Common use of Breach Reporting Clause in Contracts

Breach Reporting. If SSA or VA suspects or confirms a breach, as defined by OMB M-17-12 or suspects or experiences an incident involving the loss or breach of PII provided by SSA or VA under the terms of this Agreement, they will follow the breach reporting guidelines issued by OMB and agency policy. In the event of a reportable breach under OMB guidance involving PII, the agency experiencing the breach is responsible for following its established procedures, including notification to the proper organizations (e.g., United States Computer Emergency Readiness Team, the agency’s privacy office). In addition, the agency experiencing the breach (e.g., electronic or paper) will notify the other agency’s Systems Security Contact named in this Agreement. If VA is unable to speak with the SSA Systems Security Contact within one hour or if for some other reason notifying the SSA Systems Security Contact is not practicable (e.g., it is outside of the normal business hours), VA will call SSA’s National Network Service Center toll free at ▇-▇▇▇-▇▇▇-▇▇▇▇. SSA must also notify VA’s Systems Security Contact and the VA Network and Security Operations Center (1-800- 877-4328) within one hour.

Breach Reporting. If SSA or VA suspects or confirms a breach, as defined by OMB M-17-12 or suspects or experiences an incident involving the loss or breach of PII provided by SSA or VA under the terms of this Agreement, they will follow the breach reporting guidelines issued by OMB and agency policy. In the event of a reportable breach under OMB guidance involving PII, the agency experiencing the breach is responsible for following its established procedures, including notification to the proper organizations (e.g., United States Computer Emergency Readiness Team, the agency’s privacy office). In addition, the agency experiencing the breach (e.g., electronic or paper) will notify the other agency’s Systems Security Contact named in this Agreement. If VA is unable to speak with the SSA Systems Security Contact within one hour or if for some other reason notifying the SSA Systems Security Contact is not practicable (e.g., it is outside of the normal business hours), VA will call SSA’s National Network Service Center toll free at ▇-▇▇▇-▇▇▇-▇▇▇▇. SSA must also notify VA’s Systems Security Contact and the VA Network and Security Operations Center (1▇ ▇▇▇-800- 877▇▇▇-4328▇▇▇▇) within one hour. If SSA is unable to speak with VA’s Systems Security Contact within one hour, SSA will contact the VA Enterprise Service Desk: 855-NSD-HELP (855-673-4357).