Eligibility Data Breaches Sample Clauses

Eligibility Data Breaches. 1. Promptly and no later than 7 days upon becoming aware of an actual or suspected Cyber Breach in relation to the Customer's technology environment, the Customer will: (a) immediately investigate, or procure the investigation of, the Cyber Breach; (b) make an assessment if the Cyber Breach amounts to an Eligible Data Breach and notify Supplier of the following: (i) the reasons why the Customer considers that a reasonable person would or would not conclude that the Cyber Breach is an Eligible Data Breach; (ii) whether the Customer will issue any statements to the affected individuals and the Office of the Australian Information Commissioner; and (c) if there are reasonable grounds to believe that the Cyber Breach amounts to an Eligible Data Breach, prepare statements in accordance with section 26WK of Part IIIC of the Privacy Act and issue the statements to the affected individuals and the Office of the Australian Information Commissioner of the Cyber Breach. 2. On receipt of the notification from the Customer under clause 1(b) that the Customer will not be issuing any statements to the affected individuals and the Office of the Australian Information Commissioner, Supplier may: (a) investigate the Cyber Breach itself; (b) make an assessment if the Cyber Breach amounts to an Eligible Data Breach and notify the Customer of its reason by the Cyber Breach is an Eligible Data Breach; and (c) if Supplier considers that there are reasonable grounds to believe that the Cyber Breach amounts to an Eligible Data Breach, Supplier will prepare statements in accordance with section 26WK of Part IIIC of the Privacy Act and issue the statements to the affected individuals and the Office of the Australian Information Commissioner of the Cyber Breach on behalf of itself and the Customer. 3. The Customer will reimburse Supplier on demand for all reasonable costs incurred by Supplier in connection with clause 2.