Notification of Breach or Unauthorized Release. With respect to any breach or unauthorized release of Protected Data, including any breach or unauthorized release of Protected Data by Vendor’s assignees or subcontractors, Vendor acknowledges and agrees to the following: i. Vendor will promptly notify the District of any breach or unauthorized release of Protected Data, in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release. ii. Vendor will provide such notification to the District by contacting the Data Protection Officer directly by email at XXxxxxxx@XXXxxxxxx.xxx or by calling 716-278-5860. iii. Vendor will cooperate with the District and provide as much information as possible directly to the Data Protection Officer or his/her designee about the incident, including but not limited to: a list of users impacted, a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions. iv. Vendor acknowledges that upon initial notification from Vendor, the District has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide such notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform the Data Protection Officer or his/her designee. v. Vendor will cooperate with the District and law enforcement to protect the integrity of investigations into the breach or unauthorized release of Protected Data. vi. Vendor will pay for or promptly reimburse the District for the full cost of notification, in the event the District is required under Section 2-d to notify affected parents, students, teachers or principals of a breach or unauthorized release of Protected Data attributed to Vendor, its subcontractors or assignees.
Appears in 3 contracts
Samples: Data Privacy & Security, Data Privacy & Security, Data Privacy & Security
Notification of Breach or Unauthorized Release. With respect to any breach or unauthorized release of Protected Data, including any breach or unauthorized release of Protected Data by Vendor’s assignees or subcontractors, Vendor acknowledges and agrees to the following:
i. Vendor will promptly notify the District of any breach or unauthorized release of Protected Data, in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
ii. Vendor will provide such notification to the District by contacting the Data Protection Privacy Officer directly by email at XXxxxxxx@XXXxxxxxx.xxx xxxxxxxxxxxxxx@xxxxx00.xxx or by calling 716716- 646-278-58603280 ext. 4136.
iii. Vendor will cooperate with the District and provide as much information as possible directly to the Data Protection Privacy Officer or his/her designee about the incident, including but not limited to: a list of users impacted, a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
iv. Vendor acknowledges that upon initial notification from Vendor, the District has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide such notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform the Data Protection Privacy Officer or his/her designee.
v. Vendor will cooperate with the District and law enforcement to protect the integrity of investigations into the breach or unauthorized release of Protected Data.
vi. Vendor will pay for or promptly reimburse the District for the full cost of notification, in the event the District is required under Section 2-d to notify affected parents, students, teachers or principals of a breach or unauthorized release of Protected Data attributed to Vendor, its subcontractors or assignees.
Appears in 1 contract
Samples: Data Privacy & Security
Notification of Breach or Unauthorized Release. With respect to any breach or unauthorized release of Protected Data, including any breach or unauthorized release of Protected Data by Vendor’s assignees or subcontractors, Vendor acknowledges and agrees to the following:
i. Vendor will promptly notify the District of any breach or unauthorized release of Protected Data, in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
ii. Vendor will provide such notification to the District by contacting the Data Protection Officer directly by email at XXxxxxxx@XXXxxxxxx.xxx or by calling 716000-278000-58600000.
iii. Vendor will cooperate with the District and provide as much information as possible directly to the Data Protection Officer or his/her designee about the incident, including but not limited to: a list of users impacted, a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
iv. Vendor acknowledges that upon initial notification from Vendor, the District has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide such notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform the Data Protection Officer or his/her designee.
v. Vendor will cooperate with the District and law enforcement to protect the integrity of investigations into the breach or unauthorized release of Protected Data.
vi. Vendor will pay for or promptly reimburse the District for the full cost of notification, in the event the District is required under Section 2-d to notify affected parents, students, teachers or principals of a breach or unauthorized release of Protected Data attributed to Vendor, its subcontractors or assignees.
Appears in 1 contract
Samples: Data Privacy & Security