Security Measures and Data Breach Response Sample Clauses

Security Measures and Data Breach Response 
Sample 1Sample 2
AutoNDA by SimpleDocs

Related to Security Measures and Data Breach Response

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.

  • Workplace Violence Prevention and Crisis Response (applicable to any Party and any subcontractors and sub-grantees whose employees or other service providers deliver social or mental health services directly to individual recipients of such services): Party shall establish a written workplace violence prevention and crisis response policy meeting the requirements of Act 109 (2016), 33 VSA §8201(b), for the benefit of employees delivering direct social or mental health services. Party shall, in preparing its policy, consult with the guidelines promulgated by the U.S. Occupational Safety and Health Administration for Preventing Workplace Violence for Healthcare and Social Services Workers, as those guidelines may from time to time be amended. Party, through its violence protection and crisis response committee, shall evaluate the efficacy of its policy, and update the policy as appropriate, at least annually. The policy and any written evaluations thereof shall be provided to employees delivering direct social or mental health services. Party will ensure that any subcontractor and sub-grantee who hires employees (or contracts with service providers) who deliver social or mental health services directly to individual recipients of such services, complies with all requirements of this Section.

  • Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request.

  • Emergency Response Partners must develop, maintain, and carry out a response plan for public water system emergencies, including disease outbreaks, spills, operational failures, and water system contamination. Partners must notify DWS in a timely manner of emergencies that may affect drinking water supplies.

  • Environment, Health, and Safety (a) To the Knowledge of AIDEA and the Acquired Companies, except as disclosed in Disclosure Schedules 3.16(b), (d), and (e), the Acquired Companies have complied with all Environmental, Health, and Safety Laws. No action, suit, proceeding, hearing, investigation, charge, complaint, claim, demand, or notice has been filed or commenced against any of the Acquired Companies alleging any failure to so comply. Without limiting the generality of the preceding sentence, the Acquired Companies, to the Knowledge of AIDEA and the Acquired Companies, have obtained and been in compliance with all of the terms and conditions of all permits, licenses, and other authorizations that are required under, and have complied with all other limitations, restrictions, conditions, standards, prohibitions, requirements, obligations, schedules, and timetables that are contained in, all Environmental, Health, and Safety Laws. (b) Except as disclosed in Disclosure Schedule 3.16(b), neither the Acquired Companies nor AIDEA with respect to the Acquired Companies, to the Knowledge of AIDEA and the Acquired Companies, has any Liability arising out of events or circumstances occurring under any Environmental, Health, and Safety Laws for contamination of, damage to, or polluting any site, location, property, natural resources, the air, or any body of water (surface or subsurface), or for any illness of, or personal injury to, or death of, any employee or other individual related to the foregoing. (c) To the Knowledge of AIDEA and the Acquired Companies, all equipment and personal property owned, leased, or used in the Operations are and have been free of hydrocarbon contamination, asbestos, PCBs, dioxins, and any other hazardous, toxic, radioactive, or dangerous substances, except for the liquefied natural gas and compressed natural gas the Acquired Companies produce, store, and handle, and except for the fuel, lubricants, refrigerants, and solvents that are used in the ordinary course of business in conducting the Operations. The liquefied natural gas and compressed natural gas of the Acquired Companies, and the fuel, lubricants, refrigerants, and solvents used in its Operations, have all been stored, handled, transported, used, and disposed of in accordance with all Environmental, Health, and Safety Laws and consistent with all standard industry practices. (d) Except as disclosed on Disclosure Schedule 3.16(d), all real property the Acquired Companies owns is, to the Knowledge of AIDEA and the Acquired Companies, free from contamination by any substance regulated under, or defined as or considered “hazardous” or “toxic” or “radioactive” or “contamination” or “pollution” under, any Environmental, Health, and Safety Laws, including but not limited to hydrocarbons, asbestos, PCBs, and dioxins. AIDEA has provided IGU with true and complete copies of all environmental assessments, studies, and reports (1) of which AIDEA and the Acquired Companies have Knowledge and (2) that reference the real property any of the Acquired Companies owns, leases, or uses. Although neither AIDEA nor the Acquired Companies has conducted any environmental assessments regarding the leased real property used by the Acquired Companies, neither AIDEA nor the Acquired Companies has Knowledge of any environmental contamination on or under the portions of any leased or used real property where any of the Operations have been conducted. (e) Except as disclosed on Disclosure Schedule 3.16(e), neither the Acquired Companies nor AIDEA has Knowledge of any leak, spill, release, discharge, or disposal of any substance regulated under, or defined as or considered “hazardous” or “toxic” or “radioactive” or “contamination” or “pollution” under any Environmental, Health, and Safety Laws that has occurred on, in, or under the real property any of the Acquired Companies owns, leases, or uses, or has ever owned, leased, or used, in conducting the Operations, that was reportable or should have been reported to any government or governmental agency, or that was or could have been subject to clean up or remediation, under any Environmental, Health, and Safety Laws. (f) Except as disclosed on Disclosure Schedule 3.16(f), to the Knowledge of AIDEA and the Acquired Companies, there is no underground storage tank present on any real property any of the Acquired Companies owns, leases, or uses or has owned, leased or used, in conducting the Operations.

  • Substance Abuse Treatment Information Substance abuse treatment information shall be maintained in compliance with 42 C.F.R. Part 2 if the Party or subcontractor(s) are Part 2 covered programs, or if substance abuse treatment information is received from a Part 2 covered program by the Party or subcontractor(s).

  • Security Incident Response Upon becoming aware of a Security Incident, MailChimp shall notify Customer without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by Customer.

  • Personal Data Breach 7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws. 7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

  • BREACH DISCOVERY AND NOTIFICATION 17 1. Following the discovery of a Breach of Unsecured PHI, CONTRACTOR shall notify 18 COUNTY of such Breach, however both parties agree to a delay in the notification if so advised by a 19 law enforcement official pursuant to 45 CFR § 164.412. 20 a. A Breach shall be treated as discovered by CONTRACTOR as of the first day on which 21 such Breach is known to CONTRACTOR or, by exercising reasonable diligence, would have been 22 known to CONTRACTOR. 23 b. CONTRACTOR shall be deemed to have knowledge of a Breach, if the Breach is 24 known, or by exercising reasonable diligence would have known, to any person who is an employee, 25 officer, or other agent of CONTRACTOR, as determined by federal common law of agency. 26 2. CONTRACTOR shall provide the notification of the Breach immediately to the COUNTY 27 Privacy Officer. CONTRACTOR’s notification may be oral, but shall be followed by written 28 notification within twenty four (24) hours of the oral notification. 29 3. CONTRACTOR’s notification shall include, to the extent possible: 30 a. The identification of each Individual whose Unsecured PHI has been, or is reasonably 31 believed by CONTRACTOR to have been, accessed, acquired, used, or disclosed during the Breach; 32 b. Any other information that COUNTY is required to include in the notification to 33 Individual under 45 CFR §164.404 (c) at the time CONTRACTOR is required to notify COUNTY or 34 promptly thereafter as this information becomes available, even after the regulatory sixty (60) day 35 period set forth in 45 CFR § 164.410 (b) has elapsed, including: 36 1) A brief description of what happened, including the date of the Breach and the date 37 of the discovery of the Breach, if known; 1 2) A description of the types of Unsecured PHI that were involved in the Breach (such 2 as whether full name, social security number, date of birth, home address, account number, diagnosis, 3 disability code, or other types of information were involved); 4 3) Any steps Individuals should take to protect themselves from potential harm 5 resulting from the Breach; 6 4) A brief description of what CONTRACTOR is doing to investigate the Breach, to 7 mitigate harm to Individuals, and to protect against any future Breaches; and 8 5) Contact procedures for Individuals to ask questions or learn additional information, 9 which shall include a toll-free telephone number, an e-mail address, Web site, or postal address. 10 4. COUNTY may require CONTRACTOR to provide notice to the Individual as required in 11 45 CFR § 164.404, if it is reasonable to do so under the circumstances, at the sole discretion of the 12 COUNTY. 13 5. In the event that CONTRACTOR is responsible for a Breach of Unsecured PHI in violation 14 of the HIPAA Privacy Rule, CONTRACTOR shall have the burden of demonstrating that 15 CONTRACTOR made all notifications to COUNTY consistent with this Subparagraph F and as 16 required by the Breach notification regulations, or, in the alternative, that the acquisition, access, use, or 17 disclosure of PHI did not constitute a Breach. 18 6. CONTRACTOR shall maintain documentation of all required notifications of a Breach or 19 its risk assessment under 45 CFR § 164.402 to demonstrate that a Breach did not occur. 20 7. CONTRACTOR shall provide to COUNTY all specific and pertinent information about the 21 Breach, including the information listed in Section E.3.b.(1)-(5) above, if not yet provided, to permit 22 COUNTY to meet its notification obligations under Subpart D of 45 CFR Part 164 as soon as 23 practicable, but in no event later than fifteen (15) calendar days after CONTRACTOR’s initial report of 24 the Breach to COUNTY pursuant to Subparagraph F.2. above. 25 8. CONTRACTOR shall continue to provide all additional pertinent information about the

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!