Common use of Notification to DSH of Breach or Security Incident Clause in Contracts

Notification to DSH of Breach or Security Incident. The Contractor shall notify DSH immediately by telephone call plus email or fax upon the discovery of a breach (as defined in this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident (as defined in this Exhibit), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to DSH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the DSH Program Contract Manager, the DSH Privacy Officer and the DSH Chief Information Security Officer, using the contact information listed in Section XI(F), below. If the breach or security incident is discovered after business hours or on a weekend or holiday and involves DSH PCI in electronic or computerized form, notification to DSH shall be provided by calling the DSH Information Security Office at the telephone numbers listed in Section XI(F), below. For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor as of the first day on which such breach or security incident is known to the Contractor, or, by exercising reasonable diligence would have been known to the Contractor. Contractor shall be deemed to have knowledge of a breach if such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is an employee or agent of the Contractor. Contractor shall take:

Notification to DSH of Breach or Security Incident. The Contractor shall notify DSH immediately by telephone call plus email or fax upon the discovery of a breach (as defined in this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident (as defined in this Exhibit), unless a law enforcement agency determines that the notification will shall impede a criminal investigation, in which case the notification required by this section shall be made to DSH immediately after the law enforcement agency determines that such notification will shall not compromise the investigation. Notification shall be provided to the DSH Program DSH Contract Manager, the DSH Privacy Officer and the DSH Chief Information Security Officer, using the contact information listed in Section XI(F), below. If the breach or security incident is discovered after business hours or on a weekend or holiday and involves DSH PCI in electronic or computerized form, notification to DSH shall be provided by calling the DSH Information Security Office at the telephone numbers listed in Section XI(F), below. For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor as of the first day on which such breach or security incident is known to the Contractor, or, by exercising reasonable diligence would have been known to the Contractor. Contractor shall be deemed to have knowledge of a breach if such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is an employee or agent of the Contractor. Contractor shall take: