Common use of Data Breach Responsibilities Clause in Contracts

Data Breach Responsibilities. The following subsection describes the Contractor’s supplemental responsibilities that apply when a Data Breach is suspected or occurs with respect to Personally Identifiable Information or City Confidential Information within the possession, custody or control of Contractor. (1) The Contractor, unless stipulated otherwise (including in the Data Handling Controls), shall immediately notify the appropriate City identified contact by telephone in accordance with the agreed upon security plan or security procedures if it reasonably believes there has been a Security Incident. (2) The Contractor, unless stipulated otherwise, shall promptly notify by telephone the appropriate City identified contact as soon as reasonably possible but no later than four (4) hours, unless shorter time is required by applicable law (or by another section of the Contract), if it confirms that there is, or reasonably believes that there has been a Data Breach. The Contractor shall (1) cooperate with the City as reasonably requested by the City to investigate and resolve the Data Breach, (2) promptly implement necessary remedial measures, and (3) document responsive actions taken related to the Data Breach, including any post-incident review of events and actions taken to make changes in business practices in providing the Services. (3) Unless otherwise stipulated, if a Security Incident or a Data Breach is a direct result of the Contractor’s breach of its Contract obligations, the Contractor shall bear all costs to remedy, including but not limited to (1) the investigation and resolution of the Security Incident or the Data Breach; (2) notifications to individuals, regulators or others required by state law; (3) a credit monitoring service required by state (or federal) law; (4) establishing a website or a toll- free number and call center for affected individuals required by state law; and (5) complete all corrective actions as reasonably determined by Contractor based on root cause analysis.

Data Breach Responsibilities. The following subsection describes the Contractor’s supplemental responsibilities that apply when a Data Breach is suspected or occurs with respect to Personally Identifiable Information or City Confidential Information within the possession, custody or control of Contractor. (1) The Contractor, unless stipulated otherwise (including in the Data Handling Controls), shall immediately notify the appropriate City identified contact by telephone in accordance with the agreed upon security plan or security procedures if it reasonably believes there has been a Security Incident. (2) The Contractor, unless stipulated otherwise, shall promptly notify by telephone the appropriate City identified contact as soon as reasonably possible but no later than four (4) hours, unless shorter time is required by applicable law (or by another section of the Contract), if it confirms that there is, or reasonably believes that there has been a Data Breach. The Contractor shall (1) cooperate with the City as reasonably requested by the City to investigate and resolve the Data Breach, (2) promptly implement necessary remedial measures, and (3) document responsive actions taken related to the Data Breach, including any post-incident post−incident review of events and actions taken to make changes in business practices in providing the Services. (3) Unless otherwise stipulated, if a Security Incident or a Data Breach is a direct result of the Contractor’s breach of its Contract obligations, the Contractor shall bear all costs to remedy, including but not limited to (1) the investigation and resolution of the Security Incident or the Data Breach; (2) notifications to individuals, regulators or others required by state law; (3) a credit monitoring service required by state (or federal) law; (4) establishing a website or a toll- toll− free number and call center for affected individuals required by state law; and (5) complete all corrective actions as reasonably determined by Contractor based on root cause analysis.

Data Breach Responsibilities. The following subsection describes the Contractor’s supplemental responsibilities that apply when a Data Breach is suspected or occurs with respect to Personally Identifiable Information or City Confidential Information within the possession, custody or control of Contractor. (1) The Contractor, unless stipulated otherwise (including in the Data Handling Controls), shall immediately notify the appropriate City identified contact by telephone in accordance with the agreed upon security plan or security procedures if it reasonably believes there has been a Security Incident. (2) The Contractor, unless stipulated otherwise, shall promptly notify by telephone the appropriate City identified contact as soon as reasonably possible but no later than twenty-four (424) hours, unless shorter time is required by applicable law (or by another section of the Contract), if it confirms that there is, or reasonably believes that there has been a Data Breach. The Contractor shall (1) cooperate with the City as reasonably requested by the City to investigate and resolve the Data Breach, (2) promptly implement necessary remedial measures, and (3) document responsive actions taken related to the Data Breach, including any post-incident review of events and actions taken to make changes in business practices in providing the Services. (3) Unless otherwise stipulated, if a Security Incident or a Data Breach is a direct result of the Contractor’s breach of its Contract obligations, the Contractor shall bear all be responsible for the reasonable costs to remedy, including but not limited to of: (1) the investigation and resolution of the Security Incident or the Data Breach; (2) notifications to individuals, regulators or others required by state law; (3) a credit monitoring service required by state (or federal) law; (4) establishing a website or a toll- toll-free number and call center for affected individuals required by state law; and (5) complete all corrective actions as reasonably determined by Contractor based on root cause analysis.

Data Breach Responsibilities. The following subsection describes the Contractor’s supplemental responsibilities that apply when a Data Breach is suspected or occurs with respect to Personally Identifiable Information or City Confidential Information within the possession, custody or control of Contractor. (1) The Contractor, unless stipulated otherwise (including in the Data Handling Controls), shall immediately notify the appropriate City identified contact by telephone in accordance with the agreed upon security plan or security procedures if it reasonably believes there has been a Security Incident. (2) The Contractor, unless stipulated otherwise, shall promptly notify by telephone the appropriate City identified contact as soon as reasonably possible but no later than twenty-four (424) hours, unless shorter time is required by applicable law (or by another section of the Contract), if it confirms that there is, or reasonably believes that there has been a Data Breach. The Contractor shall (1) cooperate with the City as reasonably requested by the City to investigate and resolve the Data Breach, (2) promptly implement necessary remedial measures, and (3) document responsive actions taken related to the Data Breach, including any post-incident review of events and actions taken to make changes in business practices in providing the Services. (3) Unless otherwise stipulated, if a Security Incident or a Data Breach is a direct result of the Contractor’s breach of its Contract obligations, the Contractor shall bear all costs to remedy, including but not limited to (1) the investigation and resolution of the Security Incident or the Data Breach; (2) notifications to individuals, regulators or others required by state law; (3) a credit monitoring service required by state (or federal) law; (4) establishing a website or a toll- free number and call center for affected individuals required by state law; and (5) complete all corrective actions as reasonably determined by Contractor based on root cause analysis.

Data Breach Responsibilities. The following subsection describes the Contractor’s supplemental responsibilities that apply when a Data Breach is suspected or occurs with respect to Personally Identifiable Information or City Confidential Information within the possession, custody or control of Contractor. (1) The Contractor, unless stipulated otherwise (including in the Data Handling Controls)otherwise, shall immediately notify the appropriate City identified contact by telephone in accordance with the agreed upon security plan or security procedures if it reasonably believes there has been a Security Incident. (2) The Contractor, unless stipulated otherwise, shall promptly notify by telephone the appropriate City identified contact as soon as reasonably possible but no later than four (4) hours, unless shorter time is required by applicable law (or by another section of the Contract), if it confirms that there is, or reasonably believes that there has been a Data Breach. The Contractor shall (1) cooperate with the City as reasonably requested by the City to investigate and resolve the Data Breach, (2) promptly implement necessary remedial measures, and (3) document responsive actions taken related to the Data Breach, including any post-incident review of events and actions taken to make changes in business practices in providing the Services. (3) Unless otherwise stipulated, if a Security Incident or a Data Breach is a direct result of the Contractor’s breach of its Contract obligations, the Contractor shall bear all costs to remedy, including but not limited to (1) the investigation and resolution of the Security Incident or the Data Breach; (2) notifications to individuals, regulators or others required by state law; (3) a credit monitoring service required by state (or federal) law; (4) establishing a website or a toll- free number and call center for affected individuals required by state law; and (5) complete all corrective actions as reasonably determined by Contractor based on root cause analysis.