Common use of TEFCA Security Incident Notice to Affected Individuals Clause in Contracts

TEFCA Security Incident Notice to Affected Individuals. Each Signatory that is an IAS Provider must notify each Individual whose TI has been or is reasonably believed to have been affected by a TEFCA Security Incident involving the IAS Provider. Such notification must be made without unreasonable delay and in no case later than sixty (60) days following Discovery of the TEFCA Security Incident. The notification required under this section must be written in plain language and shall include, to the extent possible: (i) A brief description of what happened, including the date of the TEFCA Security Incident and the date of its Discovery, if known; (ii) A description of the type(s) of Unsecured TI involved in the TEFCA Security Incident (such as whether full name, Social Security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); (iii) Any steps Individuals should take to protect themselves from potential harm resulting from the TEFCA Security Incident; (iv) A brief description of what the Signatory involved is doing to investigate the TEFCA Security Incident, to mitigate harm to Individuals, and to protect against any further TEFCA Security Incidents; and (v) Contact procedures for Individuals to ask questions or learn additional information related to the TEFCA Security Incident, which shall include a telephone number (toll-free), e-mail address, and website with contact information and/or a contact form for the IAS Provider. To the extent Signatory is already required by Applicable Law to notify an Individual of an incident that would also be a TEFCA Security Incident, this section does not require duplicative notification to that Individual.

TEFCA Security Incident Notice to Affected Individuals. Each Signatory Participant that is an IAS Provider must notify each Individual whose TI has been or is reasonably believed to have been affected by a TEFCA Security Incident involving the IAS Provider. Such notification must be made without unreasonable delay and in no case later than sixty (60) days following Discovery of the TEFCA Security Incident. The notification required under this section must be written in plain language and shall include, to the extent possible: (i) A brief description of what happened, including the date of the TEFCA Security Incident and the date of its Discovery, if known; (ii) A description of the type(s) of Unsecured TI involved in the TEFCA Security Incident (such as whether full name, Social Security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); (iii) Any steps Individuals should take to protect themselves from potential harm resulting from the TEFCA Security Incident; (iv) A brief description of what the Signatory Participant involved is doing to investigate the TEFCA Security Incident, to mitigate harm to Individuals, and to protect against any further TEFCA Security Incidents; and (v) Contact procedures for Individuals to ask questions or learn additional information related to the TEFCA Security Incident, which shall include a telephone number (toll-free), e-mail address, and website with contact information and/or a contact form for the IAS Provider. To the extent Signatory Participant is already required by Applicable Law to notify an Individual of an incident that would also be a TEFCA Security Incident, this section does not require duplicative notification to that Individual.

TEFCA Security Incident Notice to Affected Individuals. Each Signatory that is an IAS Provider must notify each Individual whose TI has been or is reasonably believed to have been affected by a TEFCA Security Incident involving the IAS Provider. Such notification must be made without unreasonable delay and in no case later than sixty (60) days following Discovery of the TEFCA Security Incident. The notification required under this section must be written in plain language and shall include, to the extent possible: (i) A brief description of what happened, including the date of the TEFCA Security Incident Incident, if known, and the date of its Discovery, if known; (ii) A description of the type(s) of Unsecured TI involved in the TEFCA Security Incident (such as whether full name, Social Security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); (iii) Any steps Individuals should take to protect themselves from potential harm resulting from the TEFCA Security Incident; (iv) A brief description of what the Signatory IAS Provider involved is doing to investigate the TEFCA Security Incident, to mitigate harm to Individuals, and to protect against any further TEFCA Security Incidents; and (v) Contact procedures for Individuals to ask questions or learn additional information related to the TEFCA Security Incident, which shall include a telephone number (toll-free), e-mail address, and website with contact information and/or a contact form for the IAS Provider. To the extent Signatory an IAS Provider is already required by Applicable Law to notify an Individual of an incident that would also be a TEFCA Security Incident, this section does not require duplicative notification to that Individual.