Unauthorized Access Using service to access, or to attempt to access without authority, the accounts of others, or to penetrate, or attempt to penetrate, security measures of Company’s or a third party’s computer software or hardware, electronic communications system, or telecommunications system, whether or not the intrusion results in disruption of service or the corruption or loss of data.
Unauthorized Access Notification ▇▇▇ shall notify Provider promptly of any known unauthorized access. ▇▇▇ will assist Provider in any efforts by Provider to investigate and respond to any unauthorized access.
Authorized Access Transfer Agent shall have controls that are designed to maintain the logical separation such that access to systems hosting Fund Data and/or being used to provide services to Fund will uniquely identify each individual requiring access, grant access only to authorized personnel based on the principle of least privileges, and prevent unauthorized access to Fund Data.
Notification of ▇▇▇▇▇▇ and Unauthorized Release (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release. (b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇. (c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions. (d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Data Ownership and Authorized Access 1. Student Data Property of LEA. All Student Data transmitted to the Provider pursuant to the Service Agreement is and will continue to be the property of and under the control of the LEA. The Provider further acknowledges and agrees that all copies of such Student Data transmitted to the Provider, including any modifications or additions or any portion thereof from any source, are subject to the provisions of this DPA in the same manner as the original Student Data. The Parties agree that as between them, all rights, including all intellectual property rights in and to Student Data contemplated per the Service Agreement, shall remain the exclusive property of the LEA. For the purposes of FERPA, the Provider shall be considered a School Official, under the control and direction of the LEA as it pertains to the use of Student Data, notwithstanding the above.