Loss or Compromise of Data. In the event of any act, error or omission, negligence, misconduct, or breach on the part of Supplier that compromises or is suspected to compromise the security or confidentiality of University Data or the physical, technical, administrative, or organizational safeguards put in place by Supplier that relate to the protection of the security and confidentiality of University Data, Supplier must, as applicable: (a) notify the University as soon as practicable but no later than forty-eight (48) hours of becoming aware of such occurrence; (b) cooperate with the University in investigating the occurrence, including making available all relevant records, logs, files, data reporting, and other materials required to comply with applicable law or as otherwise required by the University; (c) in the case of personally identifiable information (“PII”), at the University’s sole election, (i) with approval and assistance from the University, notify the affected individuals who comprise the PII as soon as practicable but no later than is required to comply with applicable law; or (ii) reimburse the University for any costs in notifying the affected individuals; (d) in the case of PII, and if required by law, provide third- party credit and identity monitoring services to each of the affected individuals who comprise the PII for the period required to comply with applicable law; (e) perform or take any other actions required to comply with applicable law as a result of the occurrence; (f) pay for any costs associated with the occurrence, including but not limited to any costs incurred by the University in investigating and resolving the occurrence, including reasonable attorney’s fees associated with such investigation and resolution;
Appears in 5 contracts
Samples: Master Service Agreement, Master Service Agreement, Master Service Agreement