INFORMATION SECURITY BREACH AND NOTIFICATION ACT Sample Clauses

INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/
AutoNDA by SimpleDocs
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. 208 of the State Technology Law (STL) and § 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or Debit Card number plus security code, access code or password which permits access to an individual's financial account, shall disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected shall occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York shall also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxxx://xxx.xx.xxx/eiso.
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Contractor agrees to be responsible for the Department’s obligation to comply with the provisions of Section 208 of the State Technology Law,, commonly known as the Information Security Breach and Notification Act (the “ISBNA” or “Act”), and any future amendments thereto, to the extent an information security breach occurs as a result of the acts or omissions of the Contractor, including being responsible to pay all costs associated with and/or incurred because of the breach.. Contractor shall comply with all obligations imposed by the Act on the Department with respect to any breach of “private information” (as defined in the Act) used, received, handled, processed, uploaded, stored, or maintained by Contractor on behalf of the Department under this Agreement (“Department Information”). In the event of abreach of the security of the system” (as defined by the Act), Contractor shall immediately notify the Department upon Contractor’s discovery or receipt of notification of such breach. Such notice to the Department shall be made by contacting the Information Security Office by email to: XXX.Xxxx@xxx.xx.xxx. Contractor shall immediately commence an investigation, in cooperation with the Department, to determine the scope of the breach and to restore the security of the system. To the extent the Department determines that further notifications are required to be sent out pursuant to the Act, Contractor shall be responsible for providing such notifications to all required recipients including, in accordance with New York State policy NYS-PO3-002, non-New York State residents whose private information is reasonably believed to have been exposed as a result of the breach. All costs associated with providing breach notifications shall be borne by the Contractor. It is expressly agreed that Contractor shall be obligated to receive authorization from the Department prior to making additional notifications hereunder to any individuals, the State Office of Information Technology Services, the State Consumer Protection Board, the Attorney General’s Office or any consumer reporting agencies of a breach of the security of the system, or concerning making any determination to delay notifications due to law enforcement investigations. Contractor agrees that the Department shall have final approval over the form, content, mode of transmission, and timing of any notice to be provided concerning a breach of the security of the Department Information. Nothing contained her...
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. ‌ The Offeror shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa and State Technology Law, Section 208). The Offeror shall be liable for the costs associated with such breach if caused by its negligent or willful acts or omissions, or the negligent or willful acts or omissions of its agents, officers, employees or subcontractors.
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/ On February 12, 2007 the Diesel Emissions Reduction Act took effect as law (the “Law”). Pursuant to new §19‑0323 of the N.Y. Environmental Conservation Law (“NYECL”) it is now a requirement that heavy duty diesel vehicles in excess of 8,500 pounds use the best available retrofit technology (“BART”) and ultra low sulfur diesel fuel (“ULSD”). The requirement of the Law applies to all vehicles owned, operated by or on behalf of, or leased by State agencies and State or regional public authorities. They need to be operated exclusively on ULSD by February 12, 2007. It also requires that such vehicles owned, operated by or on behalf of, or leased by State agencies and State or regional public authorities with more than half of its governing body appointed by the Governor utilize BART. As a contract vendor the Law may be applicable to vehicles used by contract vendors “on behalf of” State agencies and public authorities. Thirty‑three percent (33%) of affected vehicles must have BART by Dec...
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. To the extent applicable to the Contract, the Contracting Party shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208, as each such provision may hereafter be amended). April 8, 2013 APPENDIX C
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. To the extent applicable to the Contract, the Contracting Party shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208, as each such provision may hereafter be amended). April 8, 2013 It is the policy of the Office of the State Comptroller (“OSC”) to provide a workplace that is free of discrimination and harassment based on race, color, sex (including sexual orientation, self-identified or perceived sex, gender expression, gender identity and the status of being transgender), creed or religion, age, national origin, disability, marital status, military or veteran status, predisposing genetic characteristics, domestic violence victim status or any other classification protected by state or federal law, rule or regulation or executive order. Discrimination is defined as the failure or refusal to hire, promote, or train an individual or treat that individual equally with respect to compensation, terms, conditions or privileges of employment because of that individual’s membership in any one of the above classes. Harassment based upon a person’s membership in any of the above classes is included within the definition of discrimination. In keeping with its policies, OSC reaffirms that it will not tolerate such discrimination or harassment in its workplace and that it will take appropriate action to prevent and stop the occurrence of such conduct in its workplace. OSC employees and any third parties who interact with OSC employees in the workplace are expected to avoid any behavior or conduct that could be interpreted as discrimination/harassment based on membership in any of the above classes. Examples of conduct that may constitute harassment based upon membership in one of the above classes include, but are not limited to: kidding or teasing related to membership in, or characteristic of one of the above classes, such as laughing at or mimicking someone’s physical or mental impairment, foreign accent, etc.; using ethnic or racial slurs; conduct that denigrates or shows hostility toward an individual because of protected class status, and that has the purpose or effect of creating an intimidating, hostile or offensive environment; and telling jokes that belittle a member or members of one of the above classes. Sexual harassment, a form of discrimination, is defined as unwelcome conduct which is either of a sexual nature, or which is directed ...
AutoNDA by SimpleDocs
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. The Contractor agrees to be responsible for the State’s obligation to comply with provisions of Section 208 of the State Technology Law, commonly known as the Information Security Breach and Notification Act (the “ISBNA” or “Act”), and any future amendments thereto, to the extent an information security breach occurs as a result of the acts or omissions of the Contractor, including being responsible to pay all costs associated with and/or incurred because of the breach. The Contractor shall comply with all obligations imposed by the Act on the State with respect to any breach of “private information” (as defined in the Act) used, received, handled, processed, uploaded, stored, or maintained by the Contractor on behalf of the State under this Agreement (“Department Information”). In the event of abreach of the security of the system” (as defined by the Act), the Contractor shall immediately notify the Department upon the Contractor’s discovery or receipt of notification of such breach. Such notice to the Department shall be made by contacting the Information Security Office by e-mail to: XXX.Xxxx@xxx.xx.
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York State who own or license computerized data which includes private information including an individual's unencrypted personal information plus one (1) or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: Office of the Attorney General and the Department of State and the State Office of Information Technology Services (for Section 208 only), and the State Police (for Section 899 Only). Information relative to the law and the notification process is available at: xxxxx://xxx.xx.xxx/incident-reporting.

Related to INFORMATION SECURITY BREACH AND NOTIFICATION ACT

  • COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).

  • COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.

  • Personal Information security breach Supplier/Service Provider’s Obligations a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data. b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

  • Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include: a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.

  • Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.

  • Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and its respective Subsidiaries may presently have and, after the Effective Time, may gain access to or possession of confidential or proprietary Information of, or personal Information relating to, Third Parties: (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or the other Party’s Subsidiaries, on the other hand, prior to the Effective Time or (ii) that, as between the two parties, was originally collected by the other Party or the other Party’s Subsidiaries and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause its Subsidiaries and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary Information of, or personal Information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or the other Party’s Subsidiaries, on the one hand, and such Third Parties, on the other hand.

  • Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Data Protection Act 7.1 With respect to the parties' rights and obligations under this Contract, the parties agree that the Department is the Data Controller and that the Contractor is the Data Processor. 7.2 The Contractor shall: 7.2.1 Process the Personal Data only in accordance with instructions from the Department (which may be specific instructions or instructions of a general nature as set out in this Contract or as otherwise notified by the Department to the Contractor during the Term); 7.2.2 Process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; 7.2.3 The Contractor shall employ appropriate organisational, operational and technological processes and procedures to keep the Personal Data safe from unauthorised use or access, loss, destruction, theft or disclosure. The organisational, operational and technological processes and procedures adopted are required to comply with the requirements of ISO/IEC 27001 as appropriate to the services being provided to the Department; 7.2.4 Take reasonable steps to ensure the reliability of any Contractor Personnel who have access to the Personal Data; 7.2.5 Obtain prior written consent from the Department in order to transfer the Personal Data to any Sub-contractors or Affiliates for the provision of the Services; 7.2.6 Ensure that all Contractor Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this clause 7; 7.2.7 Ensure that none of Contractor Personnel publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Department; 7.2.8 Notify the Department within five Working Days if it receives: a request from a Data Subject to have access to that person's Personal Data; or a complaint or request relating to the Department's obligations under the Data Protection Legislation; 7.2.9 Provide the Department with full cooperation and assistance in relation to any complaint or request made, including by: - providing the Department with full details of the complaint or request; - complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Department's instructions; - providing the Department with any Personal Data it holds in relation to a Data Subject (within the timescales required by the Department); and - providing the Department with any information requested by the Department; 7.2.10 Permit the Department or the Department’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit the Contractor's data Processing activities (and/or those of its agents, subsidiaries and Sub-contractors) and comply with all reasonable requests or directions by the Department to enable the Department to verify and/or procure that the Contractor is in full compliance with its obligations under this Contract; 7.2.11 Provide a written description of the technical and organisational methods employed by the Contractor for processing Personal Data (within the timescales required by the Department) to be used solely for the purposes of this contract and provided that to do so would not be in breach of the Intellectual Property Rights (including Copyright) of a third party; and 7.2.12 Not process Personal Data outside the European Economic Area without the prior written consent of the Department and, where the Department consents to a transfer, to comply with: - the obligations of a Data Controller under the Eighth Data Protection Principle set out in Schedule 1 of the Data Protection Act 1998 by providing -an adequate level of protection to any Personal Data that is transferred; and - any reasonable instructions notified to it by the Department. 7.3 The Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this Contract in such a way as to cause the Department to breach any of its applicable obligations under the Data Protection Legislation.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!