Breach Notification and Recovery Sample Clauses

Breach Notification and Recovery. The PROVIDER must notify the State of Delaware immediately of any incident resulting in the destruction, loss, unauthorized disclosure, or alteration of State of Delaware data. If data is not encrypted (see DU7, below), Delaware Code (6 Del. C. §12B-100 et seq.) requires public breach notification of any incident resulting in the loss or unauthorized disclosure of Delawareans’ Personally Identifiable Information (PII, as defined in Delaware’s Terms and Conditions Governing Cloud Services policy) by PROVIDER or its subcontractors. The PROVIDER will provide notification to persons whose information was breached without unreasonable delay but not later than 60 days after determination of the breach, except 1) when a shorter time is required under federal law; 2) when law enforcement requests a delay; 3) reasonable diligence did not identify certain residents, in which case notice will be delivered as soon as practicable. All such communication shall be coordinated with the State of Delaware. Should the PROVIDER or its contractors be liable for the breach, the PROVIDER shall bear all costs associated with investigation, response, and recovery from the breach. This includes, but is not limited to, credit monitoring services with a term of at least three (3) years, mailing costs, website, and toll-free telephone call center services. The State of Delaware shall not agree to any limitation on liability that relieves the PROVIDER or its subcontractors from its own negligence, or to the extent that it creates an obligation on the part of the State to hold a PROVIDER harmless. Contract/Agreement #/name , Appendix
View SourceView Similar (20)
Breach Notification and Recovery. Unauthorized access or disclosure of non-public data is considered to be a security breach. The Seller will provide immediate notification and all communication shall be coordinated with the State and Purchaser. When the Seller or the parties listed in 47.2.10 sub- contractors are liable for the loss, the Seller shall bear all costs associated with the investigation, response and recovery from the breach including but not limited to credit monitoring services with a term of at least 3 years, mailing costs, website, and toll-free telephone call center services. The State and Purchaser shall not agree to any limitation on liability that relieves a Seller from its own negligence or to the extent that it creates an obligation on the part of the State or Purchaser to hold a Seller harmless.
View SourceView Similar (19)
Breach Notification and Recovery. The PROVIDER must notify the State of Delaware at ▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇▇ immediately or within 24 hours of any determination of the breach of security as defined in 6 Del. C. §12B-101(2) resulting in the destruction, loss, unauthorized disclosure, or alteration of State of Delaware data. The PROVIDER shall send a preliminary written report detailing the nature, extent, and root cause of any such data breach no later than two (2) business days following notice of such a breach. The PROVIDER will continue to send any and all reports subsequent to the preliminary written report. The PROVIDER shall meet and confer with representatives of DTI regarding required remedial action in relation to any such data breach without unreasonable delay. If data is not encrypted (see CS3, below), Delaware Code (6 Del. C. §12B-100 et seq.) requires public breach notification of any incident resulting in the loss or unauthorized disclosure of Delawareans’ Personally Identifiable Information (PII, as defined in Delaware’s Terms and Conditions Governing Cloud Services policy) by PROVIDER or its subcontractors. The PROVIDER will assist and be responsible for all costs to provide notification to persons whose information was breached without unreasonable delay but not later than sixty (60) days after determination of the breach, except 1) when a shorter time is required under federal law; 2) when law enforcement requests a delay; or 3) reasonable diligence did not identify certain residents, in which case notice will be delivered as soon as practicable. All such communication shall be coordinated with the State of Delaware. Should the PROVIDER or its contractors be liable for the breach, the PROVIDER shall bear all costs associated with investigation, response, and recovery from the breach. This includes, but is not limited to, credit monitoring services with a term of at least three (3) years, mailing costs, website, and toll-free telephone call center services. The State will retain all determining authority for breach accountability and responsibility. The State of Delaware shall not agree to any limitation on liability that relieves the PROVIDER or its subcontractors from its own negligence, or to the extent that it creates an obligation on the part of the State to hold a PROVIDER harmless. The PROVIDER shall not issue a media notice without the approval of the State.
View SourceView Similar (4)
Breach Notification and Recovery. Delaware Code requires public breach notification when citizens’ personally identifiable information is lost or stolen. Reference: 6 Del. C. § 12B-102. Additionally, unauthorized access or disclosure of non-public data is considered to be a breach. The Service Provider will provide notification without unreasonable delay and all communication shall be coordinated with the State of Delaware. When the Service Provider or their sub- contractors are liable for the loss, the Service Provider shall bear all costs associated with the investigation, response and recovery from the breach including but not limited to credit monitoring services with a term of at least 3 years, mailing costs, website, and toll free telephone call center services. The State of Delaware shall not agree to any limitation on liability that relieves a Contractor from its own negligence or to the extent that it creates an obligation on the part of the State to hold a Contractor harmless.
View SourceView Similar (3)
Breach Notification and Recovery. Contractor is liable in the event of any Contractor-caused negligent act, error or omission, gross negligence, misconduct, or breach that compromises or is suspected to compromise the security, confidentiality, or integrity of County Data or the physical, technical, administrative, or organizational safeguards put in place by Contractor that relate to the protection of the security, confidentiality, or integrity of County Data. Contractor shall, as applicable: (a) notify County as soon as practicable but no later than twenty-four (24) hours of becoming aware of any occurrence of County Data being compromised; (b) cooperate with County in investigating the occurrence, including making available all relevant records, logs, files, data reporting, and other materials required to comply with applicable law or as otherwise required by County; (c) in the case of personally identifiable information (PII), at County’s sole election, (i) notify the affected individuals who comprise the PII as soon as practicable but no later than is required to comply with applicable law, or, in the absence of any legally required notification period, within ten (10) calendar days of the occurrence or after an investigative security assessment report has been finalized, whichever is later; or, (ii) reimburse County for any costs in notifying the affected individuals, if, in County’s sole discretion, County notifies the affected individuals; (d) in the case of PII, provide third-party credit and identity monitoring services to each of the affected individuals whose PII has been compromised for the period required to comply with applicable law, or, in the absence of any legally required monitoring services, for no less than twelve (12) months following the date of notification to such individuals; (e) perform or take any other actions required to comply with applicable law as a result of the occurrence; (f) without limiting County’s obligations of indemnification as further described in this Agreement, indemnify, defend, and hold harmless County for any and all losses, claims, liens, demands, and causes of action of every kind and character including, but not limited to, the amounts of judgments, penalties, interest, court costs, legal fees, and all other expenses incurred by County arising in favor of any party, , which may be suffered by, accrued against, charged to, or recoverable from County in connection with the occurrence; (g) be responsible for restoring lost County Data in th...
View SourceView Similar (2)
Breach Notification and Recovery. All breaches should be reported to Placer County Security Officer (▇▇▇- ▇▇▇-▇▇▇▇) within 24 hours of discovery. California Civil Codes 1798.29 and 1798.82 require public breach notification when citizens’ personally identifiable information is lost or stolen. Vendor is liable in the event of any act, error or omission, negligence, misconduct, or breach that compromises or is suspected to compromise the security, confidentiality, or integrity of County Data or the physical, technical, administrative, or organizational safeguards put in place by Vendor that relate to the protection of the security, confidentiality, or integrity of County Data. References: ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇.▇▇▇/face s/codes_displaySection.xhtml?lawCo de=CIV&sectionNum=1798.82 ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇.▇▇▇/face s/codes_displaySection.xhtml?lawCo de=CIV&sectionNum=1798.29 All breaches shall be notified to the Placer County Security Officer within 24 hours. DATE: 9/1/22 COMPANY NAME: All-Star Talent Inc COMPANY REPRESENTATIVE: ▇▇▇▇▇ ▇▇▇▇▇▇ CONTRACT REQUIREMENT GUIDELINES Vendor Response 6 Background Checks Vendor will conduct criminal background checks and not utilize any staff, including sub-contractors, to fulfill the obligations of the contract who has been convicted of any crime of dishonesty. Vendor will promote and maintain an awareness of the importance of securing the County’s information among the Service Provider's employees and agents. We will conduct criminal background checks and will not use any staff, including sub-contractors who have been convicted of dishonesty. In addition, we will promote and maintain an awareness of the importance of securing the County’s information at all times.
View Source
Breach Notification and Recovery. Contractor will provide notification without unreasonable delay when citizens’ personally identifiable information is lost or stolen or there is unauthorized access or disclosure of non-public data. All communication relating to any of the data breach situations described in this section shall be coordinated with the County. When Contractor or its subcontractors are liable for the loss, Contractor shall bear all costs associated with the investigation, response and recovery from the breach including but not limited to credit monitoring services with a term of at least three years, mailing costs, website and toll free telephone call center services. The County shall not agree to any limitation on liability that relieves Contractor or its subcontractors from their own negligence or to the extent that it creates an obligation on the part of the County to hold a contractor harmless.
View Source
Breach Notification and Recovery. The PROVIDER must notify the State of Delaware at ▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇▇ immediately or within 24 hours of any determination of the breach of security as defined in 6 Del. C. §12B-101(2) resulting in the destruction, loss, unauthorized disclosure, or alteration of State of Delaware data. The PROVIDER shall send a preliminary written report detailing the nature, extent, and root cause of any such data breach no later than two (2) business days following notice of such a breach. The PROVIDER will continue to send any and all reports subsequent to the preliminary written report. The PROVIDER shall meet and confer with representatives of DTI regarding required remedial action in relation to any such data breach without unreasonable delay. If data is not encrypted (see CS3, below), Delaware Code (6 Del. C. §12B-100 et seq.) requires public breach notification of any incident resulting in the loss or unauthorized dis Terms and
View Source
Breach Notification and Recovery. The City requires public breach notification when citizens’ personally identifiable information is lost or stolen. Additionally, unauthorized access or disclosure of non-public data is considered to be a breach. The Vendor will provide notification without unreasonable delay and all communication shall be pre- coordinated with the City. When the Vendor or their subcontractors are responsible for the loss, the Vendor shall bear all costs associated with the investigation, response and recovery from the breach, including without limitation credit monitoring services with a term of at least 3 years, mailing costs, website, and toll free telephone call center services. The City rejects any limitation on liability that purports to relieve a vendor from its own negligence or to the extent that it purports to creates an obligation on the part of the City or State of Washington to hold a vendor harmless.
View Source

Related to Breach Notification and Recovery

  • Breach Notification a. In the event of a Breach of unsecured PHI or disclosure that compromises the privacy or security of PHI obtained from DSHS or involving DSHS clients, Business Associate will take all measures required by state or federal law. b. Business Associate will notify DSHS within one (1) business day by telephone and in writing of any acquisition, access, Use or disclosure of PHI not allowed by the provisions of this Contract or not authorized by HIPAA Rules or required by law of which it becomes aware which potentially compromises the security or privacy of the Protected Health Information as defined in 45 CFR 164.402 (Definitions). c. Business Associate will notify the DSHS Contact shown on the cover page of this Contract within one (1) business day by telephone or e-mail of any potential Breach of security or privacy of PHI by the Business Associate or its Subcontractors or agents. Business Associate will follow telephone or e-mail notification with a faxed or other written explanation of the Breach, to include the following: date and time of the Breach, date Breach was discovered, location and nature of the PHI, type of Breach, origination and destination of PHI, Business Associate unit and personnel associated with the Breach, detailed description of the Breach, anticipated mitigation steps, and the name, address, telephone number, fax number, and e-mail of the individual who is responsible as the primary point of contact. Business Associate will address communications to the DSHS Contact. Business Associate will coordinate and cooperate with DSHS to provide a copy of its investigation and other information requested by DSHS, including advance copies of any notifications required for DSHS review before disseminating and verification of the dates notifications were sent. d. If DSHS determines that Business Associate or its Subcontractor(s) or agent(s) is responsible for a Breach of unsecured PHI: (1) requiring notification of Individuals under 45 CFR § 164.404 (Notification to Individuals), Business Associate bears the responsibility and costs for notifying the affected Individuals and receiving and responding to those Individuals’ questions or requests for additional information; (2) requiring notification of the media under 45 CFR § 164.406 (Notification to the media), Business Associate bears the responsibility and costs for notifying the media and receiving and responding to media questions or requests for additional information; (3) requiring notification of the U.S. Department of Health and Human Services Secretary under 45 CFR § 164.408 (Notification to the Secretary), Business Associate bears the responsibility and costs for notifying the Secretary and receiving and responding to the Secretary’s questions or requests for additional information; and (4) DSHS will take appropriate remedial measures up to termination of this Contract.

  • COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.