NOTIFIABLE DATA BREACHES Sample Clauses

NOTIFIABLE DATA BREACHES. 20.1. If the Liquidator becomes aware that there are reasonable grounds to suspect that there may have been an Eligible Data Breach in relation to any Personal Information or Sensitive Information held by the Supplier as a result of this Agreement or its provision of the Services, the Liquidator agrees to: (a) notify ASIC in writing as soon as possible, which must be no later than within 3 days of becoming aware; and (b) unless otherwise directed by ASIC, carry out an assessment in accordance with the requirements of the Privacy Xxx 0000 (Cth). 20.2. Where the Liquidator is aware that there are reasonable grounds to believe there has been, or where ASIC notifies the Liquidator that there has been, an Eligible Data Breach in relation to any Personal Information or Sensitive Information held by the Liquidator as a result of this Agreement or its provision of the Services, the Liquidator must: (a) take all reasonable action to mitigate the risk of the Eligible Data Breach causing serious harm to any of the individuals to whom the Personal Information or Sensitive Information relates; (b) unless otherwise directed by ASIC, take all other action necessary to comply with the requirements of the Privacy Xxx 0000 (Cth); and (c) take any other action as reasonably directed by ASIC.
Sample 1Sample 2See All (4)
AutoNDA by SimpleDocs
NOTIFIABLE DATA BREACHES. If the Insurer becomes aware that there are reasonable grounds to suspect that there may have been an Eligible Data Breach in relation to any Personal Information held by the Insurer for the purposes of this Deed or the provision of OSHC, the Insurer agrees to: notify the Department in writing as soon as possible, which must be no later than within 3 days of becoming aware; and carry out an assessment in accordance with the requirements of the Privacy Act unless otherwise directed by the Commonwealth. Where the Insurer is aware that there are reasonable grounds to believe there has been, or where the Department notifies the Insurer that there has been, an Eligible Data Breach in relation to any Personal Information held by the Insurer as a result of this Deed or the provision of OSHC, the Insurer must: take all reasonable action to mitigate the risk of the Eligible Data Breach causing serious harm to any of the individuals to whom the Personal Information relates; unless otherwise directed by the Department, take all other action necessary to comply with the requirements of the Privacy Act; and take any other action as reasonably directed by the Department.
Sample 1Sample 2
NOTIFIABLE DATA BREACHES. ‌ 18.1. If the Insurer becomes aware that there are reasonable grounds to suspect that there may have been an Eligible Data Breach in relation to any Personal Information held by the Insurer for the purposes of this Deed or the provision of OSHC, the Insurer agrees to: (a) notify the Department in writing as soon as possible, which must be no later than within 3 days of becoming aware; and (b) carry out an assessment in accordance with the requirements of the Privacy Act unless otherwise directed by the Commonwealth. 18.2. Where the Insurer is aware that there are reasonable grounds to believe there has been, or where the Department notifies the Insurer that there has been, an Eligible Data Breach in relation to any Personal Information held by the Insurer as a result of this Deed or the provision of OSHC, the Insurer must: (a) take all reasonable action to mitigate the risk of the Eligible Data Breach causing serious harm to any of the individuals to whom the Personal Information relates; (b) unless otherwise directed by the Department, take all other action necessary to comply with the requirements of the Privacy Act; and (c) take any other action as reasonably directed by the Department.
Sample 1Sample 2
NOTIFIABLE DATA BREACHES. You must notify us within 48 hours if you learn of any security breaches relating to your systems or the Services. If the breach(es) could constitute a breach of any applicable privacy laws, you must notify us within 3 hours of the breach (suspected or confirmed) coming to your attention. You shall aid us fully in any subsequent investigation or legal action taken as a result of the breach.
Sample 1
NOTIFIABLE DATA BREACHES. (a) This clause 18 applies to the extent that the Service Provider is an ‘Organisation’ as defined in the Privacy Act 1988. (b) In this clause:
Sample 1
NOTIFIABLE DATA BREACHES. (a) Without limiting any other term of this Agreement, if the Operator becomes aware that there are reasonable grounds to suspect that there may have been an Eligible Data Breach in relation to any Personal Information held by the Operator as a result of this Agreement or its provision of the Services, the Operator must: (i) notify the Department in writing immediately; (ii) unless otherwise directed by the Department, carry out an assessment in accordance with the requirements of the Privacy Act; and (iii) where requested by the Department, assist the Department in carrying out an assessment of the consequences to the Department of the eligible data breach. (b) Where the Operator is aware that there are reasonable grounds to believe there has been, or where the Department notifies the Operator that there has been, an Eligible Data Breach in relation to any Personal Information held by the Operator as a result of this Agreement or its provision of the Services, the Operator must: (i) take all reasonable action to mitigate the risk of the Eligible Data Breach causing serious harm to any of the individuals to whom the Personal Information relates; (ii) unless otherwise directed by the Department, take all other action necessary to comply with the requirements of the Privacy Act; and (iii) take any other action as reasonably directed by the Department.
Sample 1
NOTIFIABLE DATA BREACHES. 18.1 This clause 18 will only apply to the extent the notifiable data breaches scheme under Part IIIC of the Privacy Act 1988 (Cth) (Notifiable Data Breaches Scheme) applies to us. 18.2 If as a result of our investigations in accordance with clause 17.1 of this Agreement, we believe a Security Incident has occurred that we consider to be notifiable under the Notifiable Data Breaches Scheme, we will: (a) promptly notify you of this by telephone or email; (b) provide notice to the Office of the Australian Information Commissioner in accordance with the Notifiable Data Breaches Scheme; and (c) be the sole Party to notify the individuals who are likely to be at risk of serious harm arising from the Security Incident. 18.3 Where we do not have the contact details of affected individuals, we will provide you with a statement to provide to affected individuals.
Sample 1
AutoNDA by SimpleDocs

Related to NOTIFIABLE DATA BREACHES

  • Data Breaches 4.1 The Data Processor does not guarantee that its security measures will be effective under all conditions. If the Data Processor discovers a data breach within the meaning of Article

  • Data Breach In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process: (1) The security breach notification described above shall include, at a minimum, the following information to the extent known by the Provider and as it becomes available: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (2) Provider agrees to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide XXX, upon request, with a summary of said written incident response plan. (4) LEA shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (5) In the event of a breach originating from XXX’s use of the Service, Provider shall cooperate with XXX to the extent necessary to expeditiously secure Student Data.

  • Personal Data Breaches 5.7.1 The Data Processor shall give immediate notice to the Data Controller if a breach occurs, that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed re the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”). 5.7.2 The Data Processor shall make reasonable efforts to identify the cause of such a breach and take those steps as they deem necessary to establish the cause, and to prevent such a breach from reoccurring.

  • Personal Information security breach Supplier/Service Provider’s Obligations a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data. b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise. d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.

  • Personal Data Breach 7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws. 7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

  • Security Breaches In order to protect your security, it is your sole responsibility to ensure that all usernames and passwords used to access the Website are kept secure and confidential. You must immediately notify us of any unauthorized use of your account, including the unauthorized use of your password, or any other breach of security. We will investigate any breach of security on the Website that we determine in our sole discretion to be serious in nature, but we will not be held responsible or liable in any manner for breaches of security or any unauthorized access to your account however arising.

  • Confidential Information Breach This shall mean, generally, an instance where an unauthorized person or entity accesses Confidential Information in any manner, including but not limited to the following occurrences: (1) any Confidential Information that is not encrypted or protected is misplaced, lost, stolen or in any way compromised; (2)one or more third parties have had access to or taken control or possession of any Confidential Information that is not encrypted or protected without prior written authorization from the State; (3) the unauthorized acquisition of encrypted or protected Confidential Information together with the confidential process or key that is capable of compromising the integrity of the Confidential Information; or (4) if there is a substantial risk of identity theft or fraud to the Client Agency, the Contractor, DAS or State.

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.

  • Customer Data 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at XxxxxXXX.xxx or such other website address as may be notified to the Customer as such document may be amended by the Supplier in its sole discretion from time to time the current version of which is set out at Schedule 3 of this Agreement. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy as such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (b) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (c) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (d) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. 5.5 The Supplier and the Customer shall comply with their respective obligations as set out in Schedule 4 of this Agreement

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!