Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process: a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice. b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At LEA’s discretion, the security breach notification may also include any of the following: i. Information about what the agency has done to protect individuals whose information has been breached. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself. d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan. f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 234 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 63 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days immediately following discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
. ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation and the law enforcement agency determined that notification would impede a criminal investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible student unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall
Appears in 51 contracts
Sources: Washington Student Data Privacy Agreement, Washington Student Data Privacy Agreement, Washington Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. iii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
b. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. . Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. c. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 44 contracts
Sources: Rhode Island Student Data Privacy Agreement, Rhode Island Student Data Privacy Agreement, Rhode Island Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten three (103) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. iii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
b. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. c. In the event of a reportable breach, the Provider shall keep a complete copy of the LEA’s data it held at the time of the breach in a LEA approved secured, encrypted form and format. Vendor shall retain said data on the LEA’s behalf unless and until the LEA directs its transmission or certified destruction.
d. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. e. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 33 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Rhode Island Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s 's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees Any agency that is required to adhere issue a security breach notification pursuant to all requirements in this section to more than 500 California residents as a result of a single breach of the Massachusetts Data Breach law and in federal law with respect to security system shall electronically submit a data single sample copy of that security breach related notification, excluding any personally identifiable information, to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachAttorney General. Provider shall assist LEA in these efforts.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 31 contracts
Sources: California Student Data Privacy Agreement, California Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information toll free numbers and agrees websites to provide LEA, upon request, with a copy of said written incident response plan.contact:
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
Appears in 29 contracts
Sources: Student Data Privacy Agreement, Rhode Island Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.law
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 24 contracts
Sources: Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA CFISD within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of for the reporting LEA subject to this sectionDistrict.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEACFISD’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law Identity Theft Enforcement and Protection Act, Chapter 521 of the Texas Business & Commerce Code and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEACFISD, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 19 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. d. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At e. The Provider will assist the request and with the assistance District when requested in District’s notification of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the access by providing information listed in subsections (b) and (c), abovereasonably required to provide such notifications or as otherwise required by law.
Appears in 14 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days immediately following discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
. ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation and the law enforcement agency determined that notification would impede a criminal investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible student unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall
Appears in 14 contracts
Sources: Washington Student Data Privacy Agreement, Washington Student Data Privacy Agreement, Washington Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 13 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 9 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s ▇▇▇'s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees Any agency that is required to adhere issue a security breach notification pursuant to all requirements in this section to more than 500 California residents as a result of a single breach of the Massachusetts Data Breach law and in federal law with respect to security system shall electronically submit a data single sample copy of that security breach related notification, excluding any personally identifiable information, to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachAttorney General. Provider shall assist ▇▇▇ in these efforts.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 4 contracts
Sources: California Student Data Privacy Agreement, California Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 4 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.unauthorized
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 4 contracts
Sources: Oregon Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten three (103) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information toll free numbers and agrees websites to provide LEA, upon request, with a copy of said written incident response plan.contact:
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
Appears in 4 contracts
Sources: Rhode Island Student Data Privacy Agreement, Rhode Island Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 3 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
vi. The estimated number of students and teachers affected by the breach, if any.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall assist the LEA notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.unauthorized
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. iii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
b. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. . Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. c. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” , and shall present the information described herein under the following headings: “What Happened,” “, What Information Was Involved,” “, What We Are Doing,” “, What You Can Do,” , and “For More Information.” . Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s LEA s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Sources: Massachusetts Student Data Privacy Agreement, Massachusetts Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Sources: Oregon Student Data Privacy Agreement, Oregon Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s 's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees Any agency that is required to adhere issue a security breach notification pursuant to all requirements in this section to more than 500 California residents as a result of a single breach of the Massachusetts Data Breach law and in federal law with respect to security system shall electronically submit a data single sample copy of that security breach related notification, excluding any personally identifiable information, to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachAttorney General. Provider shall assist LEA in these efforts.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
f. Notwithstanding the foregoing, in the event there is a Data Breach, Provider shall only be required to provide the information outlined herein to the extent available and once a determination has been made that the release of such information will not compromise any investigation or remediation of the Data Breach.
Appears in 2 contracts
Sources: California Student Data Privacy Agreement, California Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said access to employees at reasonable times to answer the LEA’s questions on the written incident response plan.
f. At In the event that a breach is due to the Provider’s failure to comply with the terms of this Agreement, Provider shall, at the request and with the assistance of the DistrictLEA, Provider shall notify assist the LEA in notifying the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Sources: Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:the
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 2 contracts
Sources: Massachusetts Student Data Privacy Agreement, Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within promptly after ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following informationinformation if applicable:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. Information vi. If applicable, information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
ii1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
vii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. viii. If applicable, a clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
ix. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. . Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
ii1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
vii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. viii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
c. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. . Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. d. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s 's discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees Any agency that is required to adhere issue a security breach notification pursuant to all requirements in this section to more than 500 California residents as a result of a single breach of the Massachusetts Data Breach law and in federal law with respect to security system shall electronically submit a data single sample copy of that security breach related notification, excluding any personally identifiable information, to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachAttorney General.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects follow best practices and is consistent with practices, industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response planmake staff available to the LEA at reasonable times to discuss these practices.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify reasonably assist the LEA in notifying the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects industry best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At In cases where the unauthorized access is due to a breach by Provider of this DPA, then at the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten seven (107) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section Section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any occurred.
vi. A clear and concise description of the followingremediation services offered to affected individuals, including toll free numbers and websites to contact:
i. Information about what the agency has done to protect individuals whose information has been breached.1. The credit reporting agencies
ii2. Remediation service providers
3. The attorney general
vii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. viii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary.
ix. Information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
c. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. s eq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
d. In the event of a reportable breach, the Provider shall keep a complete copy of the LEA’s data it held at the time of the breach in a LEA approved secured, encrypted form and format. Vendor shall retain said data on the LEA’s behalf unless and until the LEA directs its transmission or certified destruction.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At When required under the request and with law, the assistance of the District, Provider District shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (ba) and (cb), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is has been confirmed to have been accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA School Unit within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following processprocess for such notification:
a. The security breach notification shall be written in plain language, shall be titled similarly to “Notice of Data Breach,” and shall present including detailed information regarding what happened, what information was involved, what Provider is doing, and what the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” School Unit can do. Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA School Unit subject to this section.
ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a confirmed breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEASchool Unit’s discretion, and upon School Unit’s request, a supplement to the security breach notification may also will be provided that shall include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herselfthemselves.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such confirmed data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best industry standard practices and is consistent with industry standards and federal and state law for responding to a confirmed data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information Student Data and agrees to provide LEASchool Unit, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictSchool Unit, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above, provided ▇▇▇ gives NWEA the contact information for the parent, legal guardian or eligible student.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts New Hampshire Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, if legally permissible, Provider shall provide notification to LEA within ten (10) 30 thirty days of the knowledge of such incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and to the extent Provider reasonably knows, shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.the
b. The security breach notification described above in section 2(a) shall include, at a minimumminimum to the extent Provider reasonably knows, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretionWith mutual agreement of the parties, the security breach notification to LEA’s impacted Pupils may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan policy that reflects industry reasonable best practices and is consistent with industry standards and applicable federal and state law for responding to a data breach, breach of security, privacy security incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon written request, with a copy of said written incident response plan.plan policy. Provider’s’ Incident Response Plan Policy is the Provider’s confidential information and must be kept in the strictest of
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized accessaccess to Student Data, which shall include the information listed in subsections (b) and (c), above, if required by applicable law.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.the
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable time following discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
. ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation and the law enforcement agency determined that notification would impede a criminal investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible student unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident, and not exceeding seven (7) calendar days. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headingsregarding: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇, in relation to notification of deletion or for technical support. If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇’s use of the Service.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.the
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictDistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the verified incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all applicable requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan (the “Plan”) that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data PII or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy the material provisions of said written incident response planthe Plan and shall make employees available upon reasonable notice and at reasonable times to answer questions of the LEA related to the Plan.
f. At the request and with the assistance of the District, Provider shall notify assist LEA with any legally required notification to the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall may include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided, including the number of affected individuals and how the security breach occurred.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. i. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
b. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. . Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. c. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days immediately following discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
iisection Ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation and the law enforcement agency determined that notification would impede a criminal investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible student unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. iii. A clear and concise description of the affected parent, legal guardian, or eligible student's ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student's requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
b. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. . Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. c. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA School Unit within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following processprocess for such notification:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA School Unit subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. d. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEASchool Unit, upon request, with a copy of said written incident response plan.
f. At e. The Provider will assist the request and with the assistance of District when requested in the District, Provider shall notify ’s notification of the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the access by providing information listed in subsections (b) and (c), abovereasonably required to provide such notifications or as otherwise required by law.
Appears in 1 contract
Sources: Maine Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days immediately following discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
. ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation and the law enforcement agency determined that notification would impede a criminal investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible student unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall 1. Indemnity. Reserved.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the confirmed incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all applicable requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. d. Provider further acknowledges and agrees to have a written incident response plan that reflects best industry standard practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information Personally Identifiable Information and agrees to provide LEA, make employees available upon request, with a copy reasonable notice and at reasonable times to answer questions of said the LEA regarding the written incident response plan.
f. At the request e. Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider’s assistance providing legally required notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify assist the LEA notifying the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall may include the information listed in subsections (b) and (c), above, to the extent available. If requested by LEA, Provider shall reimburse LEA for reasonable costs incurred to provide any legally required notification to parents/families of a breach not originating from LEA's use of the Service.
f. In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data. ARTICLE VI- GENERAL OFFER OF PRIVACY TERMS
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA LISD within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of for the reporting LEA subject to this sectionDistrict.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEALISD’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law Identity Theft Enforcement and Protection Act, Chapter 521 of the Texas Business & Commerce Code and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEALISD, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, the Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. The Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.More
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, investigation if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. The Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. The Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident incident, or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At The Provider is prohibited from directly contacting parents, legal guardians, or eligible pupils unless expressly requested by LEA. If LEA requests the request Provider’s assistance providing notice of unauthorized access, and with such assistance is not unduly burdensome to the assistance of Provider, the District, Provider shall notify the affected parent, legal guardian or eligible pupil affected
g. In the event of a breach originating from LEA’s use of the unauthorized accessService, which the Provider shall include cooperate with LEA to the information listed in subsections (b) and (c), aboveextent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided., including the number of affected
c. At LEA’s discretion, vi. To the security breach notification may also include any of the followingextent applicable and legally required:
i. Information 1. information about what the agency Provider has done to protect individuals whose information has been breached., including toll free numbers and websites tocontact: • The credit reporting agencies • Remediation service providers • The attorney general
ii2. Advice advice on steps that the person whose information has been breached may take to protect toprotect himself or herself.
d. 3. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees maybe required to be paid to the consumer reporting agencies.
c. Provider agrees to adhere to all applicable requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. . Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and standardsand federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan, subject to LEA executing Provider’s separate non-disclosure agreement.
f. d. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information theinformation listed in subsections (b) and (c), above.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten three (103) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. iii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
b. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. c. In the event of a reportable breach, the Provider shall keep a complete copy of the LEA’s data it held at the time of the breach in a LEA approved secured, encrypted form and format. Vendor shall retain said data on the LEA’s behalf unless and until the LEA directs its transmission or certified destruction.
d. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. e. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. iii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
c. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
d. In the event of a reportable breach, the Provider shall keep a complete copy of the LEA’s data it held at the time of the breach in a LEA approved secured, encrypted form and format. Vendor shall retain said data on the LEA’s behalf unless and until the LEA directs its transmission or certified destruction.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data in Provider’s possession or control is accessed or obtained by an unauthorized individualindividual (a “Security Breach”), Provider shall provide notification to LEA within ten (10) days a reasonable amount of time after Provider becomes aware of the incidentSecurity Breach, and not exceeding forty- eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” herein. Additional information may be provided as a supplement to the notice.
b. The security breach Security Breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.to
iii. If the information is reasonably possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
. v. A general description of the breach incident, if that information is reasonably possible to determine at the time the notice is provided.
c. At LEAProvider’s discretion, the security breach Security Breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.whose
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach Security Breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breachSecurity Breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. At the request If ▇▇▇ requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, at ▇▇▇’s expense unless such unauthorized access was caused by Provider’s breach of its obligations under this DPA, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach caused by Provider’s breach of its obligations under this DPA.
g. In the event of a breach originating from ▇▇▇’s use of the Service, Provider shall use commercially reasonable efforts to cooperate with ▇▇▇ to the extent necessary to expeditiously
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days immediately following discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation and the law enforcement agency determined that notification would impede a criminal investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible student unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten three (103) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of occurred.
vi. To the following:
i. Information extent required by law, information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information toll free numbers and agrees websites to provide LEA, upon request, with a copy of said written incident response plancontact:
1. The credit reporting agencies 2.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.access to
f. At In the event that a breach is due to the Provider’s failure to comply with the terms of this Agreement, Provider shall, at the request and with the assistance of the DistrictLEA, Provider shall notify assist the LEA in notifying the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
. ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy summary of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach caused by the Provider’s failure to comply with the terms of this DPA.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days following confirmation of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.that
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information PII or Student Data that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided, including the number of affected individuals and how the security breach occurred.
vi. Information about what the Provider has done to protect individuals whose information has been breached, including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA School Unit within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following processprocess for such notification:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA School Unit subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. d. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEASchool Unit, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance e. The Provider will assist School Unit when requested in School Unit’s notification of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the access by providing information listed in subsections (b) and (c), abovereasonably required to provide such notifications or as otherwise required by law.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.of
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of the incident. Provider shall follow the following process:time of the
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by LEA, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from LEA's use of the Service.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, including the number of affected individuals and how the security breach notification may also include any of the following:occurred.
i. vi. Information about what the agency has done to protect individuals whose information has been breached., including toll free numbers and websites to contact:
1. The credit reporting agencies
2. Remediation service providers
3. The attorney general
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. iii. A clear and concise description of the affected parent, legal guardian, or eligible student’s ability to file or obtain a police report; how an affected parent, legal guardian, or eligible student’s requests a security freeze and the necessary information to be provided when requesting the security freeze; and that fees may be required to be paid to the consumer reporting agencies.
b. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law 11-49.3-1, et. seq. and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. . Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. c. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
d. The aforementioned goes without prejudice to any general notification the Provider may deliver to its users and community for the communication of a security breach or event.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the District, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.law
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days immediately following discovery of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA Provider subject to this section.
ii. A list of the types of personal information Student Data that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation and the law enforcement agency determined that notification would impede a criminal investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency Provider has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible student unless expressly requested by LEA. If LEA requests Provider’s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil student of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
g. In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” , and shall present the information described herein under the following headings: “What Happened,” “, What Information Was Involved,” “, What We Are Doing,” “, What You Can Do,” , and “For More Information.” . Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result because of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s LEA s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable state and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA▇▇▇, upon request, with a copy of said written incident response plan.
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider s assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇ s use of the Service.
g. In the event of a breach originating from ▇▇▇ s use of the Service, Provider shall cooperate with ▇▇▇ to the extent necessary to expeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident, and not exceeding 2 business days. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “"Notice of Data Breach,” " and shall present the information described herein under the following headings: “"What Happened,” “" "What Information Was Involved,” “" "What We Are Doing,” “" "What You Can Do,” " and “"For More Information.” " Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.information
f. At the request Provider is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by ▇▇▇. If ▇▇▇ requests Provider's assistance providing notice of unauthorized access, and with the such assistance of the Districtis not unduly burdensome to Provider, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If requested by ▇▇▇, Provider shall reimburse LEA for costs incurred to notify parents/families of a breach not originating from ▇▇▇'s use of the Service.
g. In the event of a breach originating from ▇▇▇'s use of the Service, Provider shall cooperate with LEA to the extent necessary toexpeditiously secure Student Data.
Appears in 1 contract
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten (10) days a reasonable amount of time of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law applicable State and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above. If deemed appropriate, Provider may also proceed to notify the affected parent, legal guardian or eligible pupil without specific request from LEA.
Appears in 1 contract
Sources: Student Data Privacy Agreement
Data Breach. In the event that Student Data is accessed or obtained by an unauthorized individual, Provider shall provide notification to LEA within ten thirty (1030) days of the incident. Provider shall follow the following process:
a. The security breach notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
b. The security breach notification described above in section 2(a) shall include, at a minimum, the following information:
i. The name and contact information of the reporting LEA subject to this section.
ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
c. At LEA’s discretion, the security breach notification may also include any of the following:
i. Information about what the agency has done to protect individuals whose information has been breached.
ii. Advice on steps that the person whose information has been breached may take to protect himself or herself.
d. Provider agrees to adhere to all requirements in the Massachusetts Data Breach law and in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
e. Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a copy of said written incident response plan.. Except as otherwise required by law or agreed in writing between the parties, and excluding Student Data or any other data that belongs to LEA, all information provided by Provider to the LEA pursuant to this paragraph or any audit
f. At the request and with the assistance of the DistrictLEA, Provider shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which shall include the information listed in subsections (b) and (c), above.
Appears in 1 contract
Sources: Student Data Privacy Agreement