Common use of INFORMATION SECURITY BREACH AND NOTIFICATION ACT Clause in Contracts

INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/

INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/ BASE CONTRACT AMENDMENT JUNE 2008

INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When When‌ notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/.