Data Breaches Clause Samples
A Data Breaches clause defines the obligations and procedures that parties must follow in the event of unauthorized access to or disclosure of sensitive data. Typically, this clause requires the party experiencing the breach to promptly notify the other party, cooperate in investigating the incident, and take remedial actions such as informing affected individuals or authorities. Its core function is to ensure a clear, coordinated response to data security incidents, thereby minimizing harm and ensuring compliance with legal and contractual requirements.
POPULAR SAMPLE Copied 123 times
Data Breaches. Contractor shall notify the School District in writing as soon as commercially practicable, however no later than forty-eight (48) hours, after Contractor has either actual or constructive knowledge of a breach which affects the School District’s Data (an “Incident”) unless it is determined by law enforcement that such notification would impede or delay their investigation. Contractor shall have actual or constructive knowledge of an Incident if Contractor actually knows there has been an Incident or if Contractor has reasonable basis in facts or circumstances, whether acts or omissions, for its belief that an Incident has occurred. The notification required by this section shall be made as soon as commercially practicable after the law enforcement agency determines that notification will not impede or compromise the investigation. Contractor shall cooperate with law enforcement in accordance with applicable law provided however, that such cooperation shall not result in or cause an undue delay to remediation of the Incident. Contractor shall promptly take appropriate action to mitigate such risk or potential problem at Contractor’s or OPERATOR’s expense. In the event of an Incident, Contractor shall, at its sole cost and expense, restore the Confidential Information, to as close its original state as practical, including, without limitation any and all Data, and institute appropriate measures to prevent any recurrence of the problem as soon as is commercially practicable. Contractor will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Contractor will also have a written incident response plan, to include prompt notification of the District in the event of a security or privacy incident, as well as best practices for responding to a breach of PII.
Data Breaches. A. Upon the discovery by the Contractor of a breach of security that results in the unauthorized release, disclosure, or acquisition of student data, or the suspicion that such a breach may have occurred, the Contractor shall provide initial notice to the Board as soon as possible, but not more than forty-eight (48) hours after such discovery (“Initial Notice”). The Initial Notice shall be delivered to the Board by electronic mail to Superintendent ▇▇▇▇▇▇▇ ▇. ▇▇▇▇, ▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ and shall include the following information, to the extent known at the time of notification:
1. Date and time of the breach;
2. Names of student(s) whose student data was released, disclosed or acquired;
3. The nature and extent of the breach;
4. The Contractor’s proposed plan to investigate and remediate the breach.
B. Upon discovery by the Contractor of a breach, the Contractor shall conduct an investigation and restore the integrity of its data systems and, without unreasonable delay, but not later than thirty (30) days after discovery of the breach, shall provide the Board with a more detailed notice of the breach, including but not limited to the date and time of the breach; name(s) of the student(s) whose student data was released, disclosed or acquired; nature and extent of the breach; and measures taken to ensure that such a breach does not occur in the future.
C. The Contractor agrees to cooperate with the Board with respect to investigation of the breach and to reimburse the Board for costs associated with responding to the breach as required by Public Act 16-189.
D. Notwithstanding the breach notifications required in this Article, the Contractor shall provide the Board with a copy of the notification that it provides to a student or the parents or guardians of such student pursuant to Public Act 16-189. The copy of such notice shall be provided to the Board by electronic mail on the same date that it is provided to the student or parents or guardians of such student. The Parties agree that the following information shall be included in the Contractor’s notice of breach to a student or parent or guardian of a student:
1. Name of the student being notified whose student data was released, disclosed or acquired, which shall not include the names of other students;
2. Date and time of the breach.
Data Breaches. 4.1 The Data Processor does not guarantee that its security measures will be effective under all conditions. If the Data Processor discovers a data breach within the meaning of Article
Data Breaches. 4.1 Data Processor does not guarantee that its security measures shall be effective under all circumstances. If Data Processor discovers a data breach within the meaning of Article 4 sub 12 of the GDPR, it shall notify Client without undue delay. The "Data Breach Protocol" section of the Data Pro Statement outlines the way in which Data Processor shall notify Client of data breaches.
4.2 It is up to the Controller (the Client or its customer) to assess whether the data breach of which Data Processor has notified the Controller must be reported to the Dutch Data Protection Authority or to the Data Subject concerned. The Controller (Client or its customer) shall at all times remain responsible for reporting data breaches which must be reported to the Dutch Data Protection Authority and/or Data Subjects pursuant to Articles 33 and 34 of the GDPR. Data Processor is not obliged to report data breaches to the Dutch Data Protection Authority and/or to the Data Subject.
4.3 Where necessary, Data Processor shall provide further information on the data breach and shall assist Client to meet its breach notification requirements within the meaning of Articles 33 and 34 of the GDPR by providing all the necessary information available to Data Processor.
4.4 If Data Processor incurs any reasonable costs in doing so, it is entitled invoice Client for these, at the rates applicable at the time.
Data Breaches. A. Upon the discovery by the Contractor of a confirmed breach of security that results in the unauthorized release, disclosure, or acquisition of student data, the Contractor shall provide initial notice to the Board as soon as reasonably possible, after such discovery (“Initial Notice”). The Initial Notice shall be delivered to the Board by electronic mail to Superintendent ▇▇▇▇▇▇▇ ▇. ▇▇▇▇, ▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or to the contact currently on file and shall include the following information, to the extent known at the time of notification:
1. Date and time of the breach;
2. Names of student(s) whose student data was released, disclosed or acquired;
3. The nature and extent of the breach;
4. The Contractor’s proposed plan to investigate and remediate the breach.
B. Upon discovery by the Contractor of a confirmed breach, the Contractor shall conduct an investigation and restore the integrity of its data systems and, without unreasonable delay, but not later than thirty (30) days after discovery of the breach, shall provide the Board with a more detailed notice of the breach, including but not limited to the date and time of the breach; name(s) of the student(s) whose student data was released, disclosed or acquired; nature and extent of the breach; and measures taken to ensure that such a breach does not occur in the future.
C. The Contractor agrees to cooperate with the Board with respect to investigation of the breach and to reimburse the Board for actual documented costs legally required of the Board associated with responding to the breach if caused by the Contractor as required by Public Act 16-189.
D. 1. Data was released, disclosed or acquired, names of other students;
Data Breaches. Party shall report to AHS, though its Chief Information Officer (CIO), any impermissible use or disclosure that compromises the security, confidentiality or privacy of any form of protected personal information identified above within 24 hours of the discovery of the breach. Party shall in addition comply with any other data breach notification requirements required under federal or state law.
Data Breaches. 5.1 In respect of each Shared Data Breach, each Party shall:
(a) promptly notify the other Party of the Shared Data Breach;
(b) provide the other Party without undue delay (wherever possible, no later than 48 hours after becoming aware of the Shared Data Breach) with such details as the other Party reasonably requires regarding the Shared Personal Data.
5.2 To the extent permitted by applicable laws, neither Party shall:
(a) notify a supervisory or regulatory authority of any Shared Data Breach;
(b) issue a public statement or otherwise notify any Data Subject of such Shared Data Breach, without first consulting with, and obtaining the consent (not to be unreasonably withheld or delayed) of, the other Party.
Data Breaches. A. Upon the discovery by the Contractor of a breach of security that results in the unauthorized release, disclosure, or acquisition of student data, or the suspicion that such a breach may have occurred, the Contractor shall provide initial notice to the Board as soon as possible, but not more than forty-eight (48) hours after such discovery (“Initial Notice”). The Initial Notice shall be delivered to the Board by electronic mail to ▇▇▇▇▇▇ ▇▇▇▇▇▇▇ (▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇.▇▇.
Data Breaches. A. Upon the discovery by the Contractor of a breach of security that results in the unauthorized release, disclosure, or acquisition of student data, the Contractor will comply with the breach notice requirements of Public Act 16189 (“Initial Notice”). The Initial Notice shall be delivered to the Board by electronic mail to the SysAdmins ▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ and shall include the following information, to the extent known at the time of notification:
1. Date and time of the breach;
2. Names of student(s) whose student data was released, disclosed or acquired;
3. The nature and extent of the breach;
4. The Contractor’s proposed plan to investigate and remediate the breach.
B. Upon discovery by the Contractor of a breach, the Contractor shall conduct an investigation and restore the integrity of its data systems and, without unreasonable delay, but not later than thirty (30) days after discovery of the breach, shall provide the Board with a more detailed notice of the breach, including but not limited to the date and time of the breach; name(s) of the student(s) whose student data was released, disclosed or acquired; nature and extent of the breach; and measures taken to ensure that such a breach does not occur in the future.
C. The Contractor agrees to cooperate with the Board with respect to investigation of the breach and to reimburse the Board for costs associated with responding to the breach, including but not limited to the costs relating to notifications as required by Public Act 16189.
D. Notwithstanding the breach notifications required in this Article, the Contractor shall provide the Board with a copy of the notification that it provides to a student or the parents or guardians of such student pursuant to Public Act 16189. The copy of such notice shall be provided to the Board by electronic mail on the same date that it is provided to the student or parents or guardians of such student. The Parties agree that the following information shall be included in the Contractor’s notice of breach to a student or parent or guardian of a student:
1. Name of the student being notified whose student data was released, disclosed or acquired, which shall not include the names of other students;
Data Breaches. 5.1 Reveal shall notify in writing Customer, without undue delay, after becoming aware of any breach of security of Personal Data resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data transmitted, stored or otherwise processed.
5.2 Reveal shall provide Customer with all reasonable assistance in investigating and mitigating the impact of any such Data Breach. Reveal will also provide all reasonable assistance to Customer in relation to its obligations to providing adequate notifications to the relevant Supervisory Authorities and affected Data Subjects.