Common use of Data Incidents Clause in Contracts

Data Incidents. (i) If the Supplier becomes aware or suspects that: (A) it or a subcontractor (or any of their respective Personnel) is using or disclosing, or has used or disclosed, Personal Information in contravention of this clause 19 (Data Contravention); (B) there has been a Data Breach; or (C) CFS Data or Personal Information has been lost in circumstances where unauthorised access to, or unauthorised disclosure of, that CFS Data or Personal Information may occur (Loss of Data), (each, a Data Incident), then the Supplier must: (D) immediately (but in any case, within 24 hours of it first becoming aware of such a Data Incident or beginning to suspect that such Data Incident has occurred) notify CFS as soon as it becomes so aware or has reason to suspect the Data Incident; (E) without delay, provide CFS with full details of, and assist CFS in investigating, such actual or suspected Data Incident (including all relevant information about the processes, procedures, protocols, and security practices and procedures used in the provision of the Goods and/or Services); (F) at CFS’s request, conduct an expeditious assessment of any actual or suspected Data Breach; (G) co-operate with CFS in any investigation in relation to, and the circumstances surrounding, such actual or suspected Data Incident; (H) provide CFS with access to and copies of relevant records and information, as requested by CFS; (I) use all reasonable efforts to prevent a recurrence of any actual Data Breach; and (J) comply with any direction from CFS with respect to mitigating and remedying any actual Data Incident or any of the matters set out in this clause 19(g). (ii) The Supplier must not do, or fail to do, anything which amounts to or causes a Data Incident.

Data Incidents. (i) If the Supplier becomes aware or suspects that: (A) it or a subcontractor (or any of their respective Personnel) is using or disclosing, or has used or disclosed, Personal Information in contravention of this clause 19 20 (Data Contravention); (B) there has been a Data Breach; or (C) CFS Data or Personal Information has been lost in circumstances where unauthorised access to, or unauthorised disclosure of, that CFS Data or Personal Information may occur (Loss of Data), (each, a Data Incident), then the Supplier must: (D) immediately (but in any case, within 24 hours of it first becoming aware of such a Data Incident or beginning to suspect that such Data Incident has occurred) notify CFS as soon as it becomes so aware or has reason to suspect the Data Incident; (E) without delay, provide CFS with full details of, and assist CFS in investigating, such actual or suspected Data Incident (including all relevant information about the processes, procedures, protocols, and security practices and procedures used in the provision of the Goods and/or Services); (F) at CFS’s request, conduct an expeditious assessment of any actual or suspected Data Breach; (G) co-operate with CFS in any investigation in relation to, and the circumstances surrounding, such actual or suspected Data Incident; (H) provide CFS with access to and copies of relevant records and information, as requested by CFS; (I) use all reasonable efforts to prevent a recurrence of any actual Data Breach; and (J) comply with any direction from CFS with respect to mitigating and remedying any actual Data Incident or any of the matters set out in this clause 19(g(g). (ii) The Supplier must not do, or fail to do, anything which amounts to or causes a Data Incident.