Personal Information Security Occurrences. (1) In the event of any (a) security incident or security threat involving any Personal Information, (b) breach of any Privacy Law or other applicable Law regarding Personal Information, (c) complaints from any individuals, organizations, or regulatory authorities with respect to the breach or alleged breach of any Privacy Law or other applicable Law regarding Personal Information, (d) circumvention of the safeguards required pursuant to this Section, or (e) reasonable expectation that an identified system deficiency could result in any of the foregoing (each, a “Personal Information Security Occurrence”), then in addition to any other applicable requirements of this article, the Party suspecting or suffering such Personal Information Security Occurrence shall within twenty-four (24) hours after learning of such Personal Information Security Occurrence, notify each affected Party (i.e. State Fund, CalHR, and the affected Department must all be notified) of the Personal Information Security Occurrence and provide each affected Party with all known details relating to such Personal Information Security Occurrence. Notices regarding Personal Information Security Occurrences must be made by telephone and via email to the following Party contacts:
Personal Information Security Occurrences. In the event of any (a) Security Incident or Security Threat involving any Personal Information or (b) breach of any Privacy Law or other applicable Law regarding Personal Information (each, a “Personal Information Security Occurrence”), then in addition to any other applicable requirements of this Article, Unisys will promptly (i) notify Customer of the Personal Information Security Occurrence and provide Customer with all known details relating to such Personal Information Security Occurrence; (ii) investigate the Personal Information Security Occurrence and provide Customer with detailed information about the investigation; (iii) take reasonable steps to mitigate the effects and minimize the damage of any such Personal Information Security Occurrence; and (iv) cooperate with Customer in the manner reasonably requested by Customer and as required by law, to notify affected persons, credit bureaus, and other persons or entities. Customer will have the sole right to determine (a) whether notice of a Personal Information Security Occurrence is to be provided to any individuals, Government Authorities, consumer reporting agencies or others (b) the contents of such notice, (c) whether any type of remediation may be offered to affected persons, and (d) the nature and extent of any such remediation. If a Personal Information Security Occurrence is found to have occurred because Unisys breached its obligations under this Section and the breach is the fault of Unisys, Unisys will be responsible for (a) fines, penalties, interest and other amounts required to be paid by Customer under any Law or by Governmental Authority, or incurred to satisfy an order or directive of a Governmental Authority; and
