Investigation of Breach and Security Incidents. The Agency shall immediately investigate such breach or security incident. As soon as the information is known and shall inform the City of: i. what data elements were involved, and the extent of the data disclosure or access involved in the breach, including, specifically, the number of individuals whose personal information was breached; and ii. a description of the unauthorized persons known or reasonably believed to have improperly used the City Data and/or a description of the unauthorized persons known or reasonably believed to have improperly accessed or acquired the City Data, or to whom it is known or reasonably believed to have had the City Data improperly disclosed to them; and iii. a description of where the City Data is believed to have been improperly used or disclosed; and iv. a description of the probable and proximate causes of the breach or security incident; and v. whether any federal or state laws requiring individual notifications of breaches have been triggered.
Appears in 5 contracts
Samples: Grant Agreement, Contract Agreement, Agreement Between the City and County of San Francisco and Health Management Associates, Inc.
