Data Breach and Cooperation Clause Samples

Data Breach and Cooperation. 6.1 Participant shall notify UWOC when there has been, or it is reasonable to believe that there has been, any Security Breach involving GHOC Data as soon as feasible, but in any event no later than forty-eight (48) hours from the time the Security Breach is discovered or should have been reasonably discovered. In the event of a Security Breach involving GHOC Data, Participant shall immediately, and at Participants’ expense, take steps that UWOC may reasonably require to investigate and remedy the Security Breach, and prevent the further unauthorized access to, use of, or disclosure of such GHOC Data while preserving records and other evidence. 6.2 UWOC shall have the right, upon reasonable notice, to take reasonable and appropriate steps to stop and remediate unauthorized use of GHOC Data. 6.3 Participant undertakes to provide full cooperation and assistance, as it may be reasonably possible, in order to assist UWOC in responding to data subjects' requests for the exercising of their rights pursuant to Applicable Law, where applicable. 6.4 At UWOC’s reasonable request, Participant shall assist UWOC in ensuring compliance with its own data breach notification, impact assessment and supervisory authority consultation obligations under Applicable Laws, taking into account the nature of Processing and information available to Participant, noting that UWOC shall be responsible for the cost of any such assistance unless and to the extent that such assistance is required because of a failure by Participant to comply with the obligations under this DPA.
View SourceView Similar (2)
Data Breach and Cooperation. 1. Participant shall notify UWOC when there has been, or it is reasonable to believe that there has been, any Security Breach involving CIE Data as soon as feasible, but in any event no later than forty-eight (48) hours from the time the Security Breach is discovered or should have been reasonably discovered. In the event of a Security Breach involving CIE Data, Participant shall immediately, and at Participants’ expense, take steps that UWOC may reasonably require to investigate and remedy the Security Breach, and prevent the further unauthorized access to, use of, or disclosure of such CIE Data while preserving records and other evidence.
View Source

Related to Data Breach and Cooperation

  • Data Breaches Contractor shall notify the School District in writing as soon as commercially practicable, however no later than forty-eight (48) hours, after Contractor has either actual or constructive knowledge of a breach which affects the School District’s Data (an “Incident”) unless it is determined by law enforcement that such notification would impede or delay their investigation. Contractor shall have actual or constructive knowledge of an Incident if Contractor actually knows there has been an Incident or if Contractor has reasonable basis in facts or circumstances, whether acts or omissions, for its belief that an Incident has occurred. The notification required by this section shall be made as soon as commercially practicable after the law enforcement agency determines that notification will not impede or compromise the investigation. Contractor shall cooperate with law enforcement in accordance with applicable law provided however, that such cooperation shall not result in or cause an undue delay to remediation of the Incident. Contractor shall promptly take appropriate action to mitigate such risk or potential problem at Contractor’s or OPERATOR’s expense. In the event of an Incident, Contractor shall, at its sole cost and expense, restore the Confidential Information, to as close its original state as practical, including, without limitation any and all Data, and institute appropriate measures to prevent any recurrence of the problem as soon as is commercially practicable. Contractor will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Contractor will also have a written incident response plan, to include prompt notification of the District in the event of a security or privacy incident, as well as best practices for responding to a breach of PII.

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Data Breach In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process: (1) The security breach notification described above shall include, at a minimum, the following information to the extent known by the Provider and as it becomes available: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (2) Provider agrees to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a summary of said written incident response plan. (4) LEA shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (5) In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with ▇▇▇ to the extent necessary to expeditiously secure Student Data.

  • Customer Cooperation 3.2.1. Customer shall provide and make available all Customer personnel as may be further addressed in an applicable Order Form or that SAP reasonably requires in connection with performance of the Services. 3.2.2. Customer shall appoint a contact person with the authority to make decisions and to supply SAP with any necessary or relevant information expeditiously.