Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At LEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan. f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service. g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 113 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by ▇▇▇LEA. If ▇▇▇ requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 82 contracts
Sources: Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 69 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 67 contracts
Sources: California Student Data Privacy Agreement, California Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, the Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 35 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 31 contracts
Sources: Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s 's use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 27 contracts
Sources: California Student Data Privacy Agreement, California Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by ▇▇▇. If ▇▇▇ requests request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 16 contracts
Sources: Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 15 contracts
Sources: California Student Data Privacy Agreement, California Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 12 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 12 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within twenty (20) days from when Provider confirms or reasonably believes that a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursData Breach has occurred. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, to the extent known by Provider at the time, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.unauthorized
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s At the request and with the assistance providing notice of unauthorized access, the District and if such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 11 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s 's use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 10 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that of an unauthorized release, disclosure or acquisition of Student Data is accessed that compromises the security, confidentiality or obtained integrity of the Student Data maintained by an unauthorized individual, the Provider the Provider shall provide notification to LEA within the most expedient time possible and without unreasonable delay, but no later than five (5) calendar days, unless specified differently in Exhibit G, after the determination that a breach has occurred, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable amount of time of after the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. (1) The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either either
(1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.; and
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. (2) Provider agrees to adhere to all applicable federal and state requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects reasonable best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information information, and agrees to provide ▇▇▇, upon request, with a copy summary of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing (4) LEA shall provide notice of unauthorized access, and such assistance is not unduly burdensome known facts surrounding the breach to Provider, Provider shall notify the affected parentstudents, legal guardian parents or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Serviceguardians.
g. (5) In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall reasonably cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 6 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within twenty (20) days from when Provider confirms or reasonably believes that a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursData Breach has occurred. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, to the extent known by Provider at the time, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s At the request and with the assistance providing notice of unauthorized access, the District and if such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.or
Appears in 6 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 5 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.law
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 5 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Vermont K 12 Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider Contractor shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortytwenty-eight four (4824) hours. Provider Contractor shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice”.
b. The security breach notification described above in section 2(a) Notice shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security data breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider Contractor agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider Contractor is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests ProviderContractor’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to ProviderContractor, Provider Contractor shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider Contractor shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 5 contracts
Sources: Data Privacy & Security, Utah Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.when
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 4 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 4 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, the Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 4 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.appropriate
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 4 contracts
Sources: Vermont K 12 Student Data Privacy Agreement, Student Data Privacy Agreement, Vermont K 12 Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.law
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 4 contracts
Sources: Vermont K 12 Student Data Privacy Agreement, Vermont K 12 Student Data Privacy Agreement, Vermont K 12 Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA within LEA, as required by the applicable state law (each a reasonable amount of time of the incident, and not exceeding forty-eight (48“Security Incident Notification”) hours. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information (“Incident Response Plan”) and agrees to provide ▇▇▇, upon request, with a copy of said written incident response planIncident Response Plan or a summary or such plan to the extent such a plan includes sensitive or confidential information of Provider.
f. e. To the extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If will cooperate with ▇▇▇ requests as to the timing and content of the notices to be sent. Except as otherwise required by law, Provider will not provide notice of the Security Incident directly to individuals whose Personally Identifiable Information was affected, to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall not restrict Provider’s assistance providing notice of unauthorized accessability to provide separate security breach notification to customers, including parents and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Serviceother individuals with Outside School Accounts.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 4 contracts
Sources: Student Data Privacy Addendum, Student Data Privacy Addendum, Student Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.notice
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within twenty (20) days from when Provider confirms or reasonably believes that a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursData Breach has occurred. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, to the extent known by Provider at the time, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s At the request and with the assistance providing notice of unauthorized access, the District and if such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.or
Appears in 3 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA within LEA, as required by the applicable state law (each a reasonable amount of time of the incident, and not exceeding forty-eight (48“Security Incident Notification”) hours. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information (“Incident Response Plan”) and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response planIncident Response Plan or a summary or such plan to the extent such a plan includes sensitive or confidential information of Provider.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing e. To the extent LEA determines that the Security Incident triggers third party notice of unauthorized access, and such assistance is not unduly burdensome to Providerrequirements under applicable laws, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall will cooperate with LEA as to the extent necessary timing and content of the notices to expeditiously secure Student Databe sent. Except as otherwise required by law, Provider will not provide notice of the Security Incident directly to individuals whose Personally Identifiable Information was affected, to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall not restrict Provider’s ability to provide separate security breach notification to customers, including parents and other individuals with Outside School Accounts.
Appears in 3 contracts
Sources: Student Data Privacy Addendum, Student Data Privacy Addendum, Student Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.notice
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.including
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 3 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow undertake the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) 2a. shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either either: (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident incident, or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.any
f. Provider is prohibited from directly contacting a parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian guardian, or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) b. and (c), abovec. hereof. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 3 contracts
Sources: Illinois Student Data Privacy Agreement, Illinois Student Data Privacy Agreement, Illinois Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within a reasonable amount of time ten (10) days of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent that it can be determined:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.personally
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s At the request and with the assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Providerthe District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data Data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data Data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.and
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Sources: Data Privacy Agreement, Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law statelaw for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by ▇▇▇LEA. If ▇▇▇ requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Sources: Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement
Data Breach. In the event that of an unauthorized release, disclosure or acquisition of Student Data is accessed that compromises the security, confidentiality or obtained integrity of the LEA’s Student Data maintained by an unauthorized individualthe Provider, the Provider shall provide notification to LEA as required by applicable federal or state law, and if applicable federal or state law does not include a notification timeframe, then within seven (7) days after the confirmation that a breach has occurred, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable amount of time of after the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. (1) The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either either
(1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.; and
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. (2) Provider agrees to adhere to all federal and state requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachbreach set forth in said applicable law.
e. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide share with ▇▇▇, upon request, with a copy summary of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by which summary ▇▇▇. If ▇▇▇ requests Provider’s assistance providing considers to be its proprietary and confidential information.
(4) LEA shall provide notice of unauthorized access, and such assistance is not unduly burdensome facts surrounding the breach to Provider, Provider shall notify the affected parentstudents, legal guardian parents or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Serviceguardians.
g. (5) In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA within as required by the applicable state law (each a reasonable amount of time of the incident, and not exceeding forty-eight (48“Security Incident Notification”) hours. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Breach Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEAProvider’s discretion, the security breach notification Security Breach Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing e. To the extent LEA determines that the Security Incident triggers third party notice of unauthorized access, and such assistance is not unduly burdensome to Providerrequirements under applicable laws, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall will cooperate with LEA as to the extent necessary timing and content of the notices to expeditiously secure Student Databe sent. Except as otherwise required by law, Provider will not provide notice of the Security Incident directly to individuals whose Personally Identifiable Information was affected, to regulatory agencies, or to other entities, without first providing written notice to LEA.
Appears in 2 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.. SAMPLE
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. ii. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. iii. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. iv. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian guardian, or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. v. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have build a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student DataStudentData.
Appears in 2 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Sources: Vermont K 12 Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, the Provider shall reimburse LEA up to $10,000 in the aggregated for documented and itemized costs incurred by ▇▇▇ to notify parents/families of a breach not originating from ▇▇▇’s use of the Serviceif such breach is attributable to Provider.
g. In the event of a breach originating from ▇▇▇’s use of the Service, the Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 2 contracts
Sources: Wisconsin Student Data Privacy Agreement, Wisconsin Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA School Unit within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursunless notification within this time limit would disrupt investigation of the incident by law enforcement. Provider shall follow the following processprocess for such notification:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA School Unit subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow shall, upon request of the LEA, provide assistance and information so that the LEA can implement the following process:
a. The security breach notification provided to affected individuals shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s 's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has parties have done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees Any organization that is required to adhere issue a security breach notification pursuant to all requirements in applicable state and federal law with respect this section to more than 500 California residents as a data result of a single breach related of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachAttorney General. Provider shall assist LEA in these efforts.
e. Provider further acknowledges At the request and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach the assistance of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to ProviderLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parentparents, legal guardian guardians or eligible pupil pupils unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Sources: Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s ▇▇▇'s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇provideLEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s 's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s 's use of the Service.
g. In the event of a breach originating from ▇▇▇’s ' s use of the Service, Provider shall cooperate with LEA withLEA to the extent necessary to expeditiously secure Student Data. A⮘TICLE VI- GENE⮘AL OFFE⮘ OF P⮘IVACY TE⮘MS Provider may, by signing the attached Form of General Offer of Privacy Terms (General Offer, attached hereto as Exhibit "E"), be bound by the terms of this DPA to any otherLEA who signs the acceptance on in said Exhibit. The Form is limited by the terms and conditions described therein.
Appears in 1 contract
Data Breach. In the event that Student Data or Teacher Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within a reasonable amount fourteen (14) days of time discovery of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “When it Occurred,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is providedprovided and/or allowed to be disclosed by law enforcement.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data and Teacher Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data, Teacher Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s At the request and with the assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Providerthe District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are DoingAreDoing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law statelaw for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by ▇▇▇LEA. If ▇▇▇ requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. ii. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. iii. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. iv. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian guardian, or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. v. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, the Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.that
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hoursfive business days. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.acquisition
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight five (485) hoursdays. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a ata minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law statelaw for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by ▇▇▇. If ▇▇▇ requests request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (487) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service. The reimbursement will not exceed the value of the agreement.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.unauthorized
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, the Provider shall reimburse LEA for costs incurred to notify parents/parents/ families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, the Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.,
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by ▇▇▇LEA. If ▇▇▇ requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above; provided that LEA shall reimburse or pay the costs associated with such notification. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by ▇▇▇. If ▇▇▇ requests request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight seventy two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information, if known:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s ▇▇▇'s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.pupil
g. In the event of a breach originating from ▇▇▇’s 's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyfo1ty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security seculity breach notification described desclibed above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information infonnation of the reporting repo1ting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a ofa breach.
iii. If the information info1mation is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the ofthe notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.to
c. At LEA’s ▇▇▇'s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information infonnation and agrees to provide ▇▇▇LEA, upon request, with a copy of said ofsaid written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s 's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s 's use of the ofthe Service.
g. In the event of a breach originating from ▇▇▇’s 's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hourshours of confirmation. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight ten (4810) hoursdays of a verified incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all applicable requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data Student Data breach.
e. Provider further acknowledges and agrees to have a written incident response plan (the “Plan”) that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data PII or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy the material provisions of said written incident response planthe Plan and shall make employees available upon reasonable notice and at reasonable times to answer questions of the LEA related to the Plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA or required by law. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify assist LEA with any legally required notification to the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall may include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s 's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s 's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇’s LEA's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have build a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student DataStudentData.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.breachTeydp. e text here
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or requiredaTpyppreopterixatteheorrerequired, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to Student Data is accessed or obtained by an unauthorized individual(a “Security Incident”), Provider shall provide notification to LEA within a reasonable amount of time thirty (30) days of the incident, and not exceeding forty-eight incident (48each a “Security Incident Notification”) hours. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. i. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. ii. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification Security Incident h Notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.unauthorized
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.when
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, the Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA as soon as practicable and no later than within a reasonable amount of time ten (10) days of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are DoingWhen it Occurred,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.”
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s At the request and with the assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Providerthe District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. : ⦁ The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. . ⦁ The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. : ⦁ The name and contact information of the reporting LEA subject to this section.
ii. ⦁ A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. ⦁ If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. ⦁ Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. . ⦁ A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. . ⦁ At LEA▇▇▇’s discretion, the security breach notification may also include any of the following:
i. : ⦁ Information about what the agency has done to protect individuals whose information has been breached.
ii. ⦁ Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. . ⦁ Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. ⦁ Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. . ⦁ Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. . ⦁ In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time following discovery of the incident, and not exceeding forty-eight five (485) hoursbusiness days. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇▇ and required by applicable law, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, the Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA, or required by law. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data, at the cost of the LEA.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to the LEA within a reasonable amount of time thirty (30) days of the Provider’s knowledge of such incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At the LEA’s reasonable discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all applicable requirements in applicable state the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information thereof and agrees to provide ▇▇▇the LEA, upon written request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized accessSolely as required under applicable laws, and such at the reasonable written request and with the assistance is not unduly burdensome to Providerof the LEA, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) 72 hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known and practicable:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a an outline copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA or required by appliable law. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.identifiable
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1I) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s ▇▇▇'s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇ ▇▇▇ requests Provider’s ▇▇▇▇▇▇▇▇'s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s 's use of the Service.
g. In the event of a breach originating from ▇▇▇’s 's use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight five (485) hoursdays. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a ata minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law statelaw for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by ▇▇▇LEA. If ▇▇▇ requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.state
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, the unauthorized access is attributable to Provider’s conduct, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil regarding a breach unless expressly requested by ▇▇▇LEA or required by applicable law. If ▇▇▇ LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the ServiceService to the extent such notifications are required by applicable law .
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight five (485) hoursbusiness days. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight seventy two (4872) business hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, the Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA DCSD within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA DCSD representative subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s DCSD's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇DCSD, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by DCSD. If DCSD requests ▇▇▇. If ▇▇▇ requests Provider’s ▇▇▇'s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇DCSD and legally required under applicable laws, Provider shall reimburse LEA DCSD for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s DCSD's use of the Service, subject to the amount of available insurance proceeds related to third party claims made against Parchment’s insurance policies.
g. In the event of a breach originating from ▇▇▇’s DCSD's use of the Service, Provider shall cooperate with LEA DCSD to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Provider becomes aware of any actual or reasonably suspected breach of security resulting in an unauthorized release or disclosure of or access to Student Data is accessed by Provider or obtained by an unauthorized individualits assignees in violation of applicable state of federal law, the Parents Bill of Rights, or the data privacy and security policies of the LEA (a “Security Incident”), Provider shall provide notification to LEA within a reasonable amount of time as required by the applicable state law, and in the most expedient way possible and without unreasonable delay, but in no event later than seven (7) calendar days of the incidentincident (each a “Security Incident Notification”).The LEA shall, upon notification by the Provider, be required to report to the Chief Privacy Officer, who is appointed by the State Education Department, any such breach of security and not exceeding forty-eight (48) hoursunauthorized release of such data. Provider shall follow the following process:
a. The security breach notification Unless otherwise required by the applicable law, the Security Incident Notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification Security Incident Notification described above in section 2(aSection 5.2(a) shall includeinclude such information required by the applicable state law, and at a minimum, the following information, to the extent available:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Personal Identifiable Information that were or are reasonably believed to have been the subject of a breachthe Security Incident.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breachSecurity Incident, (2) the estimated date of the breachSecurity Incident, or (3) the date range within which the breach Security Incident occurred. The notification Security Incident Notification shall also include the date of the notice.
iv. Whether Whether, to the knowledge of Provider at the time the Security Incident Notice was provided the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incidentSecurity Incident, if that information is possible to determine at the time the notice is provided.
c. At LEAProvider’s discretion, the security breach notification Security Incident Notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information Personally Identifiable Information has been breachedbreached by the Security Incident.
ii. Advice on steps that the person whose information Personally Identifiable Information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements applicable to Provider providing the Service in applicable state State and federal law with respect to a data breach Security Incident related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachSecurity Incident.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Security Incident involving Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information (“Incident Response Plan”) and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response planthe Incident Response Plan or a summary of such Incident Response Plan to the extent such plan includes sensitive or confidential information of Provider.
f. To the extent LEA determines that the Security Incident triggers third party notice requirements under applicable laws, Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If will cooperate with ▇▇▇ requests as to the timing and content of the notices to be sent. Except as otherwise required by law, Provider will not provide notice of the Security Incident directly to individuals whose Personally Identifiable Information was affected, to regulatory agencies, or to other entities, without first providing written notice to LEA. This provision shall not restrict Provider’s assistance providing notice of unauthorized accessability to provide separate security breach notification to customers, including parents and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Serviceother individuals with Outside School Accounts.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.Education Law 2-d additional requirements regarding Security Incident Notifications:
Appears in 1 contract
Sources: Student Data Privacy Addendum
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight seventy two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached. ii.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.or
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under under, to the extent available, the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, the Provider shall cooperate with LEA ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon requestsigning a non-disclosure agreement, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil student unless expressly requested by ▇▇▇LEA. If ▇▇▇ requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service., but
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.the
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. The Provider is prohibited from directly contacting parentparents, legal guardian guardians or eligible pupil pupils unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests the Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to the Provider, the Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, the Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇LEA’s use of the Service.
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, the Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Sources: Data Privacy Agreement
Data Breach. In the event that of an unauthorized release, disclosure or acquisition of Student Data is accessed that compromises the security, confidentiality or obtained integrity of the Student Data maintained by an unauthorized individual, the Provider the Provider shall provide notification to LEA within the most expedient time possible and without unreasonable delay, but no later than five (5) calendar days, unless specified differently in Exhibit G, after the determination that a breach has occurred, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable amount of time of after the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. (1) The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either either
(1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.; and
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. (2) Provider agrees to adhere to all applicable federal and state requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects reasonable best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or DocuSign Envelope ID: 8140F21F-DA4E-4A31-855A-2BA46FF14D1D use of Student Data or any portion thereof, including personally identifiable information information, and agrees to provide ▇▇▇LEA, upon request, with a copy summary of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing (4) LEA shall provide notice of unauthorized access, and such assistance is not unduly burdensome known facts surrounding the breach to Provider, Provider shall notify the affected parentstudents, legal guardian parents or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Serviceguardians.
g. (5) In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall reasonably cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding fortyseventy-eight two (4872) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent then known:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation to the extent known by the Provider and as it becomes available:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach Data Breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachData Breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breachData Breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.shall
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service. The aforementioned does not prohibit the Provider from notifying its community of users in the event of a security breach, whether it affects Student Data or not.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-forty eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At ▇. ▇▇ LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇LEA. If ▇▇▇ LEA requests Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s LEA's use of the Service.
g. In ▇. ▇▇ the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed because as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in applicable state State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide ▇▇▇LEA, upon request, with a copy of said written incident response plan.
f. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests LEA request Provider’s assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.notify
g. In the event of a breach originating from ▇▇▇LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract