Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request. In addition to the requirements set forth in any applicable Business Associate Agreement as may be attached to this Contract, in the event of any actual security breach or reasonable belief of an actual security breach the Contractor either suffers or learns of that either compromises or could compromise State Data (a “Security Breach”), the Contractor shall notify the State within 24 hours of its discovery. Contractor shall immediately determine the nature and extent of the Security Breach, contain the incident by stopping the unauthorized practice, recover records, shut down the system that was breached, revoke access and/or correct weaknesses in physical security. Contractor shall report to the State: (i) the nature of the Security Breach; (ii) the State Data used or disclosed; (iii) who made the unauthorized use or received the unauthorized disclosure; (iv) what the Contractor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure; and (v) what corrective action the Contractor has taken or shall take to prevent future similar unauthorized use or disclosure. The Contractor shall provide such other information, including a written report, as reasonably requested by the State. Contractor shall analyze and document the incident and provide all notices required by applicable law. In accordance with Section 9 V.S.A. §2435(b)(3), the Contractor shall notify the Office of the Attorney General, or, if applicable, Vermont Department of Financial Regulation (“DFR”), within fourteen (14) business days of the Contractor’s discovery of the Security Breach. The notice shall provide a preliminary description of the breach. The foregoing notice requirement shall be included in the subcontracts of any of Contractor’s subcontractors, affiliates or agents which may be “data collectors” hereunder. The Contractor agrees to fully cooperate with the State and assume responsibility at its own expense for the following, to be determined in the sole discretion of the State: (i) notice to affected consumers if the State determines it to be appropriate under the circumstances of any particular Security Breach, in a form recommended by the AGO; and (ii) investigation and remediation associated with a Security Breach, including but not limited to, outside investigation, forensics, counsel, crisis management and credit monitoring, in the sole determination of the State. The Contractor agrees to comply with all applicable laws, as such laws may be amended from time to time (including, but not limited to, Chapter 62 of Title 9 of the Vermont Statutes and all applicable State and federal laws, rules or regulations) that require notification in the event of unauthorized release of personally-identifiable information or other event requiring notification. In addition to any other indemnification obligations in this Contract, the Contractor shall fully indemnify and save harmless the State from any costs, loss or damage to the State resulting from a Security Breach or the unauthorized disclosure of State Data by the Contractor, its officers, agents, employees, and subcontractors.
ADMINISTRATIVE AND REPORTING REQUIREMENTS Contractor shall furnish a report of all services provided under the Contract during each quarterly period, no later than the 15th of the month following the close of each quarter. Purchases by Non-State agencies, political subdivisions and others authorized by law shall be reported in the same report and indicated as required. A template for such report is included herein as Attachment 5 – Report of Contract Usage. The report must be submitted electronically via electronic mail utilizing the template provided. All fields of information shall be accurate and complete. The report is to be submitted electronically in Microsoft Excel 2007 or 2003 (or as otherwise directed by OGS), via electronic mail to the attention of the individual identified on the front page of the Contract Award Notification and shall reference the Group Number, the Award Number, Contract Number, sales period, and Contractor’s (or other authorized agent) name, and all other fields required, using the report template provided. OGS reserves the right to amend the report template. Additional related sales information and/or detailed Authorized User purchases may be required by OGS and must be supplied within 30 days upon request.
COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).
Documenting and Reporting Breaches 6.1 Business Associate shall report to Covered Entity any Breach of Unsecured PHI, including Breaches reported to it by a Subcontractor, as soon as it (or any of its employees or agents) becomes aware of any such Breach, and in no case later than two (2) business days after it (or any of its employees or agents) becomes aware of the Breach, except when a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security.
ABSENCE FROM WORK AND REPORTING 17.01 If an employee is unable to report for work, he/she shall give the Employer a minimum of four (4) hours notice. In case of day shift work, this time element shall be one (1) hour. If notice is not given within the required time, the employee shall not be entitled to his/her sick pay on the first day of illness.
FAILURE TO MEET REPORTING OBLIGATIONS 14.1 Should the Licensee fail to furnish the Licence Parameter Return referred to in clause 13.1 above within the required time period, SAMRO will be entitled to invoice the Licensee based on the licence parameters upon which the preceding invoice was based.
ACCESS TO SECURITY LOGS AND REPORTS Upon request, the Contractor shall provide access to security logs and reports to the State or Authorized User in a format as specified in the Authorized User Agreement.
Data Protection Act Compliance E2.1 The Contractor shall (and shall ensure that all of its Staff) comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with the Contract.
Implementation of and Reporting on the Project A. The Grantee shall implement and complete the Project in accordance with Exhibit A and with the plans and specifications contained in its Grant Application, which is on file with the State and is incorporated by reference. Modification of the Project shall require prior written approval of the State.
BREACH DISCOVERY AND NOTIFICATION 23 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 24 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 25 law enforcement official pursuant to 45 CFR § 164.412.
