Common use of Incident notification requirements Clause in Contracts

Incident notification requirements. The operator will address any incident notifications to the responsible party’s employee whose contact details are set out in Annexure 1 of this agreement and should contain the following information to assist the responsible party in fulfilling its obligations under applicable data protection laws: 13.3.1. a description of the nature of the incident, including where possible the categories and approximate number of data subjects and personal information records concerned. 13.3.2. a description of the measures that the operator intends to take or has taken to address the security compromise. 13.3.3. the name and contact details of the operator’s data protection officer or another contact point where the responsible party can obtain more information; and 13.3.4. a description of the likely consequences of the incident. 13.3.5. If known to the operator, the identity of the unauthorised person who may have accessed or acquired the personal information. 13.3.6. Such notification shall not be construed as an admission of fault or liability by the operator.