Common use of Data Breach Clause in Contracts

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit within a reasonable amount of time of the incident. Provider shall follow the following process for such notification: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit within a reasonable amount of time of the incident. Provider shall follow the following process for such notification: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit LEA within a reasonable amount five business days of time the discovery of the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s ▇▇▇'s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unitthe LEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individualmaterially compromised, Provider shall provide notification to School Unit LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School UnitLEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. . ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.when e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit▇▇▇, upon reasonable written request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unit, Provider shall notify the affected is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the unauthorized accessService. g. In the event of a breach originating from ▇▇▇’s use of the Service, which Provider shall include cooperate with LEA to the information listed in subsections (b) and (c), aboveextent necessary to expeditiously secure Student Data.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit within a reasonable amount of time of LEA as promptly as possible following the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent available: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit▇. ▇▇ LEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unitmake its head of IT Security available to LEA, upon request, with a copy of said written to discuss the incident response plan. f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider’s assistance providing legally required notice of unauthorized access, and with the such assistance of School Unitis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by LEA, Provider shall reimburse LEA for actual, documented, reasonable costs incurred by LEA to provide parents/families with any legally required notification of a confirmed breach not originating from LEA’s use of the Service. g. In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit within a reasonable amount of time of the incident. Provider shall follow the following process for such notification: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s discretion, the security breach notification may also include any of the following:the i. Information about what the agency has done to protect individuals whose information has been breached. . ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan.law f. At the request and with the assistance of School Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit LEA within ten (10) days from discovery of a reasonable amount of time of the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School UnitLEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unitemployees upon request to answer questions of the LEA, upon request, with a copy of said on the written incident response plan. f. At the request and with the assistance of School Unitthe District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit within a reasonable amount of time of the incident. Provider shall follow the following process for such notification: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response planinformation. f. At the request and with the assistance of School Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit within a reasonable amount of time of the incident. Provider shall follow the following process for such notification: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. . ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan.personally f. At the request and with the assistance of School Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit within a reasonable amount of time of the incident. Provider shall follow the following process for such notification: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s discretion, the security breach notification may also include any of the following:the i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit LEA within a reasonable amount Service Agreement of time of the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s LEA's discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees Any agency that is required to adhere issue a security breach notification pursuant to all requirements in applicable state and in federal law with respect this section to more than 500 Utah residents as a data result of a single breach related of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachAttorney General. Provider shall assist LEA in these efforts. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unitthe LEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit LEA within a reasonable amount thirty (30) days of time confirmation of the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School UnitLEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School UnitLEA, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unitthe District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit LEA within a reasonable amount ten (10) days of time confirming the occurrence of the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School UnitLEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School UnitLEA, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unitthe LEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit LEA within a reasonable amount Service Agreement of time of the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s LEA's discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees Any agency that is required to adhere issue a security breach notification pursuant to all requirements in applicable state and in federal law with respect this section to more than 500 State residents as a data result of a single breach related of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachAttorney General. Provider shall assist LEA in these efforts. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unitthe LEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Provider has knowledge or reasonable belief that Student Data is has been accessed or obtained by an unauthorized individualindividual (“Data Breach”), Provider shall provide notification to School Unit LEA within t e n ( 1 0 ) d a reasonable amount of time y s of the incidentData Breach. Provider shall follow the following process for such notificationprocess: a. The security breach D a t a B r e a c h notification shall be written in plain language, shall be titled “Notice of Data Breach,” language and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” herein, as available. Additional information may be provided as a supplement to the notice. b. The security breach Data Breach notification described above in section 2(a) shall include, at a minimum, include the following informationinformation as available: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information PII that were or are reasonably believed to have been the subject of a breachData Breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachData Breach , (2) the estimated date of the breachData Breach, or (3) the date range within which the breach Data Breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incidentData Breach, if that information is possible to determine at the time the notice is provided. c. At School Unit’s discretionLEA's r e q u e s t , the security breach notification may D ata Breac h not i ficati o n to the LEA will also include any of the followingfollowing as it becomes available: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice To the extent required under California law, advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all applicable requirements in applicable state California Data Breach law and in federal law with respect to a data breach Data Breach related to the Student DataPII, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachData Breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School UnitLEA, upon request, with a copy of said written incident response plan. f. At the request and with the Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider's assistance providing notice of School Unitunauthorized access, Provider shall notify P r o v i d e r s h a l l r e a s o n a ▇▇▇ assist t he LEA w ith t heir l egally r eq uired notifications t o the affected parent, legal guardian or eligible pupil of the unauthorized accessData Breach, which shall include the information listed in subsections (b) and (c), above. T h e L E A remains ultimately r esp o n s ible f or t h e t iming and conten t of s uch leg a lly r e quir e d notifications. I f , due t o a Data Breach w hich i s caused b y Blackbo ard or o ur a g e nts ’ a cts or o miss i ons, any thir d-par t y no tif ication is r equir e d under Californ ia l aw, ▇ ▇ ▇ ▇▇▇▇ b e respons ible f or t he c os t o f s uch notifications. g. In the event of a Data Breach originating from LEA' s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data and any third party notifications, if any, shall be at the LEA’s expense.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit LEA within a reasonable amount ten (10) days of time becoming aware of the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School UnitLEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School UnitLEA, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unitthe District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit within a reasonable amount of time of the incident. Provider shall follow the following process for such notification: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School Unit’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. . ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan.law f. At the request and with the assistance of School Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit LEA within a reasonable amount ten (10) days of time discovery of the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School UnitLEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School UnitLEA, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unitthe District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit LEA within a reasonable amount ten (10) days of time becoming aware of the incident. Provider shall follow the following process for such notificationprocess: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At School UnitLEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including thereofincluding personally identifiable information and agrees tomake staff available at reasonable times to provide School Unit, upon request, with a copy of said answer questions on the written incident response plan. f. At the request and with the assistance of School Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.

Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to School Unit within a reasonable amount of time of the incident. Provider shall follow the following process for such notification: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting School Unit subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At ▇. ▇▇ School Unit’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide School Unit, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of School Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. g. The aforementioned goes without prejudice to any general notification(s) the Provider