Common use of INFORMATION SECURITY BREACH AND NOTIFICATION ACT Clause in Contracts

INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Contractor agrees to be responsible for the Department’s obligation to comply with the provisions of Section 208 of the State Technology Law,, commonly known as the Information Security Breach and Notification Act (the “ISBNA” or “Act”), and any future amendments thereto, to the extent an information security breach occurs as a result of the acts or omissions of the Contractor, including being responsible to pay all costs associated with and/or incurred because of the breach.. Contractor shall comply with all obligations imposed by the Act on the Department with respect to any breach of “private information” (as defined in the Act) used, received, handled, processed, uploaded, stored, or maintained by Contractor on behalf of the Department under this Agreement (“Department Information”). In the event of a “breach of the security of the system” (as defined by the Act), Contractor shall immediately notify the Department upon Contractor’s discovery or receipt of notification of such breach. Such notice to the Department shall be made by contacting the Information Security Office by email to: XXX.Xxxx@xxx.xx.xxx. Contractor shall immediately commence an investigation, in cooperation with the Department, to determine the scope of the breach and to restore the security of the system. To the extent the Department determines that further notifications are required to be sent out pursuant to the Act, Contractor shall be responsible for providing such notifications to all required recipients including, in accordance with New York State policy NYS-PO3-002, non-New York State residents whose private information is reasonably believed to have been exposed as a result of the breach. All costs associated with providing breach notifications shall be borne by the Contractor. It is expressly agreed that Contractor shall be obligated to receive authorization from the Department prior to making additional notifications hereunder to any individuals, the State Office of Information Technology Services, the State Consumer Protection Board, the Attorney General’s Office or any consumer reporting agencies of a breach of the security of the system, or concerning making any determination to delay notifications due to law enforcement investigations. Contractor agrees that the Department shall have final approval over the form, content, mode of transmission, and timing of any notice to be provided concerning a breach of the security of the Department Information. Nothing contained herein shall be interpreted as reducing or altering Contractor’s own obligations under section 899-aa of the General Business Law if such breach also involves other private information unrelated to this Agreement.

INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Contractor agrees to be responsible for the Department’s obligation to comply with the provisions of Section 208 Chapter 442 of the State Technology Law,Laws of 2005, as amended by Chapter 491 of the Laws of 2005, commonly known as the Information Security Breach and Notification Act (the “ISBNA” or “Act”), and any future amendments thereto, to the extent an information security breach occurs as a result of the acts or omissions of the Contractor, including being responsible to pay all costs associated with and/or incurred because of the breach.. . Contractor shall comply with all obligations imposed by the Act on notice provisions of the Department ISBNA with respect to any breach of computerized “private information” (as defined in the Act) used, received, handled, processed, uploaded, stored, or maintained by Contractor on behalf of the Department State under this Agreement (hereinafter, “Department State Information”). In the event of a “breach of the security of the system” (as defined by the Act), Contractor shall immediately notify the Department State upon Contractor’s discovery or receipt of notification of such breach. Such notice to the Department State shall be made by contacting the State’s Information Security Office by email to: XXX.Xxxx@xxx.xx.xxxXxxxxxxxxxx_Xxxxxxxx_Xxxxxx@xxx.xx.xxx. Contractor shall immediately commence an investigation, in cooperation with the DepartmentState, to determine the scope of the breach and to restore the security of the system. To the extent the Department State determines that further notifications are required to be sent out pursuant to the Act, Contractor shall be responsible for providing such notifications to all required recipients including, in accordance with New York State policy NYS-PO3-002policy, non-New York State residents whose private information is reasonably believed to have been exposed as a result of the breach. All , and all costs associated with providing breach notifications such notices shall be borne by the Contractor. It is expressly agreed that Contractor shall be obligated to receive authorization from the Department State prior to making additional any notifications hereunder to any individuals, the State Office of Information Technology Services, the State Consumer Protection Board, the Attorney General’s Office or any consumer reporting agencies of a breach of the security of the system, or concerning making any determination to delay notifications due to law enforcement investigations. Contractor agrees that the Department State shall have final approval over the form, content, mode of transmission, and timing of any notice to be provided concerning a breach of the security of the Department State Information. Nothing contained herein shall be interpreted as reducing or altering Contractor’s own obligations under section 899-aa of the General Business Law if such breach also involves other private information unrelated to this AgreementLaw.