Privacy Breach Notification Clause Samples

A Privacy Breach Notification clause requires a party to promptly inform the other party if there is an unauthorized access, disclosure, or loss of personal or sensitive information. Typically, this clause outlines the timeframe for notification, the type of information that must be provided (such as the nature and scope of the breach), and any required cooperation in investigating or mitigating the breach. Its core function is to ensure transparency and timely communication, enabling affected parties to take appropriate action to minimize harm and comply with legal or regulatory obligations.
Privacy Breach Notification. The Business Associate will report to Covered Entity any use or disclosure of PHI not permitted by this BA Contract or in writing by Covered Entity. The Business Associate will investigate and make the report to Covered Entity not more than 10 days after TECHNOLOGY TOOL(S) learns of such non-permitted use or disclosure.
View SourceView Similar (3)
Privacy Breach Notification. Business Associate will report to Physician any use or disclosure of PHI not permitted by this BA Contract or in writing by Physician that is not a Security Breach reportable under Section 7(a) above. Business Associate will make the report to Physician not later than 10 days after Business Associate learns of such non-permitted use or disclosure.
View SourceView Similar (2)
Privacy Breach Notification. Who is responsible for giving notice to Individuals affected by a notifiable privacy breach? By default, the General Terms make the Recipient responsible. However, the parties can agree to change this below by changing Recipient to Discloser below. The Recipient is responsible for giving notice to Individuals affected by a notifiable privacy breach When transferred information is no longer required for any of the permitted uses, the Recipient must promptly and securely destroy or delete that transferred information, as required by clause 1.5 of the General Terms. In addition, if a particular event or date is specified in the table below, then when that event occurs or that date arrives, the Recipient will promptly destroy or delete the relevant transferred information as specified in the table. Deletion Event / Date Transferred information to be deleted The deletion and data retention periods shall be deemed the same as indicated in the Annex 1 of this DPA. What data protection laws apply in the Recipient’s home country? Name the country and list the laws. The Recipient’s home country and the data protection laws shall be deemed the same as indicated in the Master Agreement.
View SourceView Similar (2)
Privacy Breach Notification. (a) Without limiting the generality of Section 12.10(k), upon becoming aware of the occurrence of any security breach or privacy breach, the CPA will do the following, subject to Applicable Law: (i) immediately, but in any event not later than two (2) Business Days from the date the CPA becomes aware of the occurrence of such security breach or privacy breach, notify the Trustee and Guarantor by telephone and in writing; (ii) take all steps necessary to enforce against any Person that is or may be engaging in such unauthorized handling any rights that the CPA has to require such person to comply with any obligation of confidence to the CPA and to cease such unauthorized activities; (iii) do all things, execute all documents and give all assistance reasonably required by the Trustee and the Guarantor to enable the Trust to enforce against any Person that is or may be engaging in such unauthorized handling any rights that the Trust has to require such person to comply with any obligation of confidence to the Trust and to cease such unauthorized activities; and (iv) if the security breach involves Personal Information, then, if requested by the Trustee or Guarantor, reasonably cooperate with and assist the Trustee or Guarantor in any communication with the media, any affected persons (by press release, telephone, letter, call centre, website or any other method of communication) and any Governmental Authorities to explain the occurrence of the security breach and the remedial efforts being undertaken. The content and method of any such communications will be determined by the Trustee and the Guarantor. To the extent such communications refer to the CPA, the content and method of such communications will also be determined by CPA. (b) Additionally, the CPA shall assist the Trustee or Guarantor in mitigating any potential damage and take such steps as are directed by the Trustee and Guarantor to assist in the investigation, mitigation and remediation of each such security breach. (c) As soon as reasonably practicable after any such security breach, the CPA shall conduct a root cause analysis and, upon request, will share summaries of the results of its analysis and its remediation plan with the Trust. The CPA shall provide updated information to the Trust should additional details be discovered regarding the cause, nature, consequences, or extent of the security breach.
View SourceView Similar (2)
Privacy Breach Notification. (a) Without limiting the generality of Section 5.1(f), upon becoming aware of the occurrence of any security breach or privacy breach, the CPTA will do the following, subject to Applicable Law: (i) immediately, but in any event not later than two (2) business days from the date the CPTA becomes aware of the occurrence of such security breach or privacy breach, notify the Corporation by telephone and in writing; (ii) take all steps necessary to enforce against any Person that is or may be engaging in such unauthorized handling any rights that the CPTA has to require such person to comply with any obligation of confidence to the CPTA and to cease such unauthorized activities; (iii) do all things, execute all documents and give all assistance reasonably required by the Corporation to enable the Corporation to enforce against any Person that is or may be engaging in such unauthorized handling any rights that the Corporation has to require such person to comply with any obligation of confidence to the Corporation and to cease such unauthorized activities; and (iv) if the security breach involves Personal Information, then, if requested by the Corporation, reasonably cooperate with and assist the Corporation in any communication with the media, any affected persons (by press release, telephone, letter, call centre, website or any other method of communication) and any governmental or regulatory authorities to explain the occurrence of the security breach and the remedial efforts being undertaken. The content and method of any such communications will be determined by the Corporation. To the extent such communications refer to the CPTA, the content and method of such communications will also be determined by CPTA. (a) Additionally, the CPTA shall assist the Corporation in mitigating any potential damage and take such steps as are directed by the Corporation to assist in the investigation, mitigation and remediation of each such security breach. (b) As soon as reasonably practicable after any such security breach, the CPTA shall conduct a root cause analysis and, upon request, will share summaries of the results of its analysis and its remediation plan with the Corporation. The CPTA shall provide updated information to the Corporation should additional details be discovered regarding the cause, nature, consequences, or extent of the security breach.
View Source
Privacy Breach Notification. Who is responsible for giving notice to Individuals affected by a notifiable privacy breach? By default, the General Terms make the Recipient responsible. However, the parties can agree to change this below by changing Recipient to Discloser below. The Discloser is responsible for giving notice to Individuals affected by a notifiable privacy breach When transferred information is no longer required for any of the permitted uses, the Recipient must promptly and securely destroy or delete that transferred information, as required by clause 1.5 of the General Terms. In addition, if a particular event or date is specified in the table below, then when that event occurs or that date arrives, the Recipient will promptly destroy or delete the relevant transferred information as specified in the table. Deletion Event / Date Transferred information to be deleted What data protection laws apply in the Recipient’s home country? Name the country and list the laws. The Personal Data Protection Act 1998 (South Savanna)
View Source
Privacy Breach Notification. Vendor will report to CCH any use or disclosure of PHI not permitted or required by this BAA or in writing by CCH that is not a Security Breach reportable under Section 7(a). Vendor will make the report to CCH not later than 5 days after Vendor l▇▇▇▇▇ of such unauthorized use or disclosure.
View Source
Privacy Breach Notification. The Insurer will reimburse, or pay on behalf of, the Insured for Privacy Breach Notification Costs resulting from an actual or suspected Privacy Breach that is Discovered during the Policy Period, or any applicable extended reporting period. The Insurer will reimburse, or pay on behalf of, the Insured for Computer And Legal Expert Costs Specimen resulting from an actual or suspected:
View Source
Privacy Breach Notification. Should Client experience a Privacy Breach with respect to the ONE Mail Direct Services, including ONE Pages, the Authorized Representative (or his or her designate) will immediately notify eHealth Ontario Service Desk at ▇-▇▇▇-▇▇▇-▇▇▇▇ or ▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇.▇▇ and provide all information that Client is reasonably able to provide with respect to that Privacy Breach. In addition, Client will provide such assistance as eHealth Ontario may reasonably request to enable eHealth Ontario to verify and resolve that Privacy Breach. Should eHealth Ontario experience a Privacy Breach it will immediately notify Client via the contact information provided by Client.
View Source
Privacy Breach Notification 
View Source