Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include:
a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and
b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.
Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.
Security Breach In the event that Seller discovers or is notified of a breach, potential breach of security, or security incident at Seller's Facility or of Seller's systems, Seller shall immediately (i) notify Company of such potential, suspected or actual security breach, whether or not such breach has compromised any of Company's confidential information; (ii) investigate and promptly remediate the effects of the breach, whether or not the breach was caused by Seller; (iii) cooperate with Company with respect to any such breach or unauthorized access or use; (iv) comply with all applicable privacy and data protection laws governing Company's or any other individual's or entity's data; and (v) to the extent such breach was caused by Seller, provide Company with reasonable assurances satisfactory to Company that such breach, potential breach, or security incident shall not recur. Seller shall provide documentation to Company evidencing the length and impact of the breach. Any remediation of any such breach will be at Seller's sole expense.
Security Breaches In order to protect your security, it is your sole responsibility to ensure that all usernames and passwords used to access the Website are kept secure and confidential. You must immediately notify us of any unauthorized use of your account, including the unauthorized use of your password, or any other breach of security. We will investigate any breach of security on the Website that we determine in our sole discretion to be serious in nature, but we will not be held responsible or liable in any manner for breaches of security or any unauthorized access to your account however arising.
COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.
Personal Information security breach Supplier/Service Provider’s Obligations
a) The Supplier/Service Provider shall notify the Information Officer of Transnet, in writing as soon as possible after it becomes aware of or suspects any loss, unauthorised access or unlawful use of any personal data and shall, at its own cost, take all necessary remedial steps to mitigate the extent of the loss or compromise of personal data and to restore the integrity of the affected Goods/Services as quickly as is possible. The Supplier/Service Provider shall also be required to provide Transnet with details of the persons affected by the compromise and the nature and extent of the compromise, including details of the identity of the unauthorised person who may have accessed or acquired the personal data.
b) The Supplier/Service Provider shall provide on-going updates on its progress in resolving the compromise at reasonable intervals until such time as the compromise is resolved.
c) Where required, the Supplier/Service Provider may be required to notify the South African Police Service; and/or the State Security Agency and where applicable, the relevant regulator and/or the affected persons of the security breach. Any such notification shall always include sufficient information to allow the persons to take protective measures against the potential consequences of the compromise.
d) The Supplier/Service Provider undertakes to co‑operate in any investigation relating to security which is carried out by or on behalf of Transnet including providing any information or material in its possession or control and implementing new security measures.
Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law.
b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions).
c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent.
d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI:
(1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information;
(2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information;
(3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and
(4) DSHS will take appropriate remedial measures up to termination of this Contract.
Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.
Providing Notice of Breaches 8.1 If Covered Entity determines that an impermissible acquisition, access, use or disclosure of PHI for which one of Business Associate’s employees or agents was responsible constitutes a Breach as defined in 45 CFR § 164.402, and if requested by Covered Entity, Business Associate shall provide notice to the individual(s) whose PHI has been the subject of the Breach. When requested to provide notice, Business Associate shall consult with Covered Entity about the timeliness, content and method of notice, and shall receive Covered Entity’s approval concerning these elements. The cost of notice and related remedies shall be borne by Business Associate.
8.2 If Covered Entity or Business Associate determines that an impermissible acquisition, access, use or disclosure of PHI by a Subcontractor of Business Associate constitutes a Breach as defined in 45 CFR § 164.402, and if requested by Covered Entity or Business Associate, Subcontractor shall provide notice to the individual(s) whose PHI has been the subject of the Breach. When Covered Entity requests that Business Associate or its Subcontractor provide notice, Business Associate shall either 1) consult with Covered Entity about the specifics of the notice as set forth in section 8.1, above, or 2) require, by contract, its Subcontractor to consult with Covered Entity about the specifics of the notice as set forth in section 8.1
8.3 The notice to affected individuals shall be provided as soon as reasonably possible and in no case later than 60 calendar days after Business Associate reported the Breach to Covered Entity.
8.4 The notice to affected individuals shall be written in plain language and shall include, to the extent possible, 1) a brief description of what happened, 2) a description of the types of Unsecured PHI that were involved in the Breach, 3) any steps individuals can take to protect themselves from potential harm resulting from the Breach, 4) a brief description of what the Business Associate is doing to investigate the Breach, to mitigate harm to individuals and to protect against further Breaches, and 5) contact procedures for individuals to ask questions or obtain additional information, as set forth in 45 CFR § 164.404(c).
8.5 Business Associate shall notify individuals of Breaches as specified in 45 CFR § 164.404(d) (methods of individual notice). In addition, when a Breach involves more than 500 residents of Vermont, Business Associate shall, if requested by Covered Entity, notify prominent media outlets serving Vermont, following the requirements set forth in 45 CFR § 164.406.
FALSE STATEMENTS; BREACH OF REPRESENTATIONS The Parties acknowledge that this Agreement has been negotiated, and is being executed, in reliance upon the information contained in the Application, and any supplements or amendments thereto, without which the Comptroller would not have approved this Agreement and the District would not have executed this Agreement. By signature to this Agreement, the Applicant:
A. represents and warrants that all information, facts, and representations contained in the Application are true and correct to the best of its knowledge;
B. agrees and acknowledges that the Application and all related attachments and schedules are included by reference in this Agreement as if fully set forth herein; and
C. acknowledges that if the Applicant submitted its Application with a false statement, signs this Agreement with a false statement, or submits a report with a false statement, or it is subsequently determined that the Applicant has violated any of the representations, warranties, guarantees, certifications, or affirmations included in the Application or this Agreement, the Applicant shall have materially breached this Agreement and the Agreement shall be invalid and void except for the enforcement of the provisions required by Section 9.2 of this Agreement.
