Incident, and/or the provision of any credit reporting service required by law or that Utility deems appropriate to provide to such individuals. In addition, within thirty (30) days of identifying or being informed of aconfirmation that a confirmed Data Security Incident has resulted in a breach of Confidential Utility Information, ESE shall develop and execute a plan, subject to Utility’s approval, which shall not be unreasonably withheld, that reduces the likelihood of a recurrence of such Data Security Incident. ESE agrees that Utility may at its discretion, in accordance with the UBP, and without penalty immediately suspend performance hereunder and/or terminate the Addendum if a confirmed Data Security Incident occurs. that has resulted in a breach of Confidential Utility Information and the Utility reasonably believes that harm to Confidential Utility Information has occurred. Any suspension made by Utility pursuant to this paragraph 1110 will be done in accordance with the UBP and will be temporary, lasting only until the Data Security Incident has ended, the ESE security has been restored to the reasonable satisfaction of the Utility so that Utility IT systems and Confidential Utility Information...

View Similar (3)

Data Security Incidents. ThirdEach Party is responsible for any and all Data Security Incidents involving Confidential Utility Information that is Processed by, or on behalf of,Confidential Third Party. Information that is solely caused by each Party, or Third Party shallParty

Data Security Incidents. Each Party is responsible for any and all Data Security Incidents involving Confidential Utility Information that is Processed by, or on behalf of, Confidential Third Party. Information that is solely caused by each Party, or Third Party’s Data Service Providers The Parties agree to notify each other in writing immediately (and in any event within twenty-four seventy-two (24 72) hours whenever such Party reasonably believes that there has been a Data Security Incident. After providing such notice, the Parties agree that each will investigate the Data Security Incident, and immediately take all necessary steps to eliminate or contain any exposure of Confidential Utility Information or Confidential Third Party Information, and keep the other Party advised of the status of such Data Security Incident and all matters related thereto. The Parties further agree to provide, at their sole cost, as mutually agreed beforehand, reasonable assistance and cooperation requested by the other Party and/or the other Party’s designated Data Service Providers, in the furtherance of any correction, remediation, or investigation of any such Data Security Incident and/or the mitigation of any damage, including any notification required by law or that Utility may determine appropriate to send to individuals impacted or potentially impacted by the Data Security Incident, and/or the provision of any credit reporting service required by law. In addition, within thirty (30) days of discovery of a confirmed Data Security Incident, the Parties agree that each shall develop and execute a plan that Utility deems appropriate to provide to reduces the likelihood of a recurrence of such individuals. Unless Data Security Incidents. Further, unless required by law, Third Party shall not notify any individual or any third party other than law enforcement of any potential Data Security Incident involving Confidential Utility Information without first consulting with, and obtaining the permission of, Utility. Notwithstanding anything herein to the contrary, in the event that each of the Parties engages the same electronic data exchange contractor in the course of its performance hereunder, neither Party is more responsible than the other for Data Security Incidents caused by the acts or omissions of such electronic data exchange contractor. In addition, within 30 days of identifyingor being informed of a Data Security Incident, Third Partyshall develop and execute a plan, subject to Utility’s a...

Data Security Incidents. Third Party is responsible for any and all Data Security Incidents involving Confidential Utility Information that is Processed by, or on behalf of, Third Party. Third Party shall notify Utility in writing immediately (and in any event within twenty-four (24) hours) whenever Third Party reasonably believes that there has been a Data Security Incident. After providing such notice, Third Party will investigate the Data Security Incident, and immediately take all necessary steps to eliminate or contain any exposure of Confidential Utility Information and keep Utility advised of the status of such Data Security Incident and all matters related thereto. Third Party further agrees to provide, at Third Party’s sole cost, reasonable assistance and cooperation requested by Utility and/or Utility’s designated representatives, in the furtherance of any correction, remediation, or investigation of any such Data Security Incident and/or the mitigation of any damage, including any notification required by law or that Utility may determine appropriate to send to individuals impacted or potentially impacted by the Data Security Incident, and/or the provision of any credit reporting service required by law or that Utility deems appropriate to provide to such individuals. Unless required by law, Third Party shall not notify any individual or any third party other than law enforcement of any potential Data Security Incident involving Confidential Utility Information without first consulting with, and obtaining the permission of, Utility. In addition, within 30 days of identifying or being informed of a Data Security Incident, Third Party shall develop and execute a plan, subject to Utility’s approval, that reduces the likelihood of a recurrence of such Data Security Incident. Third Party agrees that Utility may at its discretion and without penalty immediately suspend performance hereunder and/or terminate the Agreement if a Data Security Incident occurs.

Data Security Incidents. (a) Without limiting Supplier's obligations under this clause 7, Supplier must: (1) immediately (and in any event within 24 hours) notify Client, including by email and give Client full details about any actual or suspected: (i) misuse, interference or loss; (ii) accidental or unauthorised access, use, modification, or disclosure; (iii) weakness in any Information Security Control; or (iv) data or system breach, including any breach of this clause 10 or other technology or information security incident, involving any Client Material or New Material (Data Security Incident); (2) keep Client updated about all known details relating to the Data Security Incident, including what Client Material and New Material have been accessed or compromised, the nature of the Data Security Incident, whether the Data Security Incident has ceased or is ongoing, the location and cause of the Data Security Incident, and whether any data has been accessed, lost or corrupted; (3) take immediate preventative action to stop the Data Security Incident (including where relevant by preventing access) and mitigate the effect of the Data Security Incident; (4) retain all data critical to identifying the nature, extent and cause of the Data Security Incident and preserve all logs that detail access to and interactions with relevant Client Material and New Material; (5) follow all directions from Client regarding the Data Security Incident; and (6) co-operate with Client in any investigation or audit in respect of the Data Security Incident.

Data Security Incidents. SRCL Limited has a fully documented data security incident which includes:-  Reporting procedures  Incident reporting portal  Defined escalation procedures  Procedures audited in line with ISO 27001 requirements.

Filter & Search

Parent Clauses

Sub-Clauses