Notification of Data Security Incident Sample Clauses

Notification of Data Security Incident. For purposes of this section, “Data Security Incident” is defined as unauthorized access to the CONTRACTOR’S business and/or business systems by a third party, which access could potentially expose County data or systems to unauthorized access, disclosure, or misuse. In the event of a Data Security Incident, CONTRACTOR must notify County within 48 hours. Notice should be made to XXXXX@xxxxxx.xx.xxx and XXXXxxxxxxxx@xxxxxx.xx.xxx. Notice under this section must include the date of incident and CONTRACTOR’S systems and/or locations which were affected. The duty to notify under this section is broad, requiring disclosure whether or not any impact to County data is known at the time, to enable County to take immediate protective actions of its data and cloud environments. Failure to notify under this section is a material breach, and County may immediately terminate the Agreement for failure to comply.
Sample 1Sample 2Sample 3See All (27)
AutoNDA by SimpleDocs
Notification of Data Security Incident. For purposes of this section, “Data Security Incident” is defined as unauthorized access to the CONTRACTOR’S business and/or business systems by a third party, which access could potentially expose COUNTY data or systems to unauthorized access, disclosure, or misuse. In the event of a Data Security Incident, CONTRACTOR must notify COUNTY within 48 hours. Notice should be made to XXXXX@xxxxxx.xx.xxx and XXXXxxxxxxxx@xxxxxx.xx.xxx. Notice under this section must include the date of incident and CONTRACTOR’S systems and/or locations which were affected. The duty to notify under this section is broad, requiring disclosure whether or not any impact to COUNTY data is known at the time, to enable COUNTY to take immediate protective actions of its data and cloud environments. Failure to notify under this section is a material breach, and COUNTY may immediately terminate the Agreement for failure to comply.
Sample 1Sample 2Sample 3See All (10)
Notification of Data Security Incident. For purposes of this section, “Data Security Incident” is defined as unauthorized access to the CONSULTANT’s business and/or business systems by a third party, which access could potentially expose COUNTY data or systems to unauthorized access, disclosure, or misuse. In the event of a Data Security Incident, CONSULTANT must notify COUNTY in writing within 48 hours. Notice should be made to XXXXX@xxxxxx.xx.xxx and to all parties referenced in the “Notices” section of the AGREEMENT. Notice must reference this contract number. Notice under this section must include the date of incident and CONSULTANT’s systems and/or locations which were affected. The duty to notify under this section is broad, requiring disclosure whether or not any impact to COUNTY data is known at the time, to enable COUNTY to take immediate protective actions of its data and cloud environments. Failure to notify under this section is a material breach, and COUNTY may immediately terminate the AGREEMENT for failure to comply.
Sample 1Sample 2Sample 3See All (6)
Notification of Data Security Incident. For purposes of this section, “Data Security Incident” is defined as unauthorized access to the CONTRACTOR’S business and/or business systems by a third party, which access could potentially expose County data or systems to unauthorized access, disclosure, or misuse. In the event of a Data Security Incident, CONTRACTOR must notify County within 48 hours. Notice should be made to XXXXX@xxxxxx.xx.xxx and XXXXxxxxxxxx@xxxxxx.xx.xxx. Notice under this section must include the date of incident and CONTRACTOR’S systems and/or locations which were affected. The duty to notify under this section is broad, requiring disclosure whether or not any impact to County data is known at the time, to enable County to take immediate protective actions of its data and cloud environments. Failure to notify under this section is a material breach, and County may immediately terminate the Agreement for failure to comply. COUNTY will inform CONTRACTOR of any changes related to funding sources or amounts in this agreement as a result of COUNTY’s Quarterly funding reviews. If changes are needed to reflect updated Federal Funding, this Exhibit is subject to modification with written approval of the County Contract Administrator and the Revenue and Budget Manager, and CONTRACTOR will receive the updated Exhibit.
Sample 1
Notification of Data Security Incident. For purposes of this section, “Data Security Incident” is defined as unauthorized access to the CONSULTANT’s business, business records, and/or business systems by a third party, which access could potentially expose County records, data, or systems to unauthorized access, disclosure, or misuse. In the event of a Data Security Incident, CONSULTANT must notify County within 48 hours. Notice under this section must include the date of incident and CONSULTANT’s systems and/or locations which were affected. The duty to notify under this section is broad, requiring disclosure whether or not any impact to County data is known at the time, to enable County to take immediate protective actions of its records, data, and cloud environments. Failure to notify under this section is a material breach, and County may immediately terminate the Agreement for failure to comply.
Sample 1
Notification of Data Security Incident. The Recipient shall promptly notify the Supplier (see contact details defined in Schedule 1) within 24 hours of becoming aware of any accidental or unlawful destruction, loss, alteration, unauthorised use or disclosure of, or access to, the Dataset (or of any cybersecurity or other incident with potential to cause the same) and the Recipient shall under the Supplier’s request: (a) promptly investigate and respond to the Supplier’s concerns regarding any alleged incident; (b) promptly resolve any problems identified by the investigation; (c) submit a corrective action plan with steps designed to prevent any future incidents; and/or (d) require that all Dataset (including any document created by or on behalf of the Recipient and containing Dataset) be immediately returned or destroyed.
Sample 1

Related to Notification of Data Security Incident

  • Privacy and Data Security (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole. (b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data. (c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments. (d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data. (e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.

  • Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Subscription Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Subscription Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Subscription Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Subscription Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Subscription Agreement between [Xxxxx-Fultonville Central School District] and [Vendor Name].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Subscription Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Subscription Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!