Common use of Unauthorized Access, Use or Disclosure of Confidential Information Clause in Contracts

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware of any unauthorized access, use, or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which shall be no more than twenty-four hours from Provider receiving notice of the unauthorized access, use or disclosure of the Confidential Information; (ii) take prompt and appropriate action to prevent further unauthorized access, use or disclosure of the Confidential Information; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the laws; and (iv) take such other actions as the Board may reasonably require to remedy such unauthorized access, use and disclosure, including if required under any federal or state law, providing notification to the affected persons. Provider shall bear the losses and expenses (including attorneys’ fees) associated with the breach of its obligations concerning the handling and protection of Confidential Information, including without limitation any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages or harm of the data breach, including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider Vendor becomes aware of any unauthorized access, use, or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which shall be no more than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use or disclosure of the Confidential Information; (ii) take prompt and appropriate action to prevent further unauthorized access, use or disclosure of the Confidential Information; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the laws; and (iv) take such other actions as the Board may reasonably require to remedy such unauthorized access, use and disclosure, including if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the breach of its obligations concerning the handling and protection of Confidential Information, including without limitation any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages or harm of the data breach, including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Contract, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors performing Services under this Contract.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Agreement, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors performing Services or providing Products under this Agreement.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider Vendor becomes aware of any unauthorized access, use, or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which shall be no more than twenty-four (24) hours from Provider Vendor receiving notice of the unauthorized access, use or disclosure of the Confidential Information; (ii) take prompt and appropriate action to prevent further unauthorized access, use or disclosure of the Confidential Information; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the laws; and (iv) take such other actions as the Board may reasonably require to remedy such unauthorized access, use and disclosure, including if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the breach of its obligations concerning the handling and protection of Confidential Information, including without limitation any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages or harm of the data breach, including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware the Vendor has actual knowledge of any unauthorized access, use, or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which shall be no more than twenty-four hours from Provider the Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Information; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require to remedy such unauthorized access, use and or disclosure, including if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning for the protection and handling and protection of Confidential InformationInformation including, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breachbreach including, including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include provisions consistent with this Section in contracts with any subcontractors providing any Services under the Agreement.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours fourteen (14) days from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Agreement, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors performing Services or providing Products under this Agreement.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: : (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Contract, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors DocuSign Envelope ID: B93E46A5-1622-4A2D-B1AC-CC045CEED495 performing Services or providing Products under this Contract.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Agreement, including without limitation limitation, any costs: : (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors providing Products or performing Services under this Agreement.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: : (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider To the extent required by applicable law, Vendor shall bear the losses and expenses (including reasonable attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Agreement, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors performing Services under this Agreement.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Agreement, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors providing Services under this Agreement.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider Vendor becomes aware of any unauthorized access, use, or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which shall be no more than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use or disclosure of the Confidential Information; (ii) take prompt and appropriate action to prevent further unauthorized access, use or disclosure of the Confidential Information; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s 's duties under the laws; and (iv) take such other actions as the Board may reasonably require to remedy such unauthorized access, use and disclosure, including if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ ' fees) associated with the breach of its obligations concerning the handling and protection of Confidential Information, including without limitation any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages or harm of the data breach, including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: : (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Contract, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors performing Services or providing Products under this Contract.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware of any unauthorized access, use, or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which shall be no more than twenty-four hours from Provider receiving notice of the unauthorized access, use or disclosure of the Confidential DocuSign Envelope ID: 8E206358-18B9-49EA-B938-87CAE5C44DFC Information; (ii) take prompt and appropriate action to prevent further unauthorized access, use or disclosure of the Confidential Information; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the laws; and (iv) take such other actions as the Board may reasonably require to remedy such unauthorized access, use and disclosure, including if required under any federal or state law, providing notification to the affected persons. Provider shall bear the losses and expenses (including attorneys’ fees) associated with the breach of its obligations concerning the handling and protection of Confidential Information, including without limitation any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages or harm of the data breach, including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board.

Unauthorized Access, Use or Disclosure of Confidential Information. If the Provider becomes aware of any unauthorized access, use, or disclosure of the Confidential Information, it shall: : (i) notify the Board immediately, which shall be no more than twenty-four hours from the Provider receiving notice of the unauthorized access, use use, or disclosure of the Confidential Information; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require to remedy such unauthorized access, use and or disclosure, including if required under any federal or state law, providing notification to the affected persons. Provider shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Provider’s obligations concerning for the protection and handling and protection of Confidential InformationInformation including, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breachbreach including, including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Provider shall include provisions consistent with this Section in contracts with any subcontractors providing any Services under the Agreement.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider either Party becomes aware of any unauthorized access, use, or disclosure of the other Party’s Confidential Information, it shall: (i) notify the Board other Party immediately, which shall be no more than twentyforty-four eight hours from Provider that Party receiving notice of the unauthorized access, use or disclosure of the other Party’s Confidential Information; (ii) take prompt and appropriate action to prevent further unauthorized access, use or disclosure of the other Party’s Confidential Information; (iii) cooperate with the Board other Party and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Boardother Party’s duties under the laws; and (iv) take such other actions as the Board other Party may reasonably require to remedy such unauthorized access, use and disclosure, including if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the breach of its obligations concerning the handling and protection of Confidential Information, including without limitation any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages or harm of the data breach, including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. The Board shall bear any losses and expenses associated with its breach of obligations that are ordered by a court of law.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware the receiving party has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: (i) notify the Board immediatelydisclosing party promptly, which in no event shall be no more longer than twentyseventy-four two hours from Provider receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) reasonably cooperate with the Board disclosing party and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board disclosing This Agreement will be posted on the CPS website. party may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected personspersons in accordance with the receiving party’s incident response plan. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Contract, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodiesbodies as determined appropriate by Vendor and in compliance with applicable laws; and (2) of instigating remedying and otherwise mitigating any potential damages damage or harm of the data breach, including without limitation, establishing call centers breach as determined appropriate by Vendor and providing credit monitoring or credit restoration services, as requested by the Boardin compliance with applicable laws. Vendor shall include this provision in any and all agreements it executes with subcontractors performing Services under this Contract.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware of any unauthorized access, use, or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which shall be no more than twenty-four hours from Provider receiving notice of the unauthorized access, use or disclosure of the Confidential DocuSign Envelope ID: 36E2889B-5311-435A-B41D-1E938EB7F790 Information; (ii) take prompt and appropriate action to prevent further unauthorized access, use or disclosure of the Confidential Information; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the laws; and (iv) take such other actions as the Board may reasonably require to remedy such unauthorized access, use and disclosure, including if required under any federal or state law, providing notification to the affected persons. Provider shall bear the losses and expenses (including attorneys’ fees) associated with the breach of its obligations concerning the handling and protection of Confidential Information, including without limitation any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages or harm of the data breach, including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware the Receiving Party has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shallshall use commercially reasonable efforts to: (i) notify the Board immediatelyDisclosing Party promptly, which shall be but in any event no more less than twenty-four hours 72 hours, from Provider receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board Disclosing Party and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the BoardDisclosing Party’s duties under the lawslaw; and (iv) take such other actions as the Board Disclosing Party may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider The Receiving Party shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its obligations concerning the handling and protection of Confidential InformationInformation as set forth in this Contract, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the BoardDisclosing Party. Contractor shall include this provision in any and all agreements it executes with subcontractors performing Services under this Contract.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties DocuSign Envelope ID: A4D19029-22F0-4513-8EAB-E19E03DCDD26 under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Agreement, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors performing Services or providing Products under this Agreement.

Unauthorized Access, Use or Disclosure of Confidential Information. If Provider becomes aware Vendor has knowledge of any unauthorized access, use, or and/or disclosure of the Confidential Information, it shall: (i) notify the Board immediately, which in no event shall be no more longer than twenty-four hours from Provider Vendor receiving notice of the unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (ii) take prompt and appropriate action to prevent further unauthorized access, use use, or disclosure of the Confidential Informationdisclosure; (iii) cooperate with the Board and any government authorities with respect to the investigation and mitigation of any such unauthorized access, use, or disclosure, including the discharge of the Board’s duties under the lawslaw; and (iv) take such other actions as the Board may reasonably require direct to remedy such unauthorized access, use and or disclosure, including including, if required under any federal or state law, providing notification to the affected persons. Provider Vendor shall bear the losses and expenses (including attorneys’ fees) associated with the a breach of its Vendor’s obligations concerning the handling and protection of regarding Confidential InformationInformation as set forth in this Contract, including without limitation limitation, any costs: (1) of providing notices of a data breach to affected persons and to regulatory bodies; and (2) of remedying and otherwise mitigating any potential damages damage or harm of the data breach, breach including without limitation, establishing call centers and providing credit monitoring or credit restoration services, as requested by the Board. Vendor shall include this provision in any and all agreements it executes with subcontractors performing Services or providing Products under this Contract.