Common use of Security Breach Procedures Clause in Contracts

Security Breach Procedures. (1) Promptly, and without undue delay, upon the Contractor’s confirmation of a Security Breach, the Contractor shall (a) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (▇▇▇) ▇▇▇-▇▇▇▇ / ▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ (which telephone number and email address the County may update by providing notice to the Contractor), and (b) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (2) Immediately following the Contractor’s notification to the County of a Security Breach, as provided pursuant to subsection D.(1) of this Exhibit E, the Parties shall coordinate with each other to investigate the Security Breach. The Contractor agrees to fully cooperate with the County, including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing the County with physical access to the facilities and operations affected; (iii) facilitating interviews with Authorized Persons and any of the Contractor’s other employees knowledgeable of the matter; and (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the County. To that end, the Contractor shall, with respect to a Security Breach, be solely responsible, at its cost, for all notifications required by law and regulation, and the Contractor shall provide a written report of the investigation and reporting required to the Director within thirty (30) days after the Contractor’s discovery of the Security Breach. (3) The County shall promptly notify the Contractor of the Director’s knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor’s receipt of notification thereof, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective action under this Exhibit E, all at the Contractor’s sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor’s receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason therefor. (4) The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take reasonable mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor’s sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County for all reasonable costs incurred by the County in responding to, and mitigating damages caused by, any Security Breach, including all costs of the County incurred in relation to any litigation or other action described in subsection D. (5) of this Exhibit E. to the extent applicable: (1) the cost of providing affected individuals with credit monitoring services for a specific period not to exceed twelve (12) months, to the extent the incident could lead to a compromise of the data subject’s credit or credit standing; (2) call center support for such affected individuals for a specific period not to exceed thirty (30) days; and (3) the cost of any measures required under applicable laws.

Security Breach Procedures. (1A) Promptly, and without undue delay, Within forty-eight (48) hours upon the Contractor’s confirmation of a Security Breach, the Contractor shall (ai) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone numbernumbers, followed promptly by email at the following email address: (▇▇▇) ▇▇▇-▇▇▇▇ / or (▇▇▇) ▇▇▇-▇▇▇▇ / ▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ (which telephone number and email address the County may update by providing notice to the Contractor), and (bii) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (2B) Immediately following the Contractor’s notification to the County of a Security Breach, as provided pursuant to subsection D.(1section 4(A) of this Exhibit E, the Parties shall coordinate with each other to investigate the Security Breach. The Contractor agrees to fully cooperate with the County, including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing the County with physical access to the facilities and operations affected; (iii) facilitating interviews with Authorized Persons and any of Through the Contractor’s other employees knowledgeable of Incident Response Team, the matter; Contractor will advise and (iv) making available all relevant records, logs, files, data reporting debrief the County on investigation efforts and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the Countyfindings. To that end, the Contractor shall, with respect to a Security Breach, be solely responsible, at its cost, for all notifications required by law and regulation, or deemed reasonably necessary by the County, and the Contractor shall provide a written report of the investigation and reporting required to the Director within thirty (30) 30 days after the Contractor’s discovery of the Security Breach. (3C) The County shall promptly notify the Contractor of the Director’s knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor’s receipt of notification thereofthat notification, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective action under this Exhibit E, all at the Contractor’s sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor’s receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason thereforfor that determination. (4D) The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take reasonable mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor’s sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County for all reasonable costs incurred by the County in responding to, and mitigating damages caused by, any Security Breach, including all costs of the County incurred in relation to any litigation or other action described in subsection D. (5section 4(E) of this Exhibit E. E. (E) The Contractor agrees to cooperate, at its sole expense, with the extent applicable: (1) County in any litigation or other action to protect the cost County’s rights relating to Personal Information in the scope of providing affected individuals with credit monitoring services for a specific period not to exceed twelve (12) monthsContractor’s Services, to including the extent rights of persons from whom the incident could lead to a compromise of the data subject’s credit or credit standing; (2) call center support for such affected individuals for a specific period not to exceed thirty (30) days; and (3) the cost of any measures required under applicable lawsCounty receives Personal Information.

Security Breach Procedures. (1) Promptlyi. The Contractor shall: a. Provide the City with the name and contact information for an employee of the Contractor who shall serve as the City's primary security contact and shall be available to assist the City 24 hours per day, and without undue delay, upon seven days per week as a contact in resolving obligations associated with a Security Breach; b. Notify the Contractor’s confirmation City of a Security BreachBreach as soon as practicable, but no later than 24 hours after the Contractor shall (a) notify becomes aware of it; and c. Notify the Director City of the any Security Breach, such notice to be given first Breaches by telephone at the following telephone number, followed promptly by email at the following email address: (▇▇▇) -▇▇▇-▇▇▇▇ / and email at ▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇.▇▇▇.▇▇▇ (which telephone number and email address the County may update by providing notice to the Contractor), and (b) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach ii. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (2) Immediately following the Contractor’s notification to the County City of a Security Breach, as provided pursuant to subsection D.(1) of this Exhibit E, the Parties parties shall coordinate with each other to investigate the Security Breach. The Contractor agrees to fully cooperate with the CountyCity in the City’s handling of the matter, including, without limitation: (i) assisting the County in conducting with any investigation; (ii) providing the County City with physical access to the facilities and operations affected; (iii) facilitating interviews with Authorized Persons and any of the Contractor’s other employees knowledgeable of employees, Authorized Persons, and others involved in the matter; and (iv) making available all relevant records, logs, files, data reporting reporting, and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the CountyCity. iii. To that end, the The Contractor shall, with respect at its own expense, use best efforts to a immediately contain and remedy any Security Breach and prevent any further Security Breach, be solely responsibleincluding, at its cost, for all notifications required by law and regulation, and the Contractor shall provide a written report of the investigation and reporting required but not limited to the Director within thirty (30) days after the Contractor’s discovery of the Security Breach. (3) The County shall promptly notify the Contractor of the Director’s knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor’s receipt of notification thereof, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective and all action under this Exhibit E, all at the Contractor’s sole expense, in accordance necessary to comply with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breachregulations, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor’s receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason therefor. (4) The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take reasonable mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor’s sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County City for all reasonable actual costs incurred by the County City in responding to, and mitigating damages caused by, any Security Breach, including all costs of notice and/or remediation. iv. The Contractor agrees that it shall not inform any third party of any Security Breach without first obtaining the County incurred in relation City’s prior written consent, other than to inform a complainant that the matter has been forwarded to the City’s Attorney. Further, the Contractor agrees that the City shall have the sole right to determine: (i) whether notice of the Security Breach is to be provided to any litigation individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required by law or regulation, or otherwise in the City’s discretion; and (ii) the contents of such notice, whether any type of remediation may be Offered to affected persons, and the nature and extent of any such remediation. v. The Contractor agrees to maintain and preserve all documents, records, and other data related to any Security Breach. vi. The Contractor agrees to fully cooperate, at its own expense, with the City in any litigation, investigation, or other action described in subsection D. (5) of this Exhibit E. deemed necessary by the City to protect its rights relating to the extent applicable: (1) use, disclosure, protection, and maintenance of Personal Information. vii. In the cost of providing affected individuals with credit monitoring services for a specific period not to exceed twelve (12) months, to the extent the incident could lead to a compromise of the data subject’s credit or credit standing; (2) call center support for such affected individuals for a specific period not to exceed thirty (30) days; and (3) the cost event of any measures required under applicable lawsSecurity Breach, the Contractor shall promptly use its best efforts to prevent a recurrence of any such Security Breach.

Security Breach Procedures. (1) Promptly, i. PayTomorrow shall provide Merchant with the name and without undue delay, upon the Contractor’s confirmation contact information for an employee/security of a Security Breach, the Contractor PayTomorrow who shall (a) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (▇▇▇) ▇▇▇-▇▇▇▇ / serve as ▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇’s primary security contact and shall be available to assist Merchant twenty-four (24) hours per day, seven (7) days per week as a contact in resolving obligations associated with a Security Breach.▇▇▇ (which ii. PayTomorrow shall notify Merchant of a Security Breach as soon as practicable, and by email or telephone number and email address the County may update by providing notice to the Contractor)agreed upon employee of Merchant, and as same may be amended from time to time by written notification to PayTomorrow, but no later than twenty-four (b24) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification hours after PayTomorrow becomes aware of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damageit. (2) iii. Immediately following the ContractorPayTomorrow’s notification to the County Merchant of a Security Breach, as provided pursuant to subsection D.(1) of this Exhibit E, the Parties parties shall coordinate with each other to investigate the Security Breach. The Contractor PayTomorrow agrees to fully cooperate with Merchant in Merchant’s handling of the Countymatter, including, without limitation: (iA) assisting the County in conducting with any investigation; (iiB) providing the County Merchant with physical access to the facilities and operations affected; (iiiC) facilitating interviews with Authorized Persons PayTomorrow’s employees and any of the Contractor’s other employees knowledgeable of others involved in the matter; and (ivD) making available all relevant records, logs, files, data reporting reporting, and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the CountyMerchant. iv. To that end, the Contractor shall, with respect PayTomorrow shall at its own expense take reasonable steps to a immediately contain and remedy any Security Breach and prevent any further Security Breach, be solely responsibleincluding, at its cost, for all notifications required by law and regulation, and the Contractor shall provide a written report of the investigation and reporting required but not limited to the Director within thirty (30) days after the Contractor’s discovery of the Security Breach. (3) The County shall promptly notify the Contractor of the Director’s knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor’s receipt of notification thereof, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective and all action under this Exhibit E, all at the Contractor’s sole expense, in accordance necessary to comply with applicable privacy rights, laws, regulations regulations, and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor’s receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason therefor. (4) The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take reasonable mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor’s sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor PayTomorrow shall reimburse the County Merchant for all reasonable costs incurred by the County Merchant in responding to, and mitigating damages caused by, any Security Breach, including all costs of notice and/or remediation. v. PayTomorrow agrees that it shall not inform any third party of any Security Breach without first obtaining Merchant’s prior written consent, other than to inform a complainant that the County incurred in relation matter has been forwarded to ▇▇▇▇▇▇▇▇’s legal counsel. Further, PayTomorrow agrees that Merchant shall have the sole right to determine: (A) whether notice of the Security Breach is to be provided to any litigation individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required by law or regulation, or otherwise in Merchant’s discretion; and (B) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation. vi. PayTomorrow agrees to maintain and preserve all documents, records, and other data related to any Security Breach. vii. PayTomorrow agrees to fully cooperate, at its own expense with Merchant in any litigation, investigation, or other action described in subsection D. (5) of this Exhibit E. deemed necessary by Merchant to protect its rights relating to the extent applicable: (1) the cost use, disclosure, protection, and maintenance of providing affected individuals with credit monitoring services for a specific period not to exceed twelve (12) months, to the extent the incident could lead to a compromise of the data subject’s credit or credit standing; (2) call center support for such affected individuals for a specific period not to exceed thirty (30) days; and (3) the cost of any measures required under applicable lawsPersonal Information.