Common use of Data Security Breach Clause in Contracts

Data Security Breach. a. At any time during the processing of Personal Data, Service Provider shall notify the Receiver immediately of any Data Security Breach involving Personal Data, including any breach at facilities, systems or equipment of Service Provider’s subcontractors. Service Provider agrees to assist and cooperate with the Receiver concerning any disclosures to affected parties, government or regulatory agencies and with any other remedial measures requested by the Receiver or required under any law. Service Provider will take such mutually agreeable steps to prevent the continuation or repetition of such Data Security Breach. b. Unless otherwise required by applicable Data Protection Laws or any other law, rule, regulation or order, Service Provider will make no disclosures to affected parties or any government, law enforcement or regulatory agencies concerning a Data Security Breach relating to the Personal Data except as directed by the Receiver. Notwithstanding the foregoing, Service Provider may contact local police in the event of a physical breach of Service Provider facilities or theft of equipment or documents. c. Service Provider will assist and cooperate with the Receiver concerning any disclosures to such parties or agencies, and with any other remedial measures requested by the Receiver or required under any law, rule, regulation or order applicable to Service Provider or the Receiver, at Service Provider’s expense, including providing notice to Data Subjects of a Data Security Breach and providing credit monitoring services to such individuals.