Data Breach Response Clause Samples

Data Breach Response. In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by Vendor Vendor shall provide notification to School District within five (5) business days of Vendor’s confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Vendor shall follow the following process: (a) The security breach notification described above shall include, at a minimum, the following information to the extent known by Vendor and as it becomes available: (1) The name and contact information of the reporting School District subject to this section. (2) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (3) If the information is possible to determine at the time the notice is provided, then either (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (4) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and (5) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (b) Vendor agrees to adhere to all applicable federal and state legal requirements with respect to a data breach related to the Student Data, including, when required, the required responsibilities and procedures for notification and mitigation of any such data breach. (c) Vendor further acknowledges and agrees to have a written incident response plan that is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School District, upon written request, with a summary of said written incident response plan. (d) School District shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (e) In the event of a breach originating from School District’s use of the Service, Vendor shall cooperate with Schoo...

Data Breach Response a. If the nature of the Work involves Vendor Group equipment, software, product(s), host(s), network(s), or environment(s) that may expose University Data to a potential Data Breach, then Vendor shall have an appropriate incident response plan. University may, at its discretion, require Vendor to participate in response planning for Data Breach scenarios and/or “lessons learned” activities following an event that was or might have been a Data Breach. b. If Vendor has reason to believe that Data Breach(es) may have occurred on any of Vendor Groups’ equipment, software, products, host(s), network(s), or environment(s), then Vendor shall promptly (and shall not exceed the time periods as may be required by applicable law) alert the University while also taking such immediate actions as may be necessary to preserve relevant evidence, identity the nature of the event, and contain any Data Breach. As soon as becomes practicable, Vendor shall provide the University a written notice describing the Data Breach incident, and provide University further information updates to help University understand the nature and scope of the event. Vendor shall advise University as to what information and assistance is needed from University in order to eliminate the cause, and mitigate the adverse effects of any Data Breach. Vendor shall prioritize devoting sufficient resources as may be required for this effort. c. University may direct Vendor to provide notice and credit monitoring, at Vendor’s expense, to the third parties (such as private individuals, entities, and official bodies) determined by University to require notification, or University may do so itself. Unless Vendor is compelled by law to provide notification to third parties in a particular manner, University shall control the time, place, and manner of such notification. d. If recovery from the adverse effects of the Data Breach necessitates Vendor’s assistance in the reinstallation of Vendor Group’s technology product(s) (including hardware or software) that are connected with the Work, then Vendor shall cause such assistance in reinstallation to be provided. If Vendor Group is responsible for the Data Breach, then reinstallation assistance shall be at no cost to the University. e. If it appears to the University, in its sole discretion, that services or technology provided by the Vendor are a source of the Data Breach, and present an unreasonable risk, then the University may opt to discontinue use of that sour...

Data Breach Response a. Upon becoming aware of a Data Breach, MailMunch will notify Customer without undue delay and provide timely information relating to the Data Breach as it becomes known or as is reasonably requested by Customer. The obligations herein shall not apply to incidents that are caused by Customer or Customer's Users.

Data Breach Response. While we use industry-standard practices to safeguard data, no service can guarantee absolute data security. We have a Breach Response Plan, which we will follow if we ever discover that Personal Data has been accessed improperly. As part of our response, we will: take action to stop further data loss or unauthorized access; investigate how the breach occurred; promptly contact all affected users via email; and contact law enforcement and government agencies when appropriate. Data Retention and Deletion XtraMath retains Personal Data only for as long as necessary to ensure continuity of math skill-building for students, and for the convenience of parents and teachers. We close user accounts, and delete all associated identifiable data, upon request. Most types of data are also deleted automatically after a certain amount of time has passed. For details, see Appendix B, Record of Data Processing. We may retain de-identified, aggregate data, which cannot identify any individual user, for research and program improvement purposes. Such data is deleted once no longer necessary for these purposes.We will provide certification of data deletion upon request. Compliance with Data Privacy Laws While we use industry-standard practices to safeguard data, no service can guarantee absolute data security. We have a Breach Response Plan, which we will follow if we ever discover that Personal Data has been accessed improperly. As part of our response, we will: take action to stop further data loss or unauthorized access; investigate how the breach occurred; promptly contact all affected users via email; and contact law enforcement and government agencies when appropriate. • Children’s Online Privacy Protection Act (COPPA): As a non-profit organization, XtraMath is not subject to COPPA. Nevertheless, we fully comply with the law as if we were subject to it. Children under the age of 13 may not create accounts. We only collect usage and performance data from students as a result of their performing educational activities, and we only use that data for educational purposes. If we gain actual knowledge that a child is using XtraMath without the appropriate consent, we terminate the account.

Data Breach Response. (a) Unless expressly stated in a Work Order, National PC’s sole obligation in the event of a Data Breach is to attempt restoration of data from the most recent available backup.

Data Breach Response. Data Breach Response: (i) identifies certain personal information identifiers; and (ii) prepares a notification report, as further described in the Documentation. Customer will be charged the greater of: (a) the actual Relativity Data Breach Response Fees, which are based on the Data Breach Response Monthly Count multiplied by the Unit Price; or (b) a minimum monthly fee of $2,500 per Standard Workspace with the Data Breach Response application installed. The “Data Breach Response Monthly

Data Breach Response a. Upon becoming aware of a Data Breach, ConvertKit will notify Customer without undue delay and provide timely information relating to the Data Breach as it becomes known or as is reasonably requested by Customer. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s Users.

Data Breach Response. In the event of a data breach affecting Clients’ Data, SmartComment will promptly notify affected Clients, typically within 72 hours of discovery. Our notification will include the nature and scope of the breach, steps taken to contain and remedy the breach, and support for Client breach notification requirements. We maintain detailed records of all breach response actions and cooperate with Client investigations.

Data Breach Response. Incident response plans are in place to detect, contain, and mitigate breaches. • Breaches are escalated internally to the Incident Response Team, which assesses the impact and implements corrective actions. • Affected parties and regulators are notified within 72 hours, as required by GDPR.