Common use of Third Business Day Clause in Contracts

Third Business Day. No later than 5 p.m. on the third business day after Discovery, or a time within which Discovery reasonably should have been made by Contractor of a Breach of Confidential Information, Contractor shall provide written notification to DHHS of all reasonably available information about the Breach, and Contractor's investigation, including, to the extent known to Contractor: 4.3.1. The date the Breach occurred; 4.3.2. The date of Contractor's and, if applicable, Subcontractor's Discovery; 4.3.3. A brief description of the Breach, including how it occurred and who is responsible (or hypotheses, if not yet determined); 4.3.4. A brief description of Contractor's investigation and the status of the investigation; 4.3.5. A description of the types and amount of Confidential Information involved; 4.3.6. Identification of and number of all individuals reasonably believed to be affected, including first and last name of the individual(s) and if applicable, the Legally Authorized Representative, last known address, age, telephone number, and email address if it is a preferred contact method; 4.3.7. Contractor’s initial risk assessment of the Breach, demonstrating whether individual or other notices are required by applicable law or this DUA for DHHS approval, including an analysis of whether there is a low probability of compromise of the Confidential Information or whether any legal exceptions to notification apply; 4.3.8. Contractor's recommendation for DHHS’s approval as to the steps individuals and/or Contractor on behalf of individuals, should take to protect the individuals from potential harm, including Contractor’s provision of notifications, credit protection, claims monitoring, and any specific protections for a Legally Authorized Representative to take on behalf of an individual with special capacity or circumstances; 4.3.9. The steps Contractor has taken to mitigate the harm or potential harm caused (including without limitation the provision of sufficient resources to mitigate); 4.3.10. The steps Contractor has taken, or will take, to prevent or reduce the likelihood of recurrence of a similar Breach; 4.3.11. Identify, describe or estimate of the persons, Workforce, Subcontractor, or individuals and any law enforcement that may be involved in the Breach; 4.3.12. A reasonable schedule for Contractor to provide regular updates regarding response to the Breach, but no less than every three (3) business days, or as otherwise directed by DHHS in writing, including information about risk estimations, reporting, notification, if any, mitigation, corrective action, root cause analysis and when such activities are expected to be completed; and 4.3.13. Any reasonably available, pertinent information, documents or reports related to a Breach that DHHS requests following Discovery.