Reports and Notifications of Breach and Unauthorized Release Sample Clauses

Reports and Notifications of Breach and Unauthorized Release a. PLTW shall promptly notify the Program Participant of any breach or unauthorized release, as those terms are defined in Part 121, of personally identifiable information in the most expedient way possible and without unreasonable delay but no more than seven calendar days after the discovery of such breach. Such notice shall, at a minimum, include a telephone call and e-mail to the Program Participant’s listed individuals to receive Notice under the Agreement and by overnight delivery as further outlined in Notices Paragraph below. b. PLTW shall cooperate with the Program Participant and law enforcement to protect the integrity of investigations into the breach or unauthorized release of personally identifiable information. c. Where the breach or unauthorized release of personally identifiable information is attributable to PLTW, PLTW shall pay for or promptly reimburse the Program Participant for the full cost of such notification.
Sample 1Sample 2Sample 3See All (4)
AutoNDA by SimpleDocs
Reports and Notifications of Breach and Unauthorized Release. Contractor acknowledges and agrees that, pursuant to New York Education Law Section 2-d, it must (a) promptly notify School of any breach or unauthorized release of Personally Identifiable Information in the most expedient way possible and without unreasonable delay but no more than seven calendar days after the discovery of such breach and otherwise in accordance with New York Education Law Section 2-d; (b) must cooperate with School and law enforcement to protect the integrity of investigations into the such breach or unauthorized release of Personally Identifiable Information; and (c) pay for or promptly reimburse School for the full cost of notifying a parent, eligible student, teacher, or principal of an unauthorized release of Personally Identifiable Information attributed to Contractor. For avoidance of doubt, this Rider is solely between the Parties and shall have no effect upon the Terms for any other individual or entity subject to such Terms. All other provisions in the Terms remain in full force and effect. If any provision of this Rider is invalid or unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect. To the extent that the terms of this Rider conflict with the Bill of Rights, the terms of this Rider shall control. Any violation or breach of this Rider shall, except as otherwise prohibited by law, be subject to all disclaimers and limitations on liability as set forth in the Terms. [Remainder of Page Left Intentionally Blank; Signature Page Follows] For and on behalf of Xxxxxxxx Central School District (“School”) Signature: For and on behalf of Liminex, Inc. dba GoGuardian, and acting on behalf of itself and its Affiliates (“Contractor”) Name: Xxxxxx Xxxxxxx Dated: 9/14/23 Name: Dated: Xxxxx Xxxxxxx 9/14/2023 Please see Product Privacy Policy listing the exclusive purposes for which the Student Data (and, to the extent that Contractor maintains any Teacher or Principal Data to the extent that Contractor maintains such data) will be used by Contractor). Please see Contractor’s Data Privacy and Security Plan, incorporated herein as Schedule 3, for a description of how Contractor will help ensure that the subcontractors, or other authorized persons or entities to which Contractor will disclose Student Data (and, to the extent that Contractor maintains any Teacher or Prin...
Sample 1
Reports and Notifications of Breach and Unauthorized Release. Contractor acknowledges and agrees that, pursuant to New York Education Law Section 2-d, it must (a) promptly notify School of any breach or unauthorized release of Personally Identifiable Information in the most expedient way possible and without unreasonable delay but no more than seven calendar days after the discovery of such breach and otherwise in accordance with New York Education Law Section 2-d; (b) must cooperate with School and law enforcement to protect the integrity of investigations into the such breach or unauthorized release of Personally Identifiable Information; and (c) pay for or promptly reimburse School for the full cost of notifying a parent, eligible student, teacher, or principal of an unauthorized release of Personally Identifiable Information attributed to Contractor. For avoidance of doubt, this Rider is solely between the Parties and shall have no effect upon the Terms for any other individual or entity subject to such Terms. All other provisions in the Terms remain in full force and effect. If any provision of this Rider is invalid or unenforceable, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect. To the extent that the terms of this Rider conflict with the Bill of Rights, the terms of this Rider shall control. Any violation or breach of this Rider shall, except as otherwise prohibited by law, be subject to all disclaimers and limitations on liability as set forth in the Terms.
Sample 1
Reports and Notifications of Breach and Unauthorized Release. GoGuardian acknowledges and agrees that, pursuant to New York Education Law Section 2-d, it must (a)e promptly notify School of any breach or unauthorized release of Personally Identifiable Information in the most expedient way possible and without unreasonable delay but no more than seven calendar days after the discovery of such breach and otherwise in accordance with New York Education Law Section 2-d; and (b) must cooperate with School and law enforcement to protect the integrity of investigations into the such breach or unauthorized release of Personally Identifiable Information.
Sample 1

Related to Reports and Notifications of Breach and Unauthorized Release

  • Notification of Xxxxxx and Unauthorized Release (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release. (b) Vendor will provide such notification to the District by contacting Xxxxxx Xxx, Data Protection Officer, directly by email at xxxxxx.xxx@xxxxx.xxx or by calling 000-000-0000. (c) Vendor will cooperate with the District and provide as much information as possible directly to Xxxxxx Xxx, Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions. (d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform Xxxxxx Xxx, Data Protection Officer or his/her designee.

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

  • COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.

  • Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!