Reportable Data Events Sample Clauses

Reportable Data Events. The Contractor shall promptly notify, without unreasonable delay, the BOE Office of Legal Services at 212-374-6888 and at XxxXxxxx@xxxxxxx.xxx.xxx (to the attention of the Chief Privacy Officer) of any act, error or omission, negligence, misconduct, or breach (including any unauthorized release, use or disclosure of, access to Protected Information, whether by the Recipient, its Authorized Users or any other party that shall have gained access to the affected Protected Information) that compromises or is suspected to compromise the security, confidentiality, availability or integrity of Protected Information, including by compromising the physical, technical, administrative or organizational safeguards implemented by the Recipient (“Reportable Data Event”). In no event shall such notification occur more than seventy-two (72) hours after confirmation that a Reportable Data Event occurred. Moreover, to the extent (a) New York Education Law 2-d or any other law or regulation requires parties affected by the Reportable Data Event to be notified, and (b) the Reportable Data Event is not attributable to the acts or omissions of the BOE, the Contractor shall compensate the BOE for the full cost of any notifications that the BOE is required by law to make. Contractor agrees to assist and collaborate with the BOE in ensuring that required notifications shall be clear, concise, use language that is plain and easy to understand, and to the extent available, include:

Reportable Data Events. The Contractor shall promptly notify, without unreasonable delay, the BOE Office of Legal Services at 212-374-6888 and at XxxXxxxx@xxxxxxx.xxx.xxx (to the attention of the Chief Privacy Officer) of any act, error or omission, negligence, misconduct, or breach (including any unauthorized release, use or disclosure of, access to Protected Information, whether by the Recipient, its Authorized Users or any other party that shall have gained access to the affected Protected Information) that compromises or is suspected to compromise the security, confidentiality, availability or integrity of Protected Information, including by compromising the physical, technical, administrative or organizational safeguards implemented by the Recipient (“Reportable Data Event”). In no event shall such notification occur more than seventy-two (72) hours after confirmation that a Reportable Data Event occurred. Moreover, to the extent (a) New York Education Law 2-d or any other law or regulation requires parties affected by the Reportable Data Event to be notified, and (b) the Reportable Data Event is not attributable to the acts or omissions of the BOE, the Contractor shall compensate the BOE for the full cost of any notifications that the BOE is required by law to make. Contractor agrees to assist and collaborate with the BOE in ensuring that required notifications shall be clear, concise, use language that is plain and easy to understand, and to the extent available, include: (a) a brief description of the Reportable Data Event, the dates of the incident and the date of discovery, if known; (b) a description of the types of Protected Information affected; (c) an estimate of the number of records affected; (d) a brief description of the investigation or plan to investigate; and (e) contact information for representatives who can assist parents or adult students that have additional questions. The Contractor shall provide any records or other information the BOE requires to investigate the incident or to effectuate the notifications. The Contractor shall fully cooperate with and assist the BOE in investigating the Reportable Data Event, including, without limitation, by providing full access to persons or information necessary to determine the scope of the Reportable Data Event, such as all relevant records, logs, files, data reporting, and other materials required to comply with applicable law or as otherwise required by the BOE.

Reportable Data Events. The Processor shall promptly notify, without unreasonable delay (a) the BOE Office of Legal Services at 000-000-0000 and at xxxxxxxxxxxxxx@xxxxxxx.xxx.xxx (to the attention of the Chief Privacy Officer) and (b) the BOE Division of Information and Instructional Technology at xxxx-xxxxxxxx@xxxxxxx.xxx.xxx (to the attention of the Chief Information Security Officer) of (i) any unauthorized release or other Processing of Confidential Information, whether by the Processor, its Authorized Users or any other party that shall have gained access to the affected Confidential Information, or any other Security Incident; or (ii) any other breach of contractual obligations relating to data privacy and security under this Agreement or any other applicable Agreement (together with a Security Incident, a “Reportable Data Event”). In no event shall such notification occur more than twenty four (24) hours after confirmation of an event described in clause (i) of the previous sentence, or more than seventy-two (72) hours after confirmation of an event described in clause (ii) of the previous sentence. Such notification of the DOE shall summarize, in reasonable detail, the nature and scope of the Security Incident (including a description of all impacted DOE Data and DOE Technology Assets) and the corrective action already taken or planned by Processor, which shall be timely supplemented to the level of detail reasonably requested by the BOE, inclusive of relevant investigation or forensic reports. To the extent both (a) New York Education Law 2-d or any other law or regulation requires Subjects affected by the Reportable Data Event to be notified, and (b) the Reportable Data Event is not exclusively attributable to the acts or omissions of the BOE, the Processor shall be responsible, at its own cost and expense, to notify in writing all persons affected by the Reportable Data Event, or shall compensate the BOE for the full cost of any notifications that the BOE instead makes. The Processor agrees to assist and collaborate with the BOE in ensuring that required notifications shall be clear, concise, use language that is plain and easy to understand, and to the extent available, include: (a) a brief description of the Reportable Data Event, the dates of the incident and the date of discovery, if known; (b) a description of the types of Confidential Information affected; (c) an estimate of the number of records affected; (d) a brief description of the investigation or plan to i...