Common use of Security Breach Procedures Clause in Contracts

Security Breach Procedures. (A) Immediately upon the Consultant’s awareness or reasonable belief of a Security Breach, the Consultant shall (i) notify the Manager of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (▇▇▇) ▇▇▇-▇▇▇▇ / SJVIA- ▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ (which telephone number and email address the SJVIA may update by providing notice to the Consultant), and (ii) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (B) Immediately following the Consultant’s notification to the SJVIA of a Security Breach, as provided pursuant to section 10.4(A) of this agreement, the parties shall coordinate with each other to investigate the Security Breach. The Consultant agrees to fully cooperate with the SJVIA, including, without limitation: (1) assisting the SJVIA in conducting any investigation; (2) providing the SJVIA with physical access to the facilities and operations affected; (3) facilitating interviews with Authorized Persons and any of the Consultant’s other employees knowledgeable of the matter; and (4) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the SJVIA. To that end, the Consultant shall, with respect to a Security Breach, be solely responsible, at its cost, for all notifications required by law and regulation, or deemed reasonably necessary by the SJVIA, and the Consultant shall provide a written report of the investigation and reporting required to the Manager within 30 days after the Consultant’s discovery of the Security Breach. (C) The SJVIA shall promptly notify the Consultant of the Manager’s knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Consultant’s receipt of notification thereof, the Consultant shall promptly address such Privacy Practices Complaint, including taking any corrective action under this Article 10, all at the Consultant’s sole expense, in accordance with applicable privacy rights, laws, regulations and standards. If the Consultant discovers a Security Breach, the Consultant shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Consultant’s receipt of notification of such Privacy Practices Complaint, the Consultant shall notify the SJVIA whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason therefor. (D) The Consultant shall take prompt corrective action to respond to and remedy any Security Breach and take mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Consultant’s sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Consultant shall reimburse the SJVIA for all reasonable costs incurred by the SJVIA in