Common use of Security Incident Notification Clause in Contracts

Security Incident Notification. If Microsoft becomes aware of any unlawful access to any Customer Data or Support Data stored on Microsoft’s equipment or in Microsoft’s facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of Customer Data or Support Data (each a “Security Incident”), Microsoft will promptly (1) notify Customer of the Security Incident; (2) investigate the Security Incident and provide Customer with detailed information about the Security Incident, including, if known, the date or estimated date of the unlawful access and the categories of data affected; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. Given the nature of the Online Services and Microsoft's privacy policies, Microsoft will generally not have knowledge of the data or categories of data stored by Customer. In the event of unlawful access, Microsoft's ability to provide detailed information about the data accessed may be limited. Microsoft will provide such details about the unlawful access as are reasonably available to it. Notification(s) of Security Incidents will be delivered to one or more of Customer’s administrators by any means Microsoft selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on each applicable Online Services portal. Microsoft’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by Microsoft of any fault or liability with respect to the Security Incident. Customer must notify Microsoft promptly about any possible misuse of its accounts or authentication credentials or any security incident related to an Online Service. Microsoft will comply with the provisions of New Hampshire’s data breach statute (RSA 359- C:19 et. seq.), as applicable, in the event of a Security Incident.

Security Incident Notification. If Microsoft becomes aware of any unlawful access to any Customer Data or Support Data stored on Microsoft’s equipment or in Microsoft’s facilities, or unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of Customer Data or Support Data (each a “Security Incident”), Microsoft will promptly (1) notify Customer of the Security Incident; (2) investigate the Security Incident and provide Customer with detailed information about the Security Incident, including, if known, the date or estimated date of the unlawful access and the categories of data affected; and (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. Given the nature of the Online Services and Microsoft's privacy policies, Microsoft will generally not have knowledge of the data or categories of data stored by Customer. In the event of unlawful access, Microsoft's ability to provide detailed information about the data accessed may be limited. Microsoft will provide such details about the unlawful access as are reasonably available to it. Notification(s) of Security Incidents will be delivered to one or more of Customer’s administrators by any means Microsoft selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on each applicable Online Services portal. Microsoft’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by Microsoft of any fault or liability with respect to the Security Incident. Customer must notify Microsoft promptly about any possible misuse of its accounts or authentication credentials or any security incident related to an Online Service. Microsoft will comply with the provisions of New Hampshire’s data breach statute (RSA 359- C:19 et. seq.), as applicable, in the event of a Security Incident.