SECURITY BREACH MANAGEMENT AND NOTIFICATION. 7.1 CA will promptly notify Customer, without undue delay, after CA becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unlawful access to any Customer’s Personal Data that is transmitted, stored or otherwise Processed by CA or its Subprocessors of which CA becomes aware (“Security Breach”). CA will use reasonable efforts to identify the cause of such Security Breach and shall promptly and without undue delay: (a) investigate the Security Breach and provide Customer with information about the Security Breach, including if applicable, such information a Data Processor must provide to a Data Controller under Article 33(3) of the GDPR to the extent such information is reasonably available; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Breach to the extent the remediation is within CA’s reasonable control. The obligations herein shall not apply to any breach that is caused by Customer or it Authorized Users. Notification will be delivered to Customer in accordance with Section 7.3 below. 7.2 CA’s obligation to report or respond to a Security Breach under this Section is not and will not be construed as an acknowledgement by CA of any fault or liability with respect to the Security Breach.
Appears in 4 contracts
Samples: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum
