Security Breach and Response Sample Clauses
The Security Breach and Response clause outlines the obligations and procedures that must be followed in the event of a data or information security breach. Typically, this clause requires the party experiencing the breach to promptly notify the other party, investigate the incident, and take corrective actions to mitigate any harm. For example, it may specify timelines for notification, detail the type of information that must be provided, and require cooperation with investigations. Its core practical function is to ensure a coordinated and timely response to security incidents, thereby minimizing potential damage and maintaining trust between the parties.
Security Breach and Response. 8.1 Supplier shall promptly notify VWGoA without undue delay and no later than 24 hours upon Supplier becoming aware of an actual or potential Security Breach. Supplier should notify VWGoA by telephone to Supplier’s primary business contact and via email at both ▇▇▇▇▇▇▇@▇▇.▇▇▇ and ▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇.▇▇▇ if it has knowledge that there is, or reasonably believes that there has been, an actual or potential Security Breach. Notice must include the following: • the nature of the Security Breach, • the categories and numbers of data subjects concerned, and the categories and numbers of records concerned; • the name and contact details of the Supplier contact from whom more information may be obtained; • describe the likely consequences of the Security Breach; and • describe the measures taken or proposed to be taken to address the Security Breach. • Other information as VWGoA may reasonably request
8.2 Supplier shall (i) cooperate with VWGoA in the manner reasonably requested by VWGoA and in accordance with law to investigate and resolve the Security Breach, and mitigate any harmful effects of the Security Breach; (ii) promptly implement any necessary remedial measures to ensure the protection of VWGoA Data or VWGoA Systems; and (iii) properly document responsive actions taken related to any Security Breach, including, without limitation, post-incident review of events and actions taken to make changes in business practices to ensure the protection of VWGoA Data or VWGoA Systems.
8.3 Except as required by Applicable Law or regulation, Supplier agrees that: (i) it shall not inform any third party of any Security Breach without first obtaining VWGoA' prior written consent, other than to inform a complainant that VWGoA shall be/has been informed of the Security Breach; and (ii) VWGoA shall have the right, but not the obligation, to determine whether notice of the Security Breach is to be provided to any individuals, authorities, regulators, law enforcement agencies, consumer reporting agencies, or others and the contents of any such notice.
8.4 If the Security Breach was a result of Supplier's or Authorized Persons’ negligence or breach of the requirements of this DPSA, Supplier shall bear all costs associated with (i) any investigations and resolution of the Security Breach, including, but not limited to, internal investigations as well as investigations by regulators or other authorities; (ii) notifications to individuals, authorities, regulators, or others; (iii) ...
Security Breach and Response