INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. 208 of the State Technology Law (STL) and § 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or Debit Card number plus security code, access code or password which permits access to an individual's financial account, shall disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected shall occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York shall also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxxx://xxx.xx.xxx/eiso.
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Contractor agrees to be responsible for the Department’s obligation to comply with the provisions of Section 208 of the State Technology Law,, commonly known as the Information Security Breach and Notification Act (the “ISBNA” or “Act”), and any future amendments thereto, to the extent an information security breach occurs as a result of the acts or omissions of the Contractor, including being responsible to pay all costs associated with and/or incurred because of the breach.. Contractor shall comply with all obligations imposed by the Act on the Department with respect to any breach of “private information” (as defined in the Act) used, received, handled, processed, uploaded, stored, or maintained by Contractor on behalf of the Department under this Agreement (“Department Information”). In the event of a “breach of the security of the system” (as defined by the Act), Contractor shall immediately notify the Department upon Contractor’s discovery or receipt of notification of such breach. Such notice to the Department shall be made by contacting the Information Security Office by email to: XXX.Xxxx@xxx.xx.xxx. Contractor shall immediately commence an investigation, in cooperation with the Department, to determine the scope of the breach and to restore the security of the system. To the extent the Department determines that further notifications are required to be sent out pursuant to the Act, Contractor shall be responsible for providing such notifications to all required recipients including, in accordance with New York State policy NYS-PO3-002, non-New York State residents whose private information is reasonably believed to have been exposed as a result of the breach. All costs associated with providing breach notifications shall be borne by the Contractor. It is expressly agreed that Contractor shall be obligated to receive authorization from the Department prior to making additional notifications hereunder to any individuals, the State Office of Information Technology Services, the State Consumer Protection Board, the Attorney General’s Office or any consumer reporting agencies of a breach of the security of the system, or concerning making any determination to delay notifications due to law enforcement investigations. Contractor agrees that the Department shall have final approval over the form, content, mode of transmission, and timing of any notice to be provided concerning a breach of the security of the Department Information. Nothing contained her...
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxx://xxx.xxxxx.xxxxx.xx.xx/security/securitybreach/ DIESEL EMISSION REDUCTION ACT OF 2006 (NEW REQUIREMENT OF LAW): On February 12, 2007 the Diesel Emissions Reduction Act took effect as law (the “Law”). Pursuant to new §19‑0323 of the N.Y. Environmental Conservation Law (“NYECL”) it is now a requirement that heavy duty diesel vehicles in excess of 8,500 pounds use the best available retrofit technology (“BART”) and ultra low sulfur diesel fuel (“ULSD”). The requirement of the Law applies to all vehicles owned, operated by or on behalf of, or leased by State agencies and State or regional public authorities. They need to be operated exclusively on ULSD by February 12, 2007. It also requires that such vehicles owned, operated by or on behalf of, or leased by State agencies and State or regional public authorities with more than half of its governing body appointed by the Governor utilize BART. As a contract vendor the Law may be applicable to vehicles used by contract vendors “on behalf of” State agencies and public authorities. Thirt...
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. The Offeror shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa and State Technology Law, Section 208). The Offeror shall be liable for the costs associated with such breach if caused by its negligent or willful acts or omissions, or the negligent or willful acts or omissions of its agents, officers, employees or subcontractors.
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. To the extent applicable to the Contract, the Contracting Party shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208, as each such provision may hereafter be amended). April 8, 2013 APPENDIX B OSC POLICY STATEMENT ON DISCRIMINATION AND HARASSMENT, INCLUDING SEXUAL HARASSMENT DISCRIMINATION AND HARASSMENT It is the policy of the Office of the State Comptroller (“OSC”) to provide a workplace that is free of discrimination and harassment based on race, color, sex (including sexual orientation, self-identified or perceived sex, gender expression, gender identity and the status of being transgender), creed or religion, age, national origin, disability, marital status, military or veteran status, predisposing genetic characteristics, domestic violence victim status or any other classification protected by state or federal law, rule or regulation or executive order. Discrimination is defined as the failure or refusal to hire, promote, or train an individual or treat that individual equally with respect to compensation, terms, conditions or privileges of employment because of that individual’s membership in any one of the above classes. Harassment based upon a person’s membership in any of the above classes is included within the definition of discrimination. In keeping with its policies, OSC reaffirms that it will not tolerate such discrimination or harassment in its workplace and that it will take appropriate action to prevent and stop the occurrence of such conduct in its workplace. OSC employees and any third parties who interact with OSC employees in the workplace are expected to avoid any behavior or conduct that could be interpreted as discrimination/harassment based on membership in any of the above classes. Examples of conduct that may constitute harassment based upon membership in one of the above classes include, but are not limited to: kidding or teasing related to membership in, or characteristic of one of the above classes, such as laughing at or mimicking someone’s physical or mental impairment, foreign accent, etc.; using ethnic or racial slurs; conduct that denigrates or shows hostility toward an individual because of protected class status, and that has the purpose or effect of creating an intimidating, hostile or offensive environment; and telling jokes that belittle a member or members of one of the above classes. SEXUAL HAR...
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. Section 208 of the State Technology Law (STL) and Section 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York State who own or license computerized data which includes private information including an individual's unencrypted personal information plus one (1) or more of the following: social security number, driver's license number or non-driver ID, account number, credit or debit card number plus security code, access code or password which permits access to an individual's financial account, must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York must also notify the following New York State agencies: Office of the Attorney General and the Department of State and the State Office of Information Technology Services (for Section 208 only), and the State Police (for Section 899 Only). Information relative to the law and the notification process is available at: xxxxx://xxx.xx.xxx/incident-reporting.
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. The Contractor agrees to be responsible for the State’s obligation to comply with provisions of Section 208 of the State Technology Law, commonly known as the Information Security Breach and Notification Act (the “ISBNA” or “Act”), and any future amendments thereto, to the extent an information security breach occurs as a result of the acts or omissions of the Contractor, including being responsible to pay all costs associated with and/or incurred because of the breach. The Contractor shall comply with all obligations imposed by the Act on the State with respect to any breach of “private information” (as defined in the Act) used, received, handled, processed, uploaded, stored, or maintained by the Contractor on behalf of the State under this Agreement (“Department Information”). In the event of a “breach of the security of the system” (as defined by the Act), the Contractor shall immediately notify the Department upon the Contractor’s discovery or receipt of notification of such breach. Such notice to the Department shall be made by contacting the Information Security Office by e-mail to: XXX.Xxxx@xxx.xx.
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. To the extent applicable to the Contract, the Contracting Party shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208, as each such provision may hereafter be amended). April 8, 2013 APPENDIX C OSC POLICY STATEMENT ON DISCRIMINATION AND HARASSMENT,
