Security Breach Procedures. In the event either party determines that there has been an unauthorized or improper disclosure of the information exchanged under this MSA, such party must promptly notify the other party, unless legally prohibited from doing so or specifically directed by law enforcement not to do so, within seventy two hours (or any shorter period as may be required by Law) after such party becomes aware of it. Such notification will include the nature of the incident, the other party's information that was compromised, and the action taken or to be taken. Additionally, each party will reasonably assist the other party in remediating and mitigating any potential damage. Each party shall bear the costs of such remediation or mitigation to the extent the breach or security incident was caused by its acts or omissions. If the Institution learns or has reason to believe that unauthorized access to a password protected area of the Clearinghouse website has occurred or is about to occur, the Institution shall notify the Clearinghouse promptly, and without unreasonable delay, and the Clearinghouse may suspend Institution’s access until the threat has been contained.
Appears in 2 contracts