Common use of Notification of Network Data Breach Clause in Contracts

Notification of Network Data Breach. Supplier shall immediately report in writing to the University any network breach and/or use or disclosure of Data not authorized by the Agreement, including any reasonable belief that unauthorized access to Data has occurred. Supplier shall make the report to the University not less than two (2) business days after Supplier reasonably believes that there has been such unauthorized use or disclosure. Supplier’s report shall identify: (i) the nature of the unauthorized use or disclosure; (ii) the network element(s) and/or Data used or disclosed; (iii) who made the unauthorized use or received the unauthorized disclosure; (iv) what Supplier has done, or shall do, to mitigate any negative effect of the unauthorized disclosure; and (v) what corrective action Supplier has taken, or shall take, to prevent future unauthorized use or disclosure. Supplier shall comply with all applicable laws that require the notification of individuals in the event of unauthorized release of personally-identifiable information, or any other event requiring such notification (a “Notification Event”). The University may, in its sole discretion, choose to provide notice to any or all parties affected by a network or Data breach, but the Supplier shall reimburse the University for its costs in providing any credit monitoring or similar services that are necessary as a result of any network or Data Breach.

Notification of Network Data Breach. Supplier shall immediately report in writing to the University WMU any network breach and/or use or disclosure of Data not authorized by the Agreement, including any reasonable belief that unauthorized access to Data has occurred. Supplier shall make the report to the University WMU not less than two (2) business days after Supplier reasonably believes that there has been such unauthorized use or disclosure. Supplier’s report shall identify: (i) the nature of the unauthorized use or disclosure; (ii) the network element(s) and/or Data used or disclosed; (iii) who made the unauthorized use or received the unauthorized disclosure; (iv) what Supplier has done, or shall do, to mitigate any negative effect of the unauthorized disclosure; and (v) what corrective action Supplier has taken, or shall take, to prevent future unauthorized use or disclosure. Supplier shall comply with all applicable laws that require the notification of individuals in the event of unauthorized release of personally-identifiable information, or any other event requiring such notification (a “Notification Event”). The University WMU may, in its sole discretion, choose to provide notice to any or all parties Parties affected by a network or Data breach, but the Supplier shall reimburse the University WMU for its costs in providing any credit monitoring or similar services that are necessary as a result of any network or Data Breach.