Notification of Xxxxxx and Unauthorized Release (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting Xxxxxx Xxx, Data Protection Officer, directly by email at xxxxxx.xxx@xxxxx.xxx or by calling 000-000-0000.
(c) Vendor will cooperate with the District and provide as much information as possible directly to Xxxxxx Xxx, Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform Xxxxxx Xxx, Data Protection Officer or his/her designee.
Authorized Uses The Participating Institutions and the Authorized Users may make all use of the Licensed Materials as is consistent with the applicable law and with this Agreement, including but not limited to the following licensing conditions ("Authorized Uses"). In addition, the Licensed Materials may be used for purposes of research, education or other non-commercial use as particularly follows:
Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.
Authorized User You may request us to issue a Card to an individual who has no financial responsibility under this Agreement. An Authorized User has the same access to your Account as you do, subject to any limitations we may impose. An Authorized User has no authority to add or delete Cardholders, request a replacement Card or terminate or modify this Agreement. You may terminate an Authorized User’s authority to access your Account at any time. To do this, you must return the Card to PenFed. You agree that you are responsible for all charges and cash advances made by an Authorized User, including charges made before the Card is returned, recurring charges, or charges made without the use of the Card initiated by the Authorized User after termination of the Authorized User’s access.
Unauthorized Work The contractor is not authorized at any time to commence task order performance prior to issuance of a signed TO or other written approval provided by the CO to begin work.
Unauthorized Access Using service to access, or to attempt to access without authority, the accounts of others, or to penetrate, or attempt to penetrate, security measures of Company’s or a third party’s computer software or hardware, electronic communications system, or telecommunications system, whether or not the intrusion results in disruption of service or the corruption or loss of data.
Authorized Access Transfer Agent shall have controls that are designed to maintain the logical separation such that access to systems hosting Fund Data and/or being used to provide services to Fund will uniquely identify each individual requiring access, grant access only to authorized personnel based on the principle of least privileges, and prevent unauthorized access to Fund Data.
Publicity and Use of Trademarks or Service Marks 34.1 A Party, its Affiliates, and their respective contractors and Agents, shall not use the other Party’s trademarks, service marks, logos or other proprietary trade dress, in connection with the sale of products or services, or in any advertising, press releases, publicity matters or other promotional materials, unless the other Party has given its written consent for such use, which consent the other Party may grant or withhold in its sole discretion.
34.2 Neither Party may imply any direct or indirect affiliation with or sponsorship or endorsement of it or its services or products by the other Party.
34.3 Any violation of this Section 34 shall be considered a material breach of this Agreement.
Authorized Use The Student Data shared pursuant to the Service Agreement, including persistent unique identifiers, shall be used for no purpose other than the Services outlined in Exhibit A or stated in the Service Agreement and/or otherwise authorized under the statutes referred to herein this DPA.
No Unauthorized Use Provider shall not use Student Data or information in a Pupil Record for any purpose other than as explicitly specified in this DPA.
