Data Breach and Incident Reporting Sample Clauses

The Data Breach and Incident Reporting clause requires parties to promptly notify each other in the event of a data breach or security incident involving sensitive or protected information. Typically, this clause outlines the timeframe for notification, the type of information that must be reported, and the procedures for investigating and mitigating the breach. Its core function is to ensure transparency and timely communication, enabling affected parties to respond quickly and minimize potential harm or legal exposure resulting from data security incidents.
Data Breach and Incident Reporting. 8.1. The Contractor will submit reports of cyber incidents through approved reporting mechanisms. The Contractor’s existing notification mechanisms that are already in place to communicate between the Contractor and its customers may be used, as long as those mechanisms demonstrate a level of assurance, equivalent to the listed encrypted mechanisms, for the confidentiality and integrity of the information. 8.2. The Contractor will use a template format when reporting initial incidents by secure fax, telephonically, or by other electronic means. Initial reports may be incomplete. Reporting should balance the necessity of timely reporting (reports with critical information) versus complete reports (those with all blocks completed). Timely reporting is vital, and complete information should follow as details emerge. 8.3. In addition to the above, if the incident concerns a breach of PII or a potential breach of PII, the Contractor will report to the contracting officer’s designee within 24 hours of the discovery of any data breach. The Contractor shall provide Metro with all information and cooperation necessary to enable compliance by the Contractor and/or Metro with data breach reporting and mitigation actions required by applicable law, regulation, policy, and this contract.
View SourceView Similar (3)
Data Breach and Incident Reporting. The Contractor shall adopt and maintain administrative, technical, and physical safeguards and controls to protect and remedy data breaches, if any, of Government data. The Contractor shall submit reports of cyber incidents through approved reporting mechanisms, as specified in CJCSM 6510.01B, Enclosure C, Section 4. The Contractor’s existing notification mechanisms that are already in place to communicate between the Contractor and its customers for some or all classes of Computer Network Defense (CND) information may be used, as long as those mechanisms demonstrate a level of assurance, equivalent to the listed encrypted mechanisms, for the confidentiality and integrity of the information. CLAUSES INCORPORATED BY REFERENCE 252.211-7003 Item Unique Identification and Valuation MAR 2016 Section I - Contract Clauses CLAUSES INCORPORATED BY REFERENCE 52.202-1 Definitions NOV 2013 52.203-7 Anti-Kickback Procedures MAY 2014 52.203-17 Contractor Employee Whistleblower Rights and Requirement To Inform Employees of Whistleblower Rights APR 2014 52.203-18 Prohibition on Contracting With Entities That Require Certain Internal Confidentiality Agreements or Statements-- Representation JAN 2017 52.204-2 Security Requirements AUG 1996 52.204-13 System for Award Management Maintenance OCT 2018 52.204-18 Commercial and Government Entity Code Maintenance JUL 2016 52.204-22 Alternative Line Item Proposal JAN 2017 52.209-11 Representation by Corporations Regarding Delinquent Tax Liability or a Felony Conviction under any Federal Law FEB 2016 52.215-23 Limitations on Pass-Through Charges OCT 2009 52.216-19 Order Limitations OCT 1995 52.216-24 Limitation Of Government Liability APR 1984 52.222-41 Service Contract Labor Standards AUG 2018 52.222-42 Statement Of Equivalent Rates For Federal Hires MAY 2014 52.222-43 Fair Labor Standards Act And Service Contract Labor Standards - Price Adjustment (Multiple Year And Option Contracts) AUG 2018 52.224-1 Privacy Act Notification APR 1984 52.224-2 Privacy Act APR 1984 52.225-13 Restrictions on Certain Foreign Purchases JUN 2008 52.225-19 Contractor Personnel in a Designated Operational Area or Supporting a Diplomatic or Consular Mission Outside the United States MAR 2008 52.232-1 Payments APR 1984 52.232-8 Discounts For Prompt Payment FEB 2002 52.232-17 Interest MAY 2014 52.232-18 Availability Of Funds APR 1984 52.232-20 Limitation Of Cost APR 1984 52.232-22 Limitation Of Funds APR 1984 52.232-23 Assignment Of Claims MAY 2014 52.232-3...
View Source

Related to Data Breach and Incident Reporting

  • Incident Reporting Transfer Agent will use commercially reasonable efforts to promptly furnish to Fund information that Transfer Agent has regarding the general circumstances and extent of such unauthorized access to the Fund Data.

  • Data Breaches Contractor shall notify the School District in writing as soon as commercially practicable, however no later than forty-eight (48) hours, after Contractor has either actual or constructive knowledge of a breach which affects the School District’s Data (an “Incident”) unless it is determined by law enforcement that such notification would impede or delay their investigation. Contractor shall have actual or constructive knowledge of an Incident if Contractor actually knows there has been an Incident or if Contractor has reasonable basis in facts or circumstances, whether acts or omissions, for its belief that an Incident has occurred. The notification required by this section shall be made as soon as commercially practicable after the law enforcement agency determines that notification will not impede or compromise the investigation. Contractor shall cooperate with law enforcement in accordance with applicable law provided however, that such cooperation shall not result in or cause an undue delay to remediation of the Incident. Contractor shall promptly take appropriate action to mitigate such risk or potential problem at Contractor’s or OPERATOR’s expense. In the event of an Incident, Contractor shall, at its sole cost and expense, restore the Confidential Information, to as close its original state as practical, including, without limitation any and all Data, and institute appropriate measures to prevent any recurrence of the problem as soon as is commercially practicable. Contractor will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Contractor will also have a written incident response plan, to include prompt notification of the District in the event of a security or privacy incident, as well as best practices for responding to a breach of PII.

  • Security Incident Reporting A security incident occurs when CDA information assets are or reasonably believed to have been accessed, modified, destroyed, or disclosed without proper authorization, or are lost, or stolen. Subrecipient must comply with CDA’s security incident reporting procedures located at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇.▇▇▇/ProgramsProviders/#Resources.

  • Data Breach In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process: (1) The security breach notification described above shall include, at a minimum, the following information to the extent known by the Provider and as it becomes available: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (2) Provider agrees to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a summary of said written incident response plan. (4) LEA shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (5) In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with ▇▇▇ to the extent necessary to expeditiously secure Student Data.

  • Adverse Event Reporting Both Parties acknowledge the obligation to comply with the Protocol and / or applicable regulations governing the collection and reporting of adverse events of which they may become aware during the course of the Clinical Trial. Both Parties agree to fulfil and ensure that their Agents fulfil regulatory requirements with respect to the reporting of adverse events.