Common use of Data Breach Response Clause in Contracts

Data Breach Response. In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by Vendor Vendor shall provide notification to School District within five (5) business days of Vendor’s confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Vendor shall follow the following process: (a) The security breach notification described above shall include, at a minimum, the following information to the extent known by Vendor and as it becomes available: (1) The name and contact information of the reporting School District subject to this section. (2) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (3) If the information is possible to determine at the time the notice is provided, then either (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (4) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and (5) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (b) Vendor agrees to adhere to all applicable federal and state legal requirements with respect to a data breach related to the Student Data, including, when required, the required responsibilities and procedures for notification and mitigation of any such data breach. (c) Vendor further acknowledges and agrees to have a written incident response plan that is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School District, upon written request, with a summary of said written incident response plan. (d) School District shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (e) In the event of a breach originating from School District’s use of the Service, Vendor shall cooperate with School District to the extent reasonably necessary to expeditiously secure Student Data.

Data Breach Response. In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by Vendor Vendor shall provide notification to School District within five (5) business days of Vendor’s confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Vendor shall follow the following process: (a) The security breach notification described above shall include, at a minimum, the following information to the extent known by Vendor and as it becomes available:available:‌ (1) The name and contact information of the reporting School District subject to this section. (2) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.breach.‌ (3) If the information is possible to determine at the time the notice is provided, then either (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (4) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and (5) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (b) Vendor agrees to adhere to all applicable federal and state legal requirements with respect to a data breach related to the Student Data, including, when required, the required responsibilities and procedures for notification and mitigation of any such data breach. (c) Vendor further acknowledges and agrees to have a written incident response plan that is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School District, upon written request, with a summary of said written incident response plan. (d) School District shall provide notice and facts surrounding the breach to the affected students, parents or guardians.guardians.‌ (e) In the event of a breach originating from School District’s use of the Service, Vendor shall cooperate with School District to the extent reasonably necessary to expeditiously secure Student Data.

Data Breach Response. In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by Vendor Vendor shall provide notification to School District within five (5) business days of Vendor’s confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Vendor shall follow the following process:process:‌ (a) The security breach notification described above shall include, at a minimum, the following information to the extent known by Vendor and as it becomes available: (1) The name and contact information of the reporting School District subject to this section. (2) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (3) If the information is possible to determine at the time the notice is provided, then either (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (4) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and (5) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (b) Vendor agrees to adhere to all applicable federal and state legal requirements with respect to a data breach related to the Student Data, including, when required, the required responsibilities and procedures for notification and mitigation of any such data breach. (c) Vendor further acknowledges and agrees to have a written incident response plan that is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School District, upon written request, with a summary of said written incident response plan. (d) School District shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (e) In the event of a breach originating from School District’s use of the Service, Vendor shall cooperate with School District to the extent reasonably necessary to expeditiously secure Student Data.