Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.
Reportable Events Involving the Xxxxx Law Notwithstanding the reporting requirements outlined above, any Reportable Event that involves solely a probable violation of section 1877 of the Social Security Act, 42 U.S.C. §1395nn (the Xxxxx Law) should be submitted by Practitioner to CMS through the self-referral disclosure protocol (SRDP), with a copy to the OIG. If Practitioner identifies a probable violation of the Xxxxx Law and repays the applicable Overpayment directly to the CMS contractor, then Practitioner is not required by this Section III.G to submit the Reportable Event to CMS through the SRDP.