Notification to CDPH of Breach or Security Incident. The Contractor shall notify CDPH immediately by telephone call plus email or fax upon the discovery of a breach (as defined in this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident (as defined in this Exhibit), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(F), below. If the breach or security incident is discovered after business hours or on a weekend or holiday and involves CDPH PCI in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office at the telephone numberslisted in Section XI(F), below. For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor as of the first day on which such breach or security incident is known to the Contractor, or, by exercising reasonable diligence would have been known to the Contractor. Contractor shall be deemed to have knowledge of a breach if such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is a employee or agent of the Contractor. Contractor shall take: 1. prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and 2. any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section 1798.29.
Appears in 4 contracts
Samples: Grant Agreement, Grant Agreement, Grant Agreement
Notification to CDPH of Breach or Security Incident. The Contractor shall notify CDPH immediately by telephone call plus and email or fax upon the discovery of a breach (as defined in this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident (as defined in this Exhibit), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(FXI (F), below. If the breach or security incident is discovered after business hours or on a weekend or holiday and involves CDPH PCI in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office at the telephone numberslisted numbers listed in Section XI(F), below. For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor as of the first day on which such breach or security incident is known to the Contractor, or, by exercising reasonable diligence would have been known to the Contractor. Contractor shall be deemed to have knowledge of a breach if such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is a an employee or agent of the Contractor. Contractor shall take:
1. prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and
2. any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section 1798.29.
Appears in 4 contracts
Samples: Grant Agreement, Grant Agreement, Grant Agreement
Notification to CDPH of Breach or Security Incident. The Contractor Data Recipient shall notify CDPH immediately by telephone call plus email or fax upon the discovery of a breach (as defined in this Exhibitagreement), and or within twenty-four (24) 24 hours by email or fax of the discovery of any security incident (as defined in this Exhibitagreement), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer Officer, and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(FXII(E), below. If the breach or security incident is discovered occurs after business hours or on a weekend or holiday and involves CDPH PCI Protected Data in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office Technology Service Desk at the telephone numberslisted numbers listed in Section XI(FXII(E), below. For purposes of this Sectionsection, breaches and security incidents shall be treated as discovered by Contractor Data Recipient as of the first day on which such breach or security incident is known to the ContractorData Recipient, or, by exercising reasonable diligence would have been known to the ContractorData Recipient. Contractor Data Recipient shall be deemed to have knowledge of a breach or security incident if such breach or security incident is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breachbreach or security incident, who is a an employee or agent of the ContractorData Recipient. Contractor Data Recipient shall take:
1. prompt Prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and
2. any Any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section Section 1798.29.
Appears in 2 contracts
Samples: Grant Agreement, Grant Agreement
Notification to CDPH of Breach or Security Incident. The Contractor shall notify CDPH immediately by telephone call plus email or fax upon the discovery of a breach (as defined in this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident (as defined in this Exhibit), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(F), below. If the breach or security incident is discovered after business hours or on a weekend or holiday and involves CDPH PCI in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office at the telephone numberslisted numbers listed in Section XI(F), below. For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor as of the first day on which such breach or security incident is known to the Contractor, or, by exercising reasonable diligence would have been known to the Contractor. Contractor shall be deemed to have knowledge of a breach if such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is a employee or agent of the Contractor. Contractor shall take:
1. prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and
2. any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section 1798.29.
Appears in 2 contracts
Samples: Grant Agreement, Grant Agreement
Notification to CDPH of Breach or Security Incident. The Contractor Data Recipient shall notify CDPH immediately by telephone call plus email or fax upon the discovery of a breach (as defined in this ExhibitAgreement), and or within twenty-four (24) hours by email or fax of the discovery of any security incident (as defined in this ExhibitAgreement), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(FXII(c), below. If the breach or security incident is discovered occurs after business hours or on a weekend or holiday and involves CDPH PCI Protected Data in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office IIT Service Desk at the telephone numberslisted numbers listed in Section XI(FXII(c), below. below For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor Data Recipient as of the first day on which such breach or security incident is known to the ContractorData Recipient, or, by exercising reasonable diligence would have been known to the ContractorData Recipient. Contractor Data Recipient shall be deemed to have knowledge of a breach or security incident if such breach or security incident is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breachbreach or security incident, who is a an employee or agent of the ContractorData Recipient. Contractor Data Recipient shall take:
1. prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and
2. any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section 1798.29.
Appears in 2 contracts
Samples: Data Use and Disclosure Agreement, Data Use and Disclosure Agreement
Notification to CDPH of Breach or Security Incident. The Contractor Data Recipient shall notify CDPH immediately by telephone call plus email e-mail or fax upon the discovery of a breach (as defined in this ExhibitAgreement), and or within twenty-four (24) 24 hours by email e-mail or fax of the discovery of any security incident (as defined in this ExhibitAgreement), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer Officer, and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(FXII (E), below. If the breach or security incident is discovered occurs after business hours or on a weekend or holiday and involves CDPH PCI Protected Data in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office Technology Service Desk at the telephone numberslisted numbers listed in Section XI(FXII (E), below. For purposes of this Sectionsection, breaches and security incidents shall be treated as discovered by Contractor Data Recipient as of the first day on which such breach or security incident is known to the ContractorData Recipient, or, by exercising reasonable diligence would have been known to the ContractorData Recipient. Contractor Data Recipient shall be deemed to have knowledge of a breach or security incident if such breach or security incident is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breachbreach or security incident, who is a an employee or agent of the ContractorData Recipient. Contractor Data Recipient shall take:
1. prompt Prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and
2. any Any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section Section 1798.29.
Appears in 1 contract
Samples: Data Use and Disclosure Agreement
Notification to CDPH of Breach or Security Incident. The Contractor Data Recipient shall notify CDPH immediately by telephone call plus email e-mail or fax upon the discovery of a breach (as defined in this ExhibitAgreement), and or within twenty-four (24) 24 hours by email e-mail or fax of the discovery of any security incident (as defined in this ExhibitAgreement), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer Officer, and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(FXIII (E), below. If the breach or security incident is discovered occurs after business hours or on a weekend or holiday and involves CDPH PCI Protected Data in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office Technology Service Desk at the telephone numberslisted numbers listed in Section XI(FXIII (E), below. For purposes of this Sectionsection, breaches and security incidents shall be treated as discovered by Contractor Data Recipient as of the first day on which such breach or security incident is known to the ContractorData Recipient, or, by exercising reasonable diligence would have been known to the ContractorData Recipient. Contractor Data Recipient shall be deemed to have knowledge of a breach or security incident if such breach or security incident is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breachbreach or security incident, who is a an employee or agent of the ContractorData Recipient. Contractor Data Recipient shall take:
1. prompt Prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and
2. any Any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section Section 1798.29.
Appears in 1 contract
Samples: Data Use and Disclosure Agreement
Notification to CDPH of Breach or Security Incident. The Contractor Applicant shall notify CDPH immediately by telephone call plus email or fax upon the discovery of a breach (as defined in this ExhibitAgreement), and within twenty-four (24) hours by email or fax of the discovery of any security incident (as defined in this ExhibitAgreement), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(F), below. If the breach or security incident is discovered after business hours or on a weekend or holiday and involves CDPH PCI in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office at the telephone numberslisted numbers listed in Section XI(F), below. For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor Applicant as of the first day on which such breach or security incident is known to the ContractorApplicant, or, by exercising reasonable diligence would have been known to the ContractorApplicant. Contractor Applicant shall be deemed to have knowledge of a breach if such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is a an employee or agent of the ContractorApplicant. Contractor Applicant shall take:
1. prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and
2. any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section 1798.29.
Appears in 1 contract
Samples: Information Privacy and Security Requirements Agreement
Notification to CDPH of Breach or Security Incident. The Contractor Participant shall notify CDPH immediately by telephone call plus and email or fax upon the discovery of a breach (as defined in this ExhibitAgreement), and within twenty-four (24) hours by email or fax of the discovery of any security incident (as defined in this ExhibitAgreement), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer Officer, and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(FXII(G), below. If the breach or security incident is discovered occurs after business hours or on a weekend or holiday and involves CDPH PCI Cal-IVRS Data in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office at the telephone numberslisted numbers listed in Section XI(FXII(G), below. For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor Participant as of the first day on which such breach or security incident is known to the ContractorParticipant, or, by exercising reasonable diligence would have been known to the ContractorParticipant. Contractor Participant shall be deemed to have knowledge of a breach or security incident if such breach or security incident is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breachbreach or security incident, who is a employee workforce member or agent of the ContractorParticipant. Contractor Participant shall take:
1. prompt Prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the Cal-IVRS System operating environment; and,
2. any Any action pertaining to a breach required by applicable federal and or state laws, including, specifically, California Civil Code section 1798.29.,
Appears in 1 contract
Samples: Data Privacy & Security
