Personal Data Breach Notifications Clause Samples

The Personal Data Breach Notifications clause requires parties to promptly inform each other if there is an unauthorized access, disclosure, or loss of personal data. Typically, this clause outlines the timeframe for notification, the information that must be included in the notice, and the responsibilities of each party in managing the breach, such as cooperating with investigations or regulatory reporting. Its core function is to ensure timely communication and coordinated response to data breaches, thereby minimizing harm to affected individuals and helping both parties comply with legal obligations.
Personal Data Breach Notifications. Where a security breach linked to the sharing of data under this protocol is likely to adversely affect an Individual, all involved Partners must be informed within 48 hours of the breach being detected. The decision to notify the ICO can only be made after consultation with any other affected Partner to this protocol, and notification to the ICO must be made within 72 hours of the breach being detected. Where agreement to notify cannot be reached within this timeframe, the final decision will rest with the Protocol owner as depicted on page 1 of this document. All involved Partners should consult on the need to inform the Individual, so that all risks are fully considered, and agreement is reached as to when, how and by whom such contact should be made. Where agreement to notify cannot be reached, the final decision will rest with the Protocol owner as depicted on page 1 of this document. All Partners to this protocol must ensure that robust policy and procedures are in place to manage security incidents, including the need to consult Partners where the breach directly relates to information shared under this protocol.
View SourceView Similar (4)
Personal Data Breach Notifications. 6.1. Data Processor shall inform the Data Controller without undue delay after becoming aware of any accidental or unauthorized access to personal data or any other security incidents (personal data breach). 6.2. Data Processor shall assist Data Controller by providing Data Controller with any information reasonably required to fulfil its personal data breach notification requirements.
View SourceView Similar (4)
Personal Data Breach Notifications. Where a data breach linked to the sharing of data under this protocol is likely to adversely affect an Individual, all involved Partners must be informed within 48 hours of the breach being detected. The email addresses on page 1 should be used to contact the Partners. The decision to notify the ICO can only be made after consultation with all other affected Partners to this protocol, and where notification to the ICO is required, it must be made within 72 hours of the breach being detected. Where agreement to notify cannot be reached within this timeframe, the final decision will rest with the Protocol Lead Organisation as depicted on page one. All involved Partners should consult on the need to inform the Individual, so that all risks are fully considered, and agreement is reached as to when, how and by whom such contact should be made. Where agreement to notify cannot be reached, the final decision will rest with the Protocol Lead Organisation as depicted on page one. All Partners to this protocol must ensure that robust policy and procedures are in place to manage data breaches, including the need to consult Partners where the breach directly relates to information shared under this protocol.
View SourceView Similar (3)
Personal Data Breach Notifications. ‌ MRI shall notify the Client without undue delay after becoming aware of any personal data breach affecting the Personal Data. MRI shall (to the extent feasible) ensure that the initial notification comprises the information required under Article 33(3) of the GDPR. If MRI is unable to provide all this information in its initial notification, then MRI shall provide all further information as soon as reasonably practicable. If the breach affecting Personal Data resulted from Client’s own actions, the Client shall immediately, on demand, reimburse MRI for any costs incurred in relation to undertaking any of the remediation efforts including all costs, losses, damages, expenses or otherwise incurred by MRI to the extent that the same arise from such actions of the Client.
View SourceView Similar (2)
Personal Data Breach Notifications. XiTrust will immediately notify the Customer of a Personal Data breach after becoming aware of it and will provide the Customer with appropriate information available to XiTrust to assist the Customer in fulfilling its obligations to report a Personal Data breach in accordance with the requirements of data protection law.
View Source

Related to Personal Data Breach Notifications

  • Personal Data Breach Notification SAP will notify Customer without undue delay after becoming aware of any Personal Data Breach and provide reasonable information in its possession to assist Customer to meet Customer’s obligations to report a Personal Data Breach as required under Data Protection Law. SAP may provide such information in phases as it becomes available. Such notification shall not be interpreted or construed as an admission of fault or liability by SAP.

  • Data Breach Notification Seller will promptly notify Buyer of any actual or potential exposure or misappropriation of Buyer data ("breach") that comes to Seller's attention. Seller will cooperate with ▇▇▇▇▇ and in investigating any such breach, at ▇▇▇▇▇▇'s expense. Seller will likewise cooperate with Buyer and, as applicable, with law enforcement agencies in any effort to notify injured or potentially injured parties, and such cooperation will be at Seller's expense, except to the extent that the breach was caused by ▇▇▇▇▇. The remedies and obligations set forth in this subsection are in addition to any others Buyer may have, including, but not limited to, any requirements in the “Privacy, Confidentiality, and Security” provisions of this Agreement.

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Personal Data Breach 7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws. 7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

  • Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach. 2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33