Common use of Security Breach Notification Clause in Contracts

Security Breach Notification. 32.2.1 CONTRACTOR shall have policies and procedures in place 10 for the effective management of Security Breaches, as defined below. In the 11 event of any actual, attempted, suspected, threatened, or reasonably 12 foreseeable circumstance CONTRACTOR experiences or learns of that either 13 compromises or could reasonably be expected to comprise COUNTY data through 14 unauthorized use, disclosure, or acquisition of COUNTY data (“Security 15 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 such notification, CONTRACTOR shall, at its own expense, immediately: 17 32.2.1.1 Investigate to determine the nature and 18 extent of the Security Breach. 19 32.2.1.2 Contain the incident by taking necessary 20 action, including, but not limited to, attempting to recover records, revoking 21 access, and/or correcting weaknesses in security. 22 32.2.1.3 Report to COUNTY the nature of the Security 23 Breach, the COUNTY data used or disclosed, the person who made the 24 unauthorized use or received the unauthorized disclosure, what CONTRACTOR has 25 done or will do to mitigate any harmful effect of the unauthorized use or 26 disclosure, and the corrective action CONTRACTOR has taken or will take to 27 prevent future similar unauthorized use or disclosure.

Security Breach Notification. 32.2.1 2 34.2.1 CONTRACTOR shall have policies and procedures in place 10 for the 3 effective management of Security Breaches, as defined below. In the 11 event of any actual, 4 attempted, suspected, threatened, or reasonably 12 foreseeable circumstance CONTRACTOR 5 experiences or learns of that either 13 compromises or could reasonably be expected to comprise 6 COUNTY data through 14 unauthorized use, disclosure, or acquisition of COUNTY data (“Security 15 7 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 such 8 notification, CONTRACTOR shall, at its own expense, immediately: 17 32.2.1.1 : 9 Investigate to determine the nature and 18 extent of the Security 10 Breach. 19 32.2.1.2 . 11 Contain the incident by taking necessary 20 action, including, but 12 not limited to, attempting to recover records, revoking 21 access, and/or correcting weaknesses in 13 security. 22 32.2.1.3 . 14 Report to COUNTY the nature of the Security 23 Breach, the 15 COUNTY data used or disclosed, the person who made the 24 unauthorized use or received the 16 unauthorized disclosure, what CONTRACTOR has 25 done or will do to mitigate any harmful effect 17 of the unauthorized use or 26 disclosure, and the corrective action CONTRACTOR has taken or will 18 take to 27 prevent future similar unauthorized use or disclosure.

Security Breach Notification. 32.2.1 4 31.2.1 CONTRACTOR shall have policies and procedures in place 10 for 5 the effective management of Security Breaches, as defined below. In the 11 event 6 of any actual, attempted, suspected, threatened, or reasonably 12 foreseeable 7 circumstance CONTRACTOR experiences or learns of that either 13 compromises or 8 could reasonably be expected to comprise COUNTY data through 14 unauthorized use, 9 disclosure, or acquisition of COUNTY data (“Security 15 Breach”), CONTRACTOR shall 10 immediately notify COUNTY of its discovery. After 16 such notification, CONTRACTOR 11 shall, at its own expense, immediately: 17 32.2.1.1 12 31.2.1.1 Investigate to determine the nature and 18 extent 13 of the Security Breach. 19 32.2.1.2 14 31.2.1.2 Contain the incident by taking necessary 20 15 action, including, but is not limited to, attempting to recover records, 16 revoking 21 access, and/or correcting weaknesses in security. 22 32.2.1.3 17 31.2.1.3 Report to COUNTY the nature of the Security 23 18 Breach, the COUNTY data used or disclosed, the person who made the 24 unauthorized 19 use or received the unauthorized disclosure, what CONTRACTOR has 25 done or will 20 do to mitigate any harmful effect of the unauthorized use or 26 disclosure, and 21 the corrective action CONTRACTOR has taken or will take to 27 prevent future 22 similar unauthorized use or disclosure. 23 31.2.2 The COUNTY, at its sole discretion and on a case-by-case 24 basis, will determine what actions are necessary in response to the Security 25 Breach and who will perform these actions. Actions may include, but are not 26 limited to: notifications; investigation and remediation costs, including 27 notification of all whose personal information was disclosed; outside

Security Breach Notification. 32.2.1 CONTRACTOR shall have policies and procedures in place 10 13 for the effective management of Security Breaches, as defined below. In the 11 14 event of any actual, attempted, suspected, threatened, or reasonably 12 15 foreseeable circumstance CONTRACTOR experiences or learns of that either 13 16 compromises or could reasonably be expected to comprise COUNTY data through 14 17 unauthorized use, disclosure, or acquisition of COUNTY data (“Security 15 18 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 19 such notification, CONTRACTOR shall, at its own expense, immediately: 17 20 32.2.1.1 Investigate to determine the nature and 18 21 extent of the Security Breach. 19 22 32.2.1.2 Contain the incident by taking necessary 20 23 action, including, but not limited to, attempting to recover records, revoking 21 24 access, and/or correcting weaknesses in security. 22 25 32.2.1.3 Report to COUNTY the nature of the Security 23 26 Breach, the COUNTY data used or disclosed, the person who made the 24 27 unauthorized use or received the unauthorized disclosure, what CONTRACTOR has 25 28 done or will do to mitigate any harmful effect of the unauthorized use or 26 1 disclosure, and the corrective action CONTRACTOR has taken or will take to 27 2 prevent future similar unauthorized use or disclosure.

Security Breach Notification. 32.2.1 CONTRACTOR shall have policies and procedures in place 10 22 for the effective management of Security Breaches, as defined below. In the 11 23 event of any actual, attempted, suspected, threatened, or reasonably 12 24 foreseeable circumstance CONTRACTOR experiences or learns of that either 13 25 compromises or could reasonably be expected to comprise COUNTY data through 14 26 unauthorized use, disclosure, or acquisition of COUNTY data (“Security 15 27 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 28 such notification, CONTRACTOR shall, at its own expense, immediately: 17 1 32.2.1.1 Investigate to determine the nature and 18 2 extent of the Security Breach. 19 3 32.2.1.2 Contain the incident by taking necessary 20 4 action, including, but not limited to, attempting to recover records, revoking 21 5 access, and/or correcting weaknesses in security. 22 6 32.2.1.3 Report to COUNTY the nature of the Security 23 7 Breach, the COUNTY data used or disclosed, the person who made the 24 8 unauthorized use or received the unauthorized disclosure, what CONTRACTOR has 25 9 done or will do to mitigate any harmful effect of the unauthorized use or 26 10 disclosure, and the corrective action CONTRACTOR has taken or will take to 27 11 prevent future similar unauthorized use or disclosure.

Security Breach Notification. 32.2.1 CONTRACTOR shall have policies and procedures in place 10 11 for the effective management of Security Breaches, as defined below. In the 11 12 event of any actual, attempted, suspected, threatened, or reasonably 12 13 foreseeable circumstance CONTRACTOR experiences or learns of that either 13 14 compromises or could reasonably be expected to comprise COUNTY data through 14 15 unauthorized use, disclosure, or acquisition of COUNTY data (“Security 15 16 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 17 such notification, CONTRACTOR shall, at its own expense, immediately: 17 18 32.2.1.1 Investigate to determine the nature and 18 19 extent of the Security Breach. 19 20 32.2.1.2 Contain the incident by taking necessary 20 21 action, including, but not limited to, attempting to recover records, revoking 21 22 access, and/or correcting weaknesses in security. 22 23 32.2.1.3 Report to COUNTY the nature of the Security 23 24 Breach, the COUNTY data used or disclosed, the person who made the 24 25 unauthorized use or received the unauthorized disclosure, what CONTRACTOR has 25 26 done or will do to mitigate any harmful effect of the unauthorized use or 26 27 disclosure, and the corrective action CONTRACTOR has taken or will take to 27 28 prevent future similar unauthorized use or disclosure.

Security Breach Notification. 32.2.1 9 31.2.1 CONTRACTOR shall have policies and procedures in place 10 for the 10 effective management of Security Breaches, as defined below. In the 11 event of any actual, 11 attempted, suspected, threatened, or reasonably 12 foreseeable circumstance CONTRACTOR 14 13 12 experiences or learns of that either 13 compromises or could reasonably be expected to comprise COUNTY data through 14 unauthorized use, disclosure, or acquisition of COUNTY data (“"Security 15 Breach”"), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 such 15 notification, CONTRACTOR shall, at its own expense, immediately: 17 32.2.1.1 16 31.2.1.1 Investigate to determine the nature and 18 extent of the Security 17 Breach. 19 32.2.1.2 18 31.2.1.2 Contain the incident by taking necessary 20 action, including, but not limited to, attempting to recover records, revoking 21 access, and/or correcting weaknesses in 20 security.. 22 26 27 28 24 25 22 32.2.1.3 21 31.2.1.3 Report to COUNTY the nature of the Security 23 Breach, the COUNTY data used or disclosed, the person who made the 24 unauthorized use or received the unauthorized disclosure, what CONTRACTOR has 25 done or will do to mitigate any harmful effect of the unauthorized use or 26 disclosure, and the corrective action CONTRACTOR has taken or will take to 27 prevent future similar unauthorized use or disclosure.

Security Breach Notification. 32.2.1 16 30.2.1 CONTRACTOR shall have policies and procedures in place 10 17 for the effective management of Security Breaches, as defined below. In the 11 18 event of any actual, attempted, suspected, threatened, or reasonably 12 19 foreseeable circumstance CONTRACTOR experiences or learns of that either 13 20 compromises or could reasonably be expected to comprise COUNTY data through 14 21 unauthorized use, disclosure, or acquisition of COUNTY data (“Security 15 22 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 23 such notification, CONTRACTOR shall, at its own expense, immediately: 17 32.2.1.1 24 30.2.1.1 Investigate to determine the nature and 18 25 extent of the Security Breach. 19 32.2.1.2 26 30.2.1.2 Contain the incident by taking necessary 20 27 action, including, but not limited to, attempting to recover records, revoking 21 28 access, and/or correcting weaknesses in security. 22 32.2.1.3 1 30.2.1.3 Report to COUNTY the nature of the Security 23 2 Breach, the COUNTY data used or disclosed, the person who made the 24 3 unauthorized use or received the unauthorized disclosure, what CONTRACTOR has 25 4 done or will do to mitigate any harmful effect of the unauthorized use or 26 5 disclosure, and the corrective action CONTRACTOR has taken or will take to 27 6 prevent future similar unauthorized use or disclosure. 7 30.2.2 The COUNTY, at its sole discretion and on a case-by-case 8 basis, will determine what actions are necessary in response to the Security 9 Xxxxxx and who will perform these actions. Actions may include, but are not 10 limited to: notifications; investigation and remediation costs, including 11 notification of all whose personal information was disclosed; outside

Security Breach Notification. 32.2.1 30.2.1 CONTRACTOR shall have policies and procedures in place 10 17 for the effective management of Security Breaches, as defined below. In the 11 18 event of any actual, attempted, suspected, threatened, or reasonably 12 19 foreseeable circumstance CONTRACTOR experiences or learns of that either 13 20 compromises or could reasonably be expected to comprise COUNTY data through 14 21 unauthorized use, disclosure, or acquisition of COUNTY data (“Security 15 22 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 23 such notification, CONTRACTOR shall, at its own expense, immediately: 17 32.2.1.1 24 30.2.1.1 Investigate to determine the nature and 18 25 extent of the Security Breach. 19 32.2.1.2 26 30.2.1.2 Contain the incident by taking necessary 20 27 action, including, but not limited to, attempting to recover records, revoking 21 28 access, and/or correcting weaknesses in security. 22 32.2.1.3 1 30.2.1.3 Report to COUNTY the nature of the Security 23 2 Breach, the COUNTY data used or disclosed, the person who made the 24 3 unauthorized use or received the unauthorized disclosure, what CONTRACTOR has 25 4 done or will do to mitigate any harmful effect of the unauthorized use or 26 5 disclosure, and the corrective action CONTRACTOR has taken or will take to 27 6 prevent future similar unauthorized use or disclosure.

Security Breach Notification. 32.2.1 14 31.2.1 CONTRACTOR shall have policies and procedures in place 10 for 15 the effective management of Security Breaches, as defined below. In the 11 event 16 of any actual, attempted, suspected, threatened, or reasonably 12 foreseeable 17 circumstance CONTRACTOR experiences or learns of that either 13 compromises or 18 could reasonably be expected to comprise COUNTY data through 14 unauthorized use, 19 disclosure, or acquisition of COUNTY data (“Security 15 Breach”), CONTRACTOR shall 20 immediately notify COUNTY of its discovery. After 16 such notification, CONTRACTOR 21 shall, at its own expense, immediately: 17 32.2.1.1 22 31.2.1.1 Investigate to determine the nature and 18 extent 23 of the Security Breach. 19 32.2.1.2 24 31.2.1.2 Contain the incident by taking necessary 20 25 action, including, but not limited to, attempting to recover records, revoking 21 26 access, and/or correcting weaknesses in security. 22 32.2.1.3 27 31.2.1.3 Report to COUNTY the nature of the Security 23 28 Breach, the COUNTY data used or disclosed, the person who made the 24 unauthorized 1 use or received the unauthorized disclosure, what CONTRACTOR has 25 done or will 2 do to mitigate any harmful effect of the unauthorized use or 26 disclosure, and 3 the corrective action CONTRACTOR has taken or will take to 27 prevent future 4 similar unauthorized use or disclosure. 5 31.2.2 The COUNTY, at its sole discretion and on a case-by-case 6 basis, will determine what actions are necessary in response to the Security 7 Breach and who will perform these actions. Actions may include, but are not 8 limited to: notifications; investigation and remediation costs, including 9 notification of all whose personal information was disclosed; outside

Security Breach Notification. 32.2.1 31.2.1 CONTRACTOR shall have policies and procedures in place 10 11 for the effective management of Security Breaches, as defined below. In the 11 12 event of any actual, attempted, suspected, threatened, or reasonably 12 13 foreseeable circumstance CONTRACTOR experiences or learns of that either 13 14 compromises or could reasonably be expected to comprise COUNTY data through 14 15 unauthorized use, disclosure, or acquisition of COUNTY data (“Security 15 16 Breach”), CONTRACTOR shall immediately notify COUNTY of its discovery. After 16 17 such notification, CONTRACTOR shall, at its own expense, immediately: 17 32.2.1.1 18 31.2.1.1 Investigate to determine the nature and 18 19 extent of the Security Breach. 19 32.2.1.2 20 31.2.1.2 Contain the incident by taking necessary 20 21 action, including, but is not limited to, attempting to recover records, 22 revoking 21 access, and/or correcting weaknesses in security. 22 32.2.1.3 23 31.2.1.3 Report to COUNTY the nature of the Security 23 24 Breach, the COUNTY data used or disclosed, the person who made the 24 25 unauthorized use or received the unauthorized disclosure, what CONTRACTOR has 25 26 done or will do to mitigate any harmful effect of the unauthorized use or 26 27 disclosure, and the corrective action CONTRACTOR has taken or will take to 27 28 prevent future similar unauthorized use or disclosure.