Common use of Personal Information security breach Clause in Contracts

Personal Information security breach. 28.3.1. The Receiving Party shall notify the Information Officer of the Disclosing Party, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any Personal Information and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of Personal Information and to restore the integrity of the affected Service(s) as quickly as is possible. The Receiving Party shall also be required to provide the Disclosing Party with details of the Data Subjects who are affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the Personal Information. 28.3.2. The Parties shall provide ongoing updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. 28.3.3. Where required by law, the Parties may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected Data Subjects of the security breach. Any such notification shall always include sufficient information to allow the Data Subjects to take protective measures against the potential consequences of the compromise. 28.3.4. Each Party undertakes to co-operate in any investigation relating to security which is carried out by or on behalf of the other Party including providing any information or material in its possession or control and implementing new security measures

Personal Information security breach. 28.3.126.3.1. The Receiving Party shall notify the Information Officer of the Disclosing Party, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any Personal Information and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of Personal Information and to restore the integrity of the affected Service(s) as quickly as is possible. The Receiving Party shall also be required to provide the Disclosing Party with details of the Data Subjects who are affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the Personal Information. 28.3.226.3.2. The Parties shall provide ongoing updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved. 28.3.326.3.3. Where required by law, the Parties may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected Data Subjects of the security breach. Any such notification shall always include sufficient information to allow the Data Subjects to take protective measures against the potential consequences of the compromise. 28.3.426.3.4. Each Party undertakes to co-operate in any investigation relating to security which is carried out by or on behalf of the other Party including providing any information or material in its possession or control and implementing new security measures