Security Incident Response Upon becoming aware of a Security Incident, MailChimp shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.
Security Incident Notification The Transfer Agent shall promptly notify the Trust but in no event later than 72 hours following discovery of any Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Customer Confidential Information (to the extent it can be ascertained), how the Transfer Agent was affected by the Security Incident, and its response to such Security Incident. The Transfer Agent shall use continuous and diligent efforts to remedy the cause and the effects of such Security Incident in an expeditious manner and deliver to the Trust a root cause analysis and future incident Mitigation plan with regard to any such incident. The Transfer Agent shall reasonably cooperate with the Trust’s investigation and response to each Security Incident. If the Trust determines in its sole discretion that it may need or be required to notify any individual(s) as a result of a Security Incident, the Trust shall have the right to control all such notifications and the Transfer Agent shall bear all direct costs associated with the notification, to the extent the notification and corresponding actions are required by U.S. law, and subject to the limitation of liability set forth in the Agreement. Without limiting the foregoing, unless otherwise required by U.S. law, no such notifications shall be made by the Transfer Agent without the Trust’s prior written consent and the Trust shall, together with the Transfer Agent, determine the content and delivery of all such notifications. For the avoidance of doubt, the Transfer Agent shall be solely responsible for all costs and expenses, subject to the limitations of liability under the Agreement that the Trust and/or the Transfer Agent may incur to the extent that they are attributable to or arise from the Transfer Agent’s breach of its confidentiality obligations under the Agreement.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
BREACH DISCOVERY AND NOTIFICATION 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 25 law enforcement official pursuant to 45 CFR § 164.412.
Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at xxxxx://xxx.xxxxx.xx.xxx/ProgramsProviders/#Resources.
Personal Information security breach Supplier/Service Provider’s Obligations
Incident Response Operator shall have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of any portion of Data, including PII, and agrees to provide LEA, upon request, an executive summary of the written incident response plan.
Incident Reporting and Client Risk Prevention An incident report shall be created and maintained at the AGENCY for the following: in the event the AGENCY’S staff or subcontractor becomes aware of an occurrence of any incident of injury to a client receiving program services through the COUNTY, requiring medical treatment by a licensed physician; any lawsuit entered into or against the AGENCY, all allegations of any kind of abuse, neglect, or exploitation of the AGENCY’S clients with the exception of those AGENCIES whose primary function is working with those that have been abused, neglected or exploited unless the allegation is against an AGENCY staff member; media coverage relating to the media expressing an interest in a case or issue concerning a client of the AGENCY or an employee on the AGENCY premises, a fire, hostage situation, bomb threat, epidemic or any circumstance which may impact the service provision. All occurrences shall be verbally communicated directly to COUNTY staff no later than 10:00 a.m. the following business day via telephone to the COUNTY. All incident reports shall be made available to the COUNTY upon request and maintained at the AGENCY. These reporting requirements shall in no way supersede the requirements for notification of allegations of abuse/neglect/exploitations to the State of Florida Abuse Hotline, as mandated in Chapter(s) 39 and 415, Florida Statutes.
Security Breach Notifications Notice must be given by the Subrecipient to anyone whose PSCI could have been breached in accordance with HIPAA, the Information Practices Act of 1977, and State policy.
Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.
