Data Security Incidents. (a) The Supplier must document, implement and maintain a plan setting out the Suppliers' policies, systems and procedures for responding to any Data Security Incident (the Data Security Response Plan). The Supplier must make the Data Security Response Plan available for inspection during Business Hours by Suncorp if requested by Suncorp. (b) The Supplier must implement and maintain robust mechanisms in place to detect and respond to any actual or suspected Data Security Incidents. (c) The Supplier must: (i) as soon as reasonably practicable, and in any event within twenty four (24) hours, inform their Suncorp representative in writing by email at xxxxxxxx@xxxxxxx.xxx.xx of (A) any actual or suspected Data Security Incident or (B) any data security incident that has been notified to other regulators in Australia or other jurisdictions. The notification given by the Supplier must, at a minimum: A. describe the nature of the Data Security Incident and, if applicable, the categories and numbers of persons, and the categories and numbers of Personal Information records, affected or otherwise concerned; B. include the name and contact details of the data protection officer or other relevant contact from whom more information may be obtained; C. where available, describe the likely consequences of the Data Security Incident and any measures taken or proposed to be taken to address it; (ii) regularly update Suncorp on all known details about the Data Security Incident, including details of the Suncorp Data, Personal Information and/or systems of Suncorp and/or the Supplier that have been accessed or compromised, whether the Data Security Incident has ceased or is ongoing, the root cause of the Data Security Incident, and the progress of any remedial actions; (iii) immediately take all reasonable steps to stop the Data Security Incident (including where relevant by preventing access) and minimise and mitigate its effects; (iv) retain and preserve all data critical to identifying the nature, extent and cause of the Data Security Incident; (v) follow all reasonable directions from Suncorp regarding the Data Security Incident and cooperate with Suncorp in any investigation or audit in respect of the Data Security Incident. (d) Suncorp, acting in good faith, is solely responsible for determining whether a Data Security Incident would be likely to result in serious harm to any of the individuals to whom any Personal Information the subject of the actual or suspected Data Security Incident relates, and the Supplier must not disclose to any third party (including any regulatory authority unless and only to the extent compelled to do so under any Applicable Law) the existence of or circumstances surrounding any Data Security Incident without the prior written consent of Suncorp (such consent not to be unreasonably withheld, conditioned or delayed).
Appears in 1 contract
Samples: Purchase Order Agreement
Data Security Incidents. (a) The Supplier must document, implement and maintain a plan setting out the Suppliers' policies, systems and procedures for responding to any Data Security Incident (the Data Security Response Plan). The Supplier must make the Data Security Response Plan available for inspection during Business Hours by Suncorp if requested by Suncorp.
(b) The Supplier must implement and maintain robust mechanisms in place to detect and respond to any actual or suspected Data Security Incidents.
(c) The Supplier must:
(i) as soon as reasonably practicableimmediately, and in any event within twenty four (24) 24 hours, inform their Suncorp representative in writing by email at xxxxxxxx@xxxxxxx.xxx.xx of (A) any actual or suspected Data Security Incident or (B) any data security incident that has been notified to other regulators in Australia or other jurisdictions. The notification given by the Supplier must, at a minimum:
A. describe the nature of the Data Security Incident and, if applicable, the categories and numbers of persons, and the categories and numbers of Personal Information records, affected or otherwise concerned;
B. include the name and contact details of the data protection officer or other relevant contact from whom more information may be obtained;
C. where available, describe the likely consequences of the Data Security Incident and any measures taken or proposed to be taken to address it;
(ii) regularly update Suncorp on all known details about the Data Security Incident, including details of the Suncorp Data, Personal Information and/or systems of Suncorp and/or the Supplier that have been accessed or compromised, whether the Data Security Incident has ceased or is ongoing, the root cause of the Data Security Incident, and any the progress of any remedial actions;
(iii) immediately take all reasonable steps immediate action to stop the Data Security Incident (including where relevant by preventing access) and minimise and mitigate its effects;
(iv) retain and preserve all data critical to identifying the nature, extent and cause of the Data Security Incident;
(v) follow all reasonable directions from Suncorp regarding the Data Security Incident and cooperate with Suncorp in any investigation or audit in respect of the Data Security Incident.
(d) Suncorp, acting in good faith, Suncorp is solely responsible for determining whether a Data Security Incident would be likely to result in serious harm to any of the individuals to whom any Personal Information the subject of the actual or suspected Data Security Incident relates, and the Supplier must not disclose to any third party (including any regulatory authority unless and only to the extent compelled to do so under any Applicable Lawauthority) the existence of or circumstances surrounding any Data Security Incident without the prior written consent of Suncorp (such consent not to be unreasonably withheld, conditioned withheld or delayed).
Appears in 1 contract
Samples: Purchase Order Terms & Conditions
Data Security Incidents. (a) The Supplier must document, implement and maintain a plan setting out the Suppliers' policies, systems and procedures for responding to any Data Security Incident (the Data Security Response Plan). The Supplier must make the Data Security Response Plan available for inspection during Business Hours business hours by Suncorp if requested by Suncorp.
(b) The Supplier must implement and maintain robust mechanisms in place to detect and respond to any actual or suspected Data Security Incidents.
(c) The Supplier must:
(i) as soon as reasonably practicable, and in any event within twenty four (24) hours, inform their Suncorp representative Xxxxxxx in writing by email at xxxxxxxx@xxxxxxx.xxx.xx of (A) any actual or suspected Data Security Incident or (B) any data security incident that has been notified to other regulators in Australia or other jurisdictions. The notification given by the Supplier must, at a minimum:
A. describe the nature of the Data Security Incident and, if applicable, the categories and numbers of persons, and the categories and numbers of Personal Information records, affected or otherwise concerned;
B. include the name and contact details of the data protection officer or other relevant contact from whom more information may be obtained;
C. where available, describe the likely consequences of the Data Security Incident and any measures taken or proposed to be taken to address it;
(ii) regularly update Suncorp on all known details about the Data Security Incident, including details of the Suncorp Data, Personal Information and/or systems of Suncorp and/or the Supplier that have been accessed or compromised, whether the Data Security Incident has ceased or is ongoing, the root cause of the Data Security Incident, and any the progress of any remedial actions;
(iii) immediately take all reasonable steps to stop the Data Security Incident (including where relevant by preventing access) and minimise and mitigate its effects;
(iv) retain and preserve all data critical to identifying the nature, extent and cause of the Data Security Incident;
(v) follow all reasonable directions from Suncorp regarding the Data Security Incident and cooperate with Suncorp in any investigation or audit in respect of the Data Security Incident.
(d) Suncorp, acting in good faith, is solely responsible for determining whether a Data Security Incident would be likely to result in serious harm to any of the individuals to whom any Personal Information the subject of the actual or suspected Data Security Incident relates, and the Supplier must not disclose to any third party (including any regulatory authority unless and only to the extent compelled to do so under any Applicable Law) the existence of or circumstances surrounding any Data Security Incident without the prior written consent of Suncorp (such consent not to be unreasonably withheld, conditioned withheld or delayed).
Appears in 1 contract
Samples: Purchase Order
Data Security Incidents. (a) The Supplier must document, implement and maintain a plan setting out the Suppliers' policies, systems and procedures for responding to any Data Security Incident (the Data Security Response Plan). The Supplier must make the Data Security Response Plan available for inspection during Business Hours by Suncorp if requested by Suncorp.
(b) The Supplier must implement and maintain robust mechanisms in place to detect and respond to any actual or suspected Data Security Incidents.
(c) The Supplier must:
(i) as soon as reasonably practicableimmediately, and in any event within twenty four (24) 24 hours, inform their Suncorp representative in writing by email at xxxxxxxx@xxxxxxx.xxx.xx of (A) any actual or suspected Data Security Incident or (B) any data security incident that has been notified to other regulators in Australia or other jurisdictions. The notification given by the Supplier must, at a minimum:
A. describe the nature of the ofthe Data Security Incident and, if applicable, the categories and numbers of persons, and the categories and numbers of Personal Information records, affected or otherwise concerned;
B. include the name and contact details of the data protection officer or other relevant contact from whom more information may be obtained;
C. where available, describe the likely consequences of the Data Security Incident and any measures taken or proposed to be taken to takento address it;
(ii) regularly update Suncorp on all known details about the Data Security Incident, including details of the Suncorp Data, Personal Information and/or systems of Suncorp and/or the Supplier that have been accessed beenaccessed or compromised, whether the Data Security Incident has ceased or is ongoing, the root cause of the Data Security Incident, and any the progress of progressof any remedial actions;
(iii) immediately take all reasonable steps immediate action to stop the Data Security Incident (including where relevant by preventing access) and minimise and mitigate its effects;
(iv) retain and preserve all data critical to identifying the nature, extent and cause andcause of the Data Security Incident;
(v) follow all reasonable directions from Suncorp regarding the Data Security Incident and cooperate with Suncorp in any investigation or audit in respect of the Data Security Incident.
(d) Suncorp, acting in good faith, Suncorp is solely responsible for determining whether a Data Security Incident would be wouldbe likely to result in serious harm to any of the individuals to whom any Personal Information the subject of the actual or suspected Data Security Incident relates, and the Supplier must not disclose to any third party thirdparty (including any regulatory authority unless and only to the extent compelled to do so under any Applicable Lawauthority) the existence of or circumstances surrounding any Data Security Incident without the prior written consent of Suncorp (such consent not to be unreasonably withheld, conditioned or withheldor delayed).
Appears in 1 contract
Samples: Purchase Order Agreement
Data Security Incidents. (a) The Supplier must document, implement and maintain a plan setting out the Suppliers' policies, systems and procedures for responding to any Data Security Incident (the Data Security Response Plan). The Supplier must make the Data Security Response Plan available for inspection during Business Hours by Suncorp if requested by Suncorp.
(b) The Supplier must implement and maintain robust mechanisms in place to detect and respond to any actual or suspected Data Security Incidents.
(c) The Supplier must:
(i) as soon as reasonably practicableimmediately, and in any event within twenty four (24) 24 hours, inform their Suncorp representative in writing by email at xxxxxxxx@xxxxxxx.xxx.xx of (A) any actual or suspected Data Security Incident or (B) any data security incident that has been notified to other regulators in Australia or other jurisdictions. The notification given by the Supplier must, at a minimum:
A. describe the nature of the Data Security Incident and, if applicable, the categories and numbers of persons, and the categories and numbers of Personal Information records, affected or otherwise concerned;
B. include the name and contact details of the data protection officer or other relevant contact from whom more information may be obtained;
C. where available, describe the likely consequences of the Data Security Incident and any measures taken or proposed to be taken to address it;
(ii) regularly update Suncorp on all known details about the Data Security Incident, including details of the Suncorp Data, Personal Information and/or systems of Suncorp and/or the Supplier that have been accessed or compromised, whether the Data Security Incident has ceased or is ongoing, the root cause of the Data Security Incident, and any the progress of any remedial actions;
(iii) immediately take all reasonable steps immediate action to stop the Data Security Incident (including where relevant by preventing access) and minimise and mitigate its effects;
(iv) retain and preserve all data critical to identifying the nature, extent and cause of the Data Security Incident;
(v) follow all reasonable directions from Suncorp regarding the Data Security Incident and cooperate with Suncorp in any investigation or audit in respect of the Data Security Incident.
(d) Suncorp, acting in good faith, Suncorp is solely responsible for determining whether a Data Security Incident would be likely to result in serious harm to any of the individuals to whom any Personal Information the subject of the actual or suspected Data Security Incident relates, and the Supplier must not disclose to any third party (including any regulatory authority unless and only to the extent compelled to do so under any Applicable Lawauthority) the existence of or circumstances surrounding any Data Security Incident without the prior written consent of Suncorp (such consent not to be unreasonably withheld, conditioned withheld or delayed).
Appears in 1 contract
Samples: Purchase Order