Security Breach Notification. In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include:
a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and
b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.
Security Breach Notification. 32.2.1 CONTRACTOR shall have policies and procedures in place for the effective management of Security Breaches, as defined below. In the event of any actual, attempted, suspected, threatened, or reasonably foreseeable circumstance CONTRACTOR experiences or learns of that either compromises or could reasonably be expected to comprise COUNTY data through unauthorized use, disclosure, or acquisition of COUNTY data (“Security Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After such notification, CONTRACTOR shall, at its own expense, immediately: Investigate to determine the nature and extent of the Security Breach. Contain the incident by taking necessary action, including, but not limited to, attempting to recover records, revoking access, and/or correcting weaknesses in security. Report to COUNTY the nature of the Security Breach, the COUNTY data used or disclosed, the person who made the unauthorized use or received the unauthorized disclosure, what CONTRACTOR has done or will do to mitigate any harmful effect of the unauthorized use or disclosure, and the corrective action CONTRACTOR has taken or will take to prevent future similar unauthorized use or disclosure.
32.2.2 The COUNTY, at its sole discretion and on a case-by-case basis, will determine what actions are necessary in response to the Security Breach and who will perform these actions. Actions may include, but are not limited to: notifications; investigation and remediation costs, including notification of all whose personal information was disclosed; outside investigation; forensics; counsel; crisis management; and credit monitoring. In the event COUNTY determines CONTRACTOR will conduct additional action(s), CONTRACTOR shall bear the costs. In the event COUNTY conducts additional actions(s) arising out of or in connection with a Security Breach, CONTRACTOR shall reimburse COUNTY for costs associated to legally required actions.
Security Breach Notification. In the event Contractor becomes aware of any act, error or omission, negligence, misconduct, or security incident including unsecure or improper data disposal, theft, loss, unauthorized use and disclosure or access, that compromises or is suspected to compromise the security, confidentiality, or integrity of County Data or the physical, technical, administrative, or organizational safeguards put in place by Contractor that relate to the security, confidentiality, or integrity of County Data, Contractor shall, at its own expense, (1) immediately (within 24 hours) notify the County’s Chief Information Security Officer and County Privacy Officer of such occurrence and perform a root cause analysis thereon, (2) investigate such occurrence, (3) provide a remediation plan, acceptable to County, to address the occurrence and prevent any further incidents, (4) conduct a forensic investigation to determine what systems, data and information have been affected by such event, and (5) cooperate with County and any law enforcement or regulatory officials investigating such occurrence, including but not limited to making available all relevant records, logs, files, data reporting, and other materials required to comply with applicable law or as otherwise required by County and/or any law enforcement or regulatory officials, and (6) perform or take any other actions required to comply with applicable law as a result of the occurrence (at the direction of County). County shall make the final decision on notifying County persons, entities, employees, service providers, and/or the general public of such occurrence, and the implementation of the remediation plan. If notification to particular persons is required under any law or pursuant to any of County’s privacy or security policies, then notifications to all persons and entities who are affected by the same event shall be considered legally required. Contractor shall reimburse County for all notification related costs incurred by the County arising out of or in connection with any such occurrence due to Contractor’s acts, errors or omissions, negligence, and/or misconduct resulting in a requirement for legally required notifications.
Security Breach Notification. In the event of a security breach, the Contractor shall take prompt corrective action to cure any such deficiencies and any action pertaining to such unauthorized disclosure required by applicable federal and state laws and regulations. The Contractor shall report to the proper Authority staff in writing any use or disclosure of PII, whether suspected or actual, within one (1) business day of becoming aware of such use or disclosure.
Security Breach Notification. The data processor will notify the controller without undue delay, if personal data processed on behalf of the controller is exposed to a breach of security. The data processor’s notification should, at minimum, include information that describes the security breach, which registered subject is affected by the breach, what personal data is affected by the breach, what immediate measures are implemented to address the breach and what preventive measures may have been established to avoid similar incidents in the future. The data controller is responsible for ensuring that the Norwegian Data Protection Authority is notified when required.
Security Breach Notification. 32.2.1 CONTRACTOR shall have policies and procedures in place 10 for the effective management of Security Breaches, as defined below. In the 11 event of any actual, attempted, suspected, threatened, or reasonably 12 foreseeable circumstance CONTRACTOR experiences or learns of that either 13 compromises or could reasonably be expected to comprise COUNTY data through 14 unauthorized use, disclosure, or acquisition of COUNTY data (“Security 15 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 such notification, CONTRACTOR shall, at its own expense, immediately:
17 32.2.1.1 Investigate to determine the nature and 18 extent of the Security Breach.
19 32.2.1.2 Contain the incident by taking necessary 20 action, including, but not limited to, attempting to recover records, revoking 21 access, and/or correcting weaknesses in security.
22 32.2.1.3 Report to COUNTY the nature of the Security 23 Breach, the COUNTY data used or disclosed, the person who made the 24 unauthorized use or received the unauthorized disclosure, what CONTRACTOR has 25 done or will do to mitigate any harmful effect of the unauthorized use or 26 disclosure, and the corrective action CONTRACTOR has taken or will take to 27 prevent future similar unauthorized use or disclosure.
Security Breach Notification. The Supplier will notify the Client of a Personal Data breach without undue delay after becoming aware of such a breach.
Security Breach Notification. 2 32.2.1 CONTRACTOR shall have policies and procedures in place for the 3 effective management of Security Breaches, as defined below. In the event of any actual, 4 attempted, suspected, threatened, or reasonably foreseeable circumstance CONTRACTOR 5 experiences or learns of that either compromises or could reasonably be expected to comprise 6 COUNTY data through unauthorized use, disclosure, or acquisition of COUNTY data (“Security 7 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After such 8 notification, CONTRACTOR shall, at its own expense, immediately:
Security Breach Notification. Section 9 (Security Breach Notification) of Exhibit G (Supplemental SDPC State Terms for Illinois) is hereby amended by adding “to the extent known by the Provider and as it becomes available” after “...to the LEA shall include”.
Security Breach Notification. In the event Contractor becomes aware of any act, error or omission, negligence, misconduct, or security incident including unsecure or improper data disposal, theft, loss, unauthorized use and disclosure or access, that compromises or is suspected to compromise the security, availability, confidentiality, and/or integrity of County data or the physical, technical, administrative, or organizational safeguards required under this Contract that relate to the security, availability, confidentiality, and/or integrity of County data, Contractor shall, at its own expense, (1) immediately (or within 24 hours of potential or suspected breach), notify the County’s Chief Information Security Officer and County Privacy Officer of such occurrence; (2) perform a root cause analysis of the actual, potential, or
