Laserfiche WebLink
law, if it confirms that there is, or reasonably believes that there has been a Data Breach. <br />Brainfuse shall (1) cooperate with the Library as reasonably requested by the Library to <br />investigate and resolve the Data Breach, (2) promptly implement necessary remedial measures, <br />if necessary, and (3) document responsive actions taken related to the Data Breach, including <br />any post -incident review of events and actions taken to make changes in business practices in <br />providing the services, if necessary. <br />iii. Unless otherwise stipulated, if a Data Breach is a direct result of Brainfuse's breach of its <br />contractual obligation to encrypt Personal Data or otherwise prevent its release, Brainfuse shall <br />bear the costs associated with (1) the investigation and resolution of the Data Breach; (2) <br />notifications to individuals, regulators or others required by state law; (3) a credit monitoring <br />service required by state (or federal) law; (4) a website or a toll-free number and call center for <br />affected individuals required by state law — all not to exceed the average per record per person <br />cost calculated for data breaches in the United States (currently $225 per record/person) in the <br />most recent Cost of Data Breach Study: Global Analysis published by the Ponemon Institute <br />at the time of the Data Breach; and (5) complete all corrective actions as reasonably determined <br />by Brainfuse based on root cause. <br />Section 8.6 Definitions <br />For purposes of this Agreement, the following definitions apply: <br />"Data Breach" means the unauthorized access by a non -authorized person/s that results in the <br />use, disclosure or theft of Library's unencrypted Personal Data or Non -Public Data. <br />ii. "Non -Public Data" means data, other than Personal Data, that is not subject to distribution to <br />the public as public information. It is deemed to be sensitive and confidential by the Library <br />because it contains information that is exempt by statute, ordinance or administrative rule from <br />access by the general public as public information. <br />ii. "Personal Data" means data that includes information relating to a person that identifies the <br />person by name and has any of the following personally identifiable information (PII): <br />government -issued identification numbers (e.g., Social Security, driver's license, passport, <br />library account numbers); financial account information, including account number, credit or <br />debit card numbers; or Protected Health Information (PHI) relating to a person. Personal data <br />also means any data pertaining to students who use the Brainf ise Program pursuant to this <br />Agreement, including, without limitation, student work, student names, and student academic <br />records. <br />iv. Protected Health Information" (PHI) means individually identifiable health information <br />transmitted by electronic media, maintained in electronic media, or transmitted or maintained <br />in any other form or medium. PHI excludes education records covered by as amended, 20 <br />U.S.C. 1232g, records described at 20 U.S.C. 1232g(a)(4)(B)(iv) and employment records held <br />by a covered entity in its role as employer. <br />v. "Library Data" means all data created or in any way originating with the Library or any Library <br />student, and all data that is the output of computer processing of or other electronic <br />manipulation of any data that was created by or in any way originated with the Library or <br />Library student, whether such data or output is stored on the Library's hardware, Brainfuse's <br />hardware or exists in any system owned, maintained or otherwise controlled by the Library or <br />by Brainfuse. <br />ATTY/AGR/2017.276/BRAINFUSE, INC. <br />REV: 11-17-17 JS <br />Page 5 of 7 <br />