Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release. (b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇ ▇. ▇▇▇▇▇▇▇▇, Director of Technology and Communications, directly by email at ▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇.▇▇▇. Notifications must be made in writing, given by personal delivery, email transmission, or by registered or certified mail, and must to the extent available, include a description of the Breach which includes the date of the incident and the date of discovery; the types of PII affected and the number of records affected; a description of Vendor’s investigation; and the contact information for representatives who can assist the District. Violations of the requirement to notify the District shall be subject to a civil penalty pursuant to Education Law Section 2-d. The Breach of certain PII protected by Education Law Section 2-d may subject Vendor to additional penalties.
Appears in 2 contracts
Sources: Data Privacy Agreement, Data Privacy Agreement