My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
AgdaPkt 2020-11-23 Joint SA PFA
RedwoodCity
>
City Clerk
>
Agenda Packets
>
2020-2029
>
2020
>
AgdaPkt 2020-11-23 Joint SA PFA
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
12/3/2020 5:27:49 PM
Creation date
11/19/2020 6:20:52 PM
Metadata
Fields
Template:
CC Index
CC Index - Document Type
Agenda Packet
Meeting Type
Joint
Agency Type
City Council and Successor Agency and Public Financing Authority
Date
11/23/2020
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
840
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
6.D. - Page �58 of 179 <br />DocuSign Env pe D: C4AD8365-4748-4C7A-957C-BDF25F9BOF3E <br />5.4. Breach Responsibilities. This section only applies when a Data Breach occurs with respect to <br />Personal Data or Non -Public Data within the possession or control of Vendor. <br />• Vendor, unless stipulated otherwise, shall immediately notify the appropriate City <br />Identified Contact by telephone in accordance with the agreed upon security plan or <br />security procedures if it reasonably believes there has been a Security Incident. <br />• Vendor, unless stipulated otherwise, shall promptly notify the appropriate City Identified <br />Contact within 48 hours or sooner by telephone, unless shorter time is required by <br />applicable law, if it confirms that there is, or reasonably believes that there has been a <br />Data Breach. Vendor shall (1) cooperate with the City as reasonably requested by the City <br />to investigate and resolve the Data Breach, (2) promptly implement necessary remedial <br />measures, if necessary, and (3) document responsive actions taken related to the Data <br />Breach, including any post -incident review of events and actions taken to make changes <br />in business practices in providing the Services, if necessary. <br />■ Unless otherwise stipulated, if a Data Breach is a direct result of Vendor's breach of its <br />contractual obligation to encrypt Personal Data or otherwise prevent its release, Vendor <br />shall bear the costs associated with (1) the investigation and resolution of the Data Breach; <br />(2) notifications to individuals, regulators or others required by state law; (3) a credit <br />monitoring service required by state (or federal) law; (4) a website or a toll-free number <br />and call center for affected individuals required by state law — all not to exceed the <br />average per record per person cost calculated for data breaches in the United States <br />(currently $225 per record/person) in the most recent Cost of Data Breach Study: Global <br />Analysis published by the Ponemon Institute at the time of the Data Breach; and (5) <br />complete all corrective actions as reasonably determined by Vendor based on root cause. <br />5.5. Definitions. For purposes of this Purchase Agreement, the following definitions apply: <br />• "Data Breach" means the unauthorized access by a non -authorized person/s that results <br />in the use, disclosure or theft of City's unencrypted Personal Data or Non -Public Data. <br />• "Non -Public Data" means data, other than Personal Data, that is not subject to distribution <br />to the public as public information. It is deemed to be sensitive and confidential by the <br />City because it contains information that is exempt by statute, ordinance or administrative <br />rule from access by the general public as public information. <br />• "Personal Data" means data that includes information relating to a person that identifies <br />the person by name and has any of the following personally identifiable information (1311): <br />government -issued identification numbers (e.g., Social Security, driver's license, passport, <br />library account numbers); financial account information, including account number, credit <br />or debit card numbers; or Protected Health Information (PHI) relating to a person. <br />Personal Data also means any other information identified as "personal information" by <br />California Civil Code Sections 1798.29, 1789.81.5 or 1798.82, as may be amended from <br />time to time. <br />• "Protected Health Information" (PHI) means individually identifiable health information <br />transmitted by electronic media, maintained in electronic media, or transmitted or <br />maintained in any other form or medium. PHI excludes education records covered by as <br />amended, 20 U.S.C. 1232g, records described at 20 U.S.C. 1232g(a)(4)(B)(iv) and <br />employment records held by a covered entity in its role as employer. <br />REV: 11-19-2020 EI <br />ATTY/AGR.2020.266/Axon (Page 15 of 36) 197 <br />
The URL can be used to link to this page
Your browser does not support the video tag.