INFORMATION SECURITY BREACH Sample Clauses

INFORMATION SECURITY BREACH. In the event of a Breach of Security as defined in NY CLS Gen Bus §899-aa and NY CLS State Technology Law §208, or otherwise, involving AGENCY supplied Personal Information or Private Information from systems owned, operated, sub-contracted or otherwise routed through Contractors systems or networks, CONTRACTOR shall notify AGENCY immediately, without unreasonable delay. “
Sample 1Sample 2Sample 3See All (16)
AutoNDA by SimpleDocs
INFORMATION SECURITY BREACH. In accordance with the Information and Security Breach Notification Act (ISBNA) (Chapter 442 of the Laws of 2005, as amended by Chapter 491 of the Laws of 2005), a Contractor with BOE shall be responsible for all applicable provisions of the ISBNA and the following terms herein with respect to any private information (as defined in the ISBNA) received by or on behalf of BOE under this Agreement. • Contractor shall supply BOE with a copy of its notification policy, which shall be modified to be in compliance with this provision, as well as BOE’s notification policy. • Contractor must encrypt any database fields and backup tapes that contain private data elements, as set forth in the ISBNA. • Contractor must ensure that private data elements are encrypted in transit to / from their systems. • In general, contractor must ensure that private data elements are not displayed to users on computer screens or in printed reports; however, specific users who are authorized to view the private data elements and who have been properly authenticated may view/receive such data. • Contractor must monitor for breaches of security to any of its systems that store or process private data owned by BOE. • Contractor shall take all steps as set forth in ISBNA to ensure private information shall not be released without authorization from BOE. • In the event a security breach occurs as defined by ISBNA Contractor shall immediately notify BOE and commence an investigation in cooperation with BOE to determine the scope of the breach. • Contractor shall also take immediate and necessary steps needed to restore the information security system to prevent further breaches. • Contractor shall immediately notify BOE following the discovery that BOE’s system security has been breached. • Unless the Contractor is otherwise instructed, Contractor is to first seek consultation and receive authorization from BOE prior to notifying the individuals whose personal identity information was compromised by the breach of security, the New York State Chief Information Security Office, the Department of State Division of Consumer Protection, the Attorney General’s Office or any consuming reporting agencies of a breach of the information security system or concerning any determination to delay notification for law enforcement investigations. • Contractor shall be responsible for providing all notices required by the ISBNA and for all costs associated with providing said notices. • This policy and proce...
Sample 1
INFORMATION SECURITY BREACH an Information Security Incident where it is confirmed that a stated organisational policy or legal requirement regarding Information Security has been contravened.
Sample 1
INFORMATION SECURITY BREACH. (a) Subject to the rights of Bayer specified in this Article XXX (Data Security), Supplier shall be responsible for any and all information security incidents involving Personal Data that are handled by, or on behalf of, Supplier.
Sample 1
INFORMATION SECURITY BREACH. Service Provider shall promptly (inline with the legal and regulatory requirements applicable, whichever is most stringent) notify Flipkart if Service Provider knows or has reason to believe or/and confirmed on there has been any misuse, compromise, loss, or unauthorized disclosure or acquisition of, or access to Flipkart’s confidential data (an “Information Security Breach”). Upon any discovery of an Information Security Breach, the Service Provider shall investigate, remediate, and mitigate the effects of the Information Security Breach, and provide Flipkart with assurances reasonably satisfactory to Flipkart that such Information Security Breach shall not recur. Service Provider shall reasonably cooperate with Flipkart in connection with each of the foregoing and shall comply with any reasonable instructions provided by Flipkart in connection therewith. Flipkart reasonably determines that a third-party security assessment is required in connection with an Information Security Breach. Service Provider shall provide, at Flipkart’s request, any information related to any such Information Security Breach or requested by Flipkart, including but not limited to, vulnerabilities or flaws, start or end date, date of discovery, and specific actions taken to contain and/or mitigate. If any Information Security Breach occurs as a result of an act or omission of a Service Provider or its personnel, the Service Provider shall, at its sole expense, undertake remedial measures.
Sample 1

Related to INFORMATION SECURITY BREACH

  • Personal Information security breach Supplier/Service Provider’s Obligations

  • Security Breach In the event that Seller discovers or is notified of a breach, potential breach of security, or security incident at Seller's Facility or of Seller's systems, Seller shall immediately (i) notify Company of such potential, suspected or actual security breach, whether or not such breach has compromised any of Company's confidential information; (ii) investigate and promptly remediate the effects of the breach, whether or not the breach was caused by Seller; (iii) cooperate with Company with respect to any such breach or unauthorized access or use; (iv) comply with all applicable privacy and data protection laws governing Company's or any other individual's or entity's data; and (v) to the extent such breach was caused by Seller, provide Company with reasonable assurances satisfactory to Company that such breach, potential breach, or security incident shall not recur. Seller shall provide documentation to Company evidencing the length and impact of the breach. Any remediation of any such breach will be at Seller's sole expense.

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC Xxxxx Cyber-safety Policy, UC Xxxxx Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC Xxxxx computing systems and electronic data.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.

  • Security Breaches In order to protect your security, it is your sole responsibility to ensure that all usernames and passwords used to access the Website are kept secure and confidential. You must immediately notify us of any unauthorized use of your account, including the unauthorized use of your password, or any other breach of security. We will investigate any breach of security on the Website that we determine in our sole discretion to be serious in nature, but we will not be held responsible or liable in any manner for breaches of security or any unauthorized access to your account however arising.

  • Security Breach Notification In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include:

  • Security Breach Notifications Notice must be given by the Subrecipient to anyone whose PSCI could have been breached in accordance with HIPAA, the Information Practices Act of 1977, and State policy.

  • Security Breach Notice and Reporting The Contractor shall have policies and procedures in place for the effective management of Security Breaches, as defined below, which shall be made available to the State upon request. In addition to the requirements set forth in any applicable Business Associate Agreement as may be attached to this Contract, in the event of any actual security breach or reasonable belief of an actual security breach the Contractor either suffers or learns of that either compromises or could compromise State Data (a “Security Breach”), the Contractor shall notify the State within 24 hours of its discovery. Contractor shall immediately determine the nature and extent of the Security Breach, contain the incident by stopping the unauthorized practice, recover records, shut down the system that was breached, revoke access and/or correct weaknesses in physical security. Contractor shall report to the State: (i) the nature of the Security Breach; (ii) the State Data used or disclosed; (iii) who made the unauthorized use or received the unauthorized disclosure; (iv) what the Contractor has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure; and (v) what corrective action the Contractor has taken or shall take to prevent future similar unauthorized use or disclosure. The Contractor shall provide such other information, including a written report, as reasonably requested by the State. Contractor shall analyze and document the incident and provide all notices required by applicable law. In accordance with Section 9 V.S.A. §2435(b)(3), the Contractor shall notify the Office of the Attorney General, or, if applicable, Vermont Department of Financial Regulation (“DFR”), within fourteen (14) business days of the Contractor’s discovery of the Security Breach. The notice shall provide a preliminary description of the breach. The foregoing notice requirement shall be included in the subcontracts of any of Contractor’s subcontractors, affiliates or agents which may be “data collectors” hereunder. The Contractor agrees to fully cooperate with the State and assume responsibility at its own expense for the following, to be determined in the sole discretion of the State: (i) notice to affected consumers if the State determines it to be appropriate under the circumstances of any particular Security Breach, in a form recommended by the AGO; and (ii) investigation and remediation associated with a Security Breach, including but not limited to, outside investigation, forensics, counsel, crisis management and credit monitoring, in the sole determination of the State. The Contractor agrees to comply with all applicable laws, as such laws may be amended from time to time (including, but not limited to, Chapter 62 of Title 9 of the Vermont Statutes and all applicable State and federal laws, rules or regulations) that require notification in the event of unauthorized release of personally-identifiable information or other event requiring notification. In addition to any other indemnification obligations in this Contract, the Contractor shall fully indemnify and save harmless the State from any costs, loss or damage to the State resulting from a Security Breach or the unauthorized disclosure of State Data by the Contractor, its officers, agents, employees, and subcontractors.

  • Information Security Requirements In cases where the State is not permitted to manage/modify the automation equipment (server/computer/other) that controls testing or monitoring devices, the Contractor agrees to update and provide patches for the automation equipment and any installed operating systems or applications on a quarterly basis (at minimum). The Contractor will submit a report to the State of updates installed within 30 days of the installation as well as a Plan of Actions and Milestones (POA&M) to remediate any vulnerabilities ranging from Critical to Low. The contractor will provide an upgrade path or compensatory security controls for any operating systems and applications listed as beyond “end-of-life” or EOL, within 90 days of the EOL and complete the EOL system’s upgrade within 90 days of the approved plan.

  • Confidential Information Breach This shall mean, generally, an instance where an unauthorized person or entity accesses Confidential Information in any manner, including but not limited to the following occurrences: (1) any Confidential Information that is not encrypted or protected is misplaced, lost, stolen or in any way compromised; (2)one or more third parties have had access to or taken control or possession of any Confidential Information that is not encrypted or protected without prior written authorization from the State; (3) the unauthorized acquisition of encrypted or protected Confidential Information together with the confidential process or key that is capable of compromising the integrity of the Confidential Information; or (4) if there is a substantial risk of identity theft or fraud to the Client Agency, the Contractor, DAS or State.

Time is Money Join Law Insider Premium to draft better contracts faster.