Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
Documenting and Reporting Breaches 6.1 Business Associate shall report to Covered Entity any Breach of Unsecured PHI, including Breaches reported to it by a Subcontractor, as soon as it (or any of its employees or agents) becomes aware of any such Breach, and in no case later than two (2) business days after it (or any of its employees or agents) becomes aware of the Breach, except when a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security. 6.2 Business Associate shall provide Covered Entity with the names of the individuals whose Unsecured PHI has been, or is reasonably believed to have been, the subject of the Breach and any other available information that is required to be given to the affected individuals, as set forth in 45 CFR § 164.404(c), and, if requested by Covered Entity, information necessary for Covered Entity to investigate the impermissible use or disclosure. Business Associate shall continue to provide to Covered Entity information concerning the Breach as it becomes available to it. Business Associate shall require its Subcontractor(s) to agree to these same terms and conditions. 6.3 When Business Associate determines that an impermissible acquisition, use or disclosure of PHI by a member of its workforce is not a Breach, as that term is defined in 45 CFR § 164.402, and therefore does not necessitate notice to the impacted individual(s), it shall document its assessment of risk, conducted as set forth in 45 CFR § 402(2). When requested by Covered Entity, Business Associate shall make its risk assessments available to Covered Entity. It shall also provide Covered Entity with 1) the name of the person(s) making the assessment, 2) a brief summary of the facts, and 3) a brief statement of the reasons supporting the determination of low probability that the PHI had been compromised. When a breach is the responsibility of a member of its Subcontractor’s workforce, Business Associate shall either 1) conduct its own risk assessment and draft a summary of the event and assessment or 2) require its Subcontractor to conduct the assessment and draft a summary of the event. In either case, Business Associate shall make these assessments and reports available to Covered Entity. 6.4 Business Associate shall require, by contract, a Subcontractor to report to Business Associate and Covered Entity any Breach of which the Subcontractor becomes aware, no later than two (2) business days after becomes aware of the Breach.
Environmental Compliance and Reports Borrower shall comply in all respects with any and all Environmental Laws; not cause or permit to exist, as a result of an intentional or unintentional action or omission on Borrower’s part or on the part of any third party, on property owned and/or occupied by Borrower, any environmental activity where damage may result to the environment, unless such environmental activity is pursuant to and in compliance with the conditions of a permit issued by the appropriate federal, state or local governmental authorities; shall furnish to Lender promptly and in any event within thirty (30) days after receipt thereof a copy of any notice, summons, lien, citation, directive, letter or other communication from any governmental agency or instrumentality concerning any intentional or unintentional action or omission on Borrower’s part in connection with any environmental activity whether or not there is damage to the environment and/or other natural resources. Additional Assurances. Make, execute and deliver to Lender such promissory notes, mortgages, deeds of trust, security agreements, assignments, financing statements, instruments, documents and other agreements as Lender or its attorneys may reasonably request to evidence and secure the Loans and to perfect all Security Interests.
Environmental, Health and Safety Matters (a) Comply in all material respects with all applicable Environmental Laws, including, without limitation, obtaining and complying with and maintaining any and all licenses, approvals, notifications, registrations or permits required by applicable Environmental Laws. For purposes of this Section 5.12(a), material noncompliance by the Company, any of its Subsidiaries or any tenant or subtenant, with any applicable Environmental Law shall be deemed not to constitute a breach of this covenant provided that, upon learning of any actual or suspected material noncompliance, the Company and the relevant Subsidiaries shall promptly undertake all reasonable efforts to achieve material compliance (or contest in good faith by appropriate proceedings the alleged violation or applicable Environmental Law at issue and (to the extent required by GAAP) provide on the books of the Company or any of its Subsidiaries, as the case may be, reserves in accordance with GAAP with respect thereto), and provided further that, in any case, such noncompliance, and any other noncompliance with applicable Environmental Law, individually or in the aggregate, could not reasonably be expected to have a Material Adverse Effect. (b) Promptly comply in all material respects with all lawful orders and directives of all Governmental Authorities regarding applicable Environmental Laws, except to the extent that the validity thereof is currently being contested in good faith by appropriate proceedings and (to the extent required by GAAP) reserves in accordance with GAAP with respect thereto have been provided on the books of the Company or any of its Subsidiaries, as the case may be. (c) Defend, indemnify and hold harmless the Administrative Agent and the Lenders, and their respective parents, subsidiaries, affiliates, employees, agents, officers and directors, from and against any claims, demands, penalties, fines, liabilities, settlements, damages, costs and expenses of whatever kind or nature, known or unknown, contingent or otherwise, arising out of, or in any way relating to the violation of, noncompliance with or liability under any Environmental Laws applicable to the Company or any of its Subsidiaries or any of their respective operations or properties, or any orders, requirements or demands of Governmental Authorities related thereto, including, without limitation, attorney’s and consultant’s fees, investigation and laboratory fees, response costs, court costs and litigation expenses, except to the extent that any of the foregoing arise out of the gross negligence or willful misconduct of (or, as determined pursuant to a claim initiated by the Company, breach in bad faith of its express obligations under the applicable Loan Documents by) the party seeking indemnification therefor, in each case, as determined by a final non-appealable judgment by a court of competent jurisdiction. This indemnity shall continue in full force and effect regardless of the termination of this Agreement.
ACCESS TO SECURITY LOGS AND REPORTS Upon request, the Contractor shall provide access to security logs and reports to the State or Authorized User in a format as specified in the Authorized User Agreement.
BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the
Credit Reporting; Gramm-Leach-Bliley Act (a) With respect to each Mortgage Loan, each Sexxxxxx xxxxxx xx xully furnish, in accordance with the Fair Credit Reporting Act and its implementing regulations, accurate and complete information (e.g., favorable and unfavorable) on its borrower credit files to Equifax, Experian and TransUnion Credit Information Company (three of the credit repositories), on a monthly basis. (b) Each Servicer shall comply with Title V of the Gramm-Leach-Bliley Act of 1999 and all applicable regulations promulgatxx xxxxxxxxxx, xxxating to the Mortgage Loans required to be serviced by it and the related borrowers and shall provide all required notices thereunder.
Subsidy Requests and Reporting Requirements 1. The Grantee or Management Company shall complete a CRF Subsidy Request Report - Recap of Tenant Income Certification, which provides a unit-by-unit listing of all units in the Development for whom assistance is being requested and gives detailed information including the occupants’ eligibility, set-aside requirements, amount of household rent paid, utility allowance and amount of CRF Rental Subsidy requested. 2. The CRF Subsidy Request Report - Recap of Tenant Income Certification shall be prepared as of the last day of each calendar month during the period of performance and shall be submitted to XXXXxxxxxxxx@XxxxxxxXxxxxxx.xxx and Florida Housing’s monitoring agent no later than the 15th day of the following month. The December 2020 request will be due on or before December 15th. The Grantee will submit executed Coronavirus Relief Fund Rental Assistance Applications and supporting documentation to Florida Housing’s monitoring agent within 5 days upon the monitoring agent’s request.
Environmental and Safety Matters (a) The Company and its Subsidiaries have at all times complied in all material respects with all applicable Environmental and Safety Requirements, which compliance has included obtaining and complying in all material respects at all times with all material permits, licenses and other authorizations required pursuant to Environmental and Safety Requirements for the occupation of their facilities and the operation of their respective businesses. (b) Except as set forth in Section 4.27(b) of the Disclosure Schedule, since February 19, 2008, neither the Company nor any of its Subsidiaries has received any notice, report, order, or directive regarding any, and is not subject to any litigation, proceedings or order regarding any, actual or alleged violation of Environmental and Safety Requirements, or any liability or potential liability arising under Environmental and Safety Requirements, in effect prior to and as of the date of the applicable Closing, relating to the business, the Owned Real Property or Leased Real Property. (c) Except as set forth in Section 4.27(c) of the Disclosure Schedule, neither the Company nor any of its Subsidiaries has treated, stored, disposed of, arranged for or permitted the disposal of, transported, handled, released, or exposed any Person to, any substance (including without limitation any hazardous substance), owned or operated any property or facility which is or has been contaminated by any substance, so as to give rise to any current or future liabilities under any Environmental and Safety Requirements in effect at the time of such treatment, storage, disposal, transportation, handling, release or exposure. (d) Except as set forth in Section 4.27(d) of the Disclosure Schedule, neither the Company nor any of its Subsidiaries has assumed, undertaken, or provided any indemnity with respect to, any liability of any other Person relating to Environmental and Safety Requirements. (e) The Company has furnished to Investor true and correct copies of all environmental audits, reports, assessments and all other documents materially bearing on environmental, health or safety liabilities relating to the past or current operations or facilities of the Company and all of its Subsidiaries, in each case which are in its possession or under its reasonable control.
