Common use of Unauthorized Disclosure of Data Clause in Contracts

Unauthorized Disclosure of Data. (a) Report to CSU. Contractor shall report, in writing, to ▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇▇ any use or disclosure of University Data not authorized by this Contract or in writing by CSU (“Security Incident”), including any reasonable belief that an unauthorized individual has accessed University Data. This report shall: (1) be made not later than within twenty-four (24) hours after discovery, if information was, or is reasonably believed to have been, acquired by an unauthorized person; (2) include details relating to any known or suspected security breach of Contractor’s system or facilities which contain University Data, or any other breach of University Data relating to this Contract; and (3) identify: (A) the nature of the unauthorized use or disclosure, (B) the time and date of incident, (C) a description of University Data used or disclosed, (D) who made the unauthorized use or received the unauthorized disclosure, (E) the actions Contractor has taken or will take to mitigate any potentially harmful effect of the unauthorized use or disclosure, (F) the corrective action Contractor has taken or shall take to prevent future similar unauthorized use or disclosure, and (G) such other information in the written report as reasonably requested by CSU.

Unauthorized Disclosure of Data. (a) Report to CSU. Contractor shall report, in writing, to ▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇▇ any use or disclosure of University Data not authorized by this Contract or in writing by CSU (“Security Incident”), including any reasonable belief that an unauthorized individual has accessed University Data. This report shall: (1) be made not later than within twentyforty-four eight (2448) hours after discovery, if information was, or is reasonably believed to have been, acquired by an unauthorized person; (2) include details relating to any known or suspected security breach of Contractor’s system or facilities which contain University Data, or any other breach of University Data relating to this Contract; and (3) identify: (A) the nature of the unauthorized use or disclosure, (B) the time and date of incident, (C) a description of University Data used or disclosed, (D) who made the unauthorized use or received the unauthorized disclosure, (E) the actions Contractor has taken or will take to mitigate any potentially harmful effect of the unauthorized use or disclosure, (F) the corrective action Contractor has taken or shall take to prevent future similar unauthorized use or disclosure, and (G) such other information in the written report as reasonably requested by CSU.