INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Contractor agrees to be responsible for the Department’s obligation to comply with the provisions of Section 208 of the State Technology Law,, commonly known as the Information Security Breach and Notification Act (the “ISBNA” or “Act”), and any future amendments thereto, to the extent an information security breach occurs as a result of the acts or omissions of the Contractor, including being responsible to pay all costs associated with and/or incurred because of the breach.. Contractor shall comply with all obligations imposed by the Act on the Department with respect to any breach of “private information” (as defined in the Act) used, received, handled, processed, uploaded, stored, or maintained by Contractor on behalf of the Department under this Agreement (“Department Information”). In the event of a “breach of the security of the system” (as defined by the Act), Contractor shall immediately notify the Department upon Contractor’s discovery or receipt of notification of such breach. Such notice to the Department shall be made by contacting the Information Security Office by email to: XXX.Xxxx@xxx.xx.xxx. Contractor shall immediately commence an investigation, in cooperation with the Department, to determine the scope of the breach and to restore the security of the system. To the extent the Department determines that further notifications are required to be sent out pursuant to the Act, Contractor shall be responsible for providing such notifications to all required recipients including, in accordance with New York State policy NYS-PO3-002, non-New York State residents whose private information is reasonably believed to have been exposed as a result of the breach. All costs associated with providing breach notifications shall be borne by the Contractor. It is expressly agreed that Contractor shall be obligated to receive authorization from the Department prior to making additional notifications hereunder to any individuals, the State Office of Information Technology Services, the State Consumer Protection Board, the Attorney General’s Office or any consumer reporting agencies of a breach of the security of the system, or concerning making any determination to delay notifications due to law enforcement investigations. Contractor agrees that the Department shall have final approval over the form, content, mode of transmission, and timing of any notice to be provided concerning a breach of the security of the Department Information. Nothing contained her...
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. The Offeror shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa and State Technology Law, Section 208). The Offeror shall be liable for the costs associated with such breach if caused by its negligent or willful acts or omissions, or the negligent or willful acts or omissions of its agents, officers, employees or subcontractors.