Common use of Identity Protection Law Clause in Contracts

Identity Protection Law. Grantee must have and maintain a formal written information security program that provides safeguards to protect Confidential Information from loss, theft, and disclosure to unauthorized persons, as required by the Oregon Consumer Information Protection Act, ORS 646A.600-628. If Grantee or its agents discover or are notified of a potential or actual “Breach of Security”, as defined by ORS 646A.602(1)(a), or a failure to comply with the requirements of ORS 646A.600-628, (collectively, “Breach”) with respect to Confidential Information, Grantee must promptly but in any event within one calendar day (i) notify the Agency Grant Manager of such Breach and (ii) if the applicable Confidential Information was in the possession of Grantee or its agents at the time of such Breach, Grantee must (a) investigate and remedy the technical causes and technical effects of the Breach and (b) provide Agency with a written root cause analysis of the Breach and the specific steps Grantee will take to prevent the recurrence of the Breach or to ensure the potential Breach will not recur. For the avoidance of doubt, if Agency determines notice is required of any such Breach to any individual(s) or entity(ies), Agency will have sole control over the timing, content, and method of such notice, subject to Grantee’s obligations under applicable law.

Identity Protection Law. Grantee must have and maintain a formal written information security program that provides safeguards to protect Confidential Information from loss, theft, and disclosure to unauthorized persons, as required by the Oregon Consumer Information Protection Act, ORS 646A.600-646A.600- 628. If Grantee or its agents discover or are notified of a potential or actual “Breach of Security”, as defined by ORS 646A.602(1)(a), or a failure to comply with the requirements of ORS 646A.600-628, (collectively, “Breach”) with respect to Confidential Information, Grantee must promptly but in any event within one calendar day (i) notify the Agency Grant Manager of such Breach and (ii) if the applicable Confidential Information was in the possession of Grantee or its agents at the time of such Breach, Grantee must (a) investigate and remedy the technical causes and technical effects of the Breach and (b) provide Agency with a written root cause analysis of the Breach and the specific steps Grantee will take to prevent the recurrence of the Breach or to ensure the potential Breach will not recur. For the avoidance of doubt, if Agency determines notice is required of any such Breach to any individual(s) or entity(ies), Agency will have sole control over the timing, content, and method of such notice, subject to Grantee’s obligations under applicable law.

Identity Protection Law. Grantee must have and maintain a maintaina formal written information writteninformation security program that provides safeguards to protect Confidential Information from loss, theft, and disclosure to unauthorized persons, as required by the Oregon Consumer Information Protection Act, ORS 646A.600-628. If Grantee or its agents discover or are notified of a potential or actual “Breach of Security”, as defined by ORS 646A.602(1)(a), or a failure to comply with the requirements of ORS 646A.600-628, (collectively, “Breach”) with respect to Confidential Information, Grantee must promptly but in any inany event within one calendar day (i) notify the Agency Grant Manager of such Breach and (ii) if the applicable Confidential Information was in the possession of Grantee or its agents at the time of such Breach, Grantee must (a) investigate and remedy the technical causes and technical effects of the Breach and (b) provide Agency with a written root cause analysis of the Breach and the specific steps Grantee will take to prevent the recurrence of the Breach or to ensure the potential Breach will not recur. For the avoidance of doubt, if Agency determines notice is noticeis required of any such Breach to any individual(s) or anyindividual(s)or entity(ies), Agency will have sole control over the timing, content, and method of such notice, subject to Grantee’s obligations under applicable underapplicable law.

Identity Protection Law. Grantee must have and maintain a formal written information security program that provides safeguards to protect Confidential Information from loss, theft, and disclosure to unauthorized persons, as required by the Oregon Consumer Information Protection Act, ORS 646A.600-628. If Grantee or its agents discover or are notified of a potential or actual “"Breach of Security”', as defined by ORS 646A.602(1)(a), or a failure to comply with the requirements of ORS 646A.600-628, (collectively, “"Breach”") with respect to Confidential Information, Grantee must promptly but in any event within one calendar day (i) notify the Agency Grant Manager of such Breach and (ii) if the applicable Confidential Information was in the possession of Grantee or its agents at the time of such Breach, Grantee must (a) investigate and remedy the technical causes and technical effects of the Breach and (b) provide Agency with a written root cause analysis of the Breach and the specific steps Grantee will take to prevent the recurrence of the Breach or to ensure the potential Breach will not recur. For the avoidance of doubt, if Agency determines notice is required of any ofany such Breach to any individual(sindividual (s) or entity(ies), Agency will have sole control over the timing, content, and method of such notice, subject to Grantee’s 's obligations under applicable law.