Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include:
a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and
b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.
Mitigation and Corrective Action Business Associate shall mitigate, to the extent practicable, any harmful effect that is known to it of an impermissible use or disclosure of PHI, even if the impermissible use or disclosure does not constitute a Breach. Business Associate shall draft and carry out a plan of corrective action to address any incident of impermissible use or disclosure of PHI. If requested by Covered Entity, Business Associate shall make its mitigation and corrective action plans available to Covered Entity. Business Associate shall require a Subcontractor to agree to these same terms and conditions.
Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Investigation of Breach If the Seller (i) has knowledge of a breach of a representation or warranty made in Section 3.4, (ii) receives notice from the Depositor, the Trust, the Owner Trustee or the Indenture Trustee of a breach of a representation or warranty made in Section 3.4, (iii) receives a written request to repurchase a Receivable due to an alleged breach of a representation and warranty in Section 3.4 from the Owner Trustee, the Indenture Trustee, any Verified Note Owner or any Noteholder (which repurchase request shall provide sufficient detail so as to allow the Seller to reasonably investigate the alleged breach of the representations and warranties in Section 3.4; provided, that with respect to a repurchase request from a Noteholder or a Verified Note Owner, such repurchase request shall initially be provided to the Indenture Trustee) for a Receivable (each, a “Repurchase Request”) or (iv) receives a final report from the Asset Representations Reviewer that indicates that the Asset Representations Reviewer has determined that a test procedure under the Asset Representations Review Agreement has not been satisfied with respect to a representation or warranty set forth in Section 3.4 for a Receivable, then, in each case, the Seller will investigate the Receivable to confirm the breach and determine if the breach materially and adversely affects the interests of the Purchaser, the Issuer or the Noteholders in any Receivable. None of the Servicer, the Issuer, the Owner Trustee, the Indenture Trustee, the Asset Representations Reviewer or the Administrator will have an obligation to investigate whether a breach of any representation or warranty has occurred or whether any Receivable is required to be repurchased under this Section 3.5.
Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.
COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.
Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.
Notification of Breach During the term of this Agreement:
Representation and costs It is hereby acknowledged by each of the parties hereto that the Company's Counsel acts solely for the Company, and, correspondingly, that the Subscriber has been required by each of the Company's Counsel and the Company to obtain independent legal advice with respect to the Subscriber's review and execution of this Agreement. In addition, it is hereby further acknowledged and agreed by the parties hereto that the Company's Counsel, and certain or all of its principal owners or associates, from time to time, may have both an economic or shareholding interest in and to the Company and/or a fiduciary duty to the same arising from either a directorship, officership or similar relationship arising out of the request of the Company for certain of such persons to act in a similar capacity while acting for the Company as counsel. Correspondingly, and even where, as a result of this Agreement, the consent of each party hereto to the role and capacity of the Company's Counsel and its principal owners and associates, as the case may be, is deemed to have been received, where any conflict or perceived conflict may arise, or be seen to arise, as a result of any such capacity or representation, each party hereto acknowledges and agrees to, once more, obtain independent legal advice in respect of any such conflict or perceived conflict and, consequent thereon, the Company's Counsel, together with any such principal owners or associates, as the case may be, shall be at liberty at any time to resign any such position if it or any party hereto is in any way affected or uncomfortable with any such capacity or representation. Each party to this Agreement will also bear and pay its own costs, legal and otherwise, in connection with its respective preparation, review and execution of this Agreement and, in particular, that the costs involved in the preparation of this Agreement, and all documentation necessarily incidental thereto, by the Company's Counsel, shall be at the cost of the Company.
Investigation and Prevention DST shall reasonably assist Fund in investigating of any such unauthorized access and shall use commercially reasonable efforts to: (A) cooperate with Fund in its efforts to comply with statutory notice or other legal obligations applicable to Fund or its clients arising out of unauthorized access and to seek injunctive or other equitable relief; (B) cooperate with Fund in litigation and investigations against third parties reasonably necessary to protect its proprietary rights; and (C) take reasonable actions necessary to mitigate loss from any such authorized access.
