Common use of Procedures for Breach or Loss of Non-Public Information Clause in Contracts

Procedures for Breach or Loss of Non-Public Information. a. In the event that Data Recipient discloses (without WECC’s prior written consent or as otherwise provided herein) or becomes aware that it has experienced a security breach, unauthorized data disclosure, or data loss with respect to any Non-Public Information (“Security Event”), then Data Recipient shall as soon as reasonably possible: (i) use reasonable best efforts to mitigate the Security Event, (ii) notify WECC in writing of (to the extent known): (a) the nature of the Security Event; (b) the Non-Public Information relating to the Security Event; (c) who caused the Security Event and who received access to the Non-Public Information as a result of the Security Event; (d) what Data Recipient has done or will do to mitigate any deleterious effect of the Security Event; and (e) what corrective action Data Recipient has taken or will take to prevent a further Security Event from occurring, and (iii) use reasonable best efforts to assist WECC in making applicable notifications related to the Security Event, including as required by applicable laws and regulations; provided that, the provision and timing of any notifications, if any, including content, will be in the sole discretion of and at the direction of WECC.