Data Breach Responsibilities. Upon discovery of an actual or reasonably suspected Data Breach resulting in loss, or unauthorized use, access, or disclosure of Authority Data that was in Company’s possession at the time of such Data Breach, Company must promptly provide details regarding the incident, its mitigation efforts, and its corrective action designed to prevent a future similar incident. Company must fully cooperate with Authority in connection with such Data Breach and is solely responsible for: A. investigating and resolving problems with Company’s systems and networks that created any data privacy or security issues contributing to the Data Breach; B. upon request, providing Authority with an AAR of the Data Breach; C. notifying any affected persons and impacted parties (solely at Authority’s direction) and governmental regulators, if required by Law and as applicable; D. recovering affected data or information, to the extent possible; and E. upon request, providing Authority with a corrective action plan acceptable to Authority. In the event of a Personal Data Breach, Authority has the sole right to determine (a) whether notice of the Data Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies or others as required by Law in Authority’s discretion; and
Appears in 2 contracts
Sources: Support and Maintenance Agreement, Support and Maintenance Agreement