Masthead header

Data Breach Agreement

The customer`s use of SuperOffice products is subject to one or more of the agreements listed below (“Customer Use Agreements”): in 2016, PCH and Nuance entered into a master`s contract on health care, which included a matching subscription (BAA)2. As part of the agreement, Nuance PCH provided licenses, equipment and services related to Nuance`s medical dictatorship software. PCH provided notification information from the server of nuances (i.e. the domain administrator`s username and password) that provided Nuance with a data port in PCH`s servers and computer system. Also, nuance asserts that the economic loss rule requires personal injury or property damage to support unauthorized liability. Nuance submitted that because of the agreement and the absence of property damage, the Commission prohibits the fault of the doctrine of action and the rule of economic loss pCH negligence. PCH also submitted that the reason for the doctrine of action does not preclu her claim of negligence, since the allegation is based on the violation of Nuances against an independent standard of care under HIPAA. In addition, PCH submitted that the economic harm rule does not prevent it from being negligent, as PCH suffered physical harm to its computer system and the parties as a result of their special relationship under HIPAA. In addition, PCH submitted that the breach of nuance did not fall within the force majeure provision of the agreement. The PCH argued that the force majeure provision was only non-performance and not negligence of the benefit. The processing of personal data (as defined below) is subject to the requirements and obligations of existing legislation.

If the person in charge of the processing is a legal entity established in the European Economic Area (EEA), the applicable data protection rules include local data protection provisions and this EU Regulation 2016/679 of 27 April 2016. The parties agree to amend this data processing agreement as the new mandatory requirements under the EU Regulation 2016/679 are necessary. In contrast to Nuance`s application for release, PCH argued that Section 12.3 of the agreement did not object to its right to loss. For this argument, PCH referred to Section 12.3, which begins with the phrase “Subject to the provisions of this section” and section 12.2, which states that “nothing in this agreement is taken to ensure responsibility for the nuance for … Property damage caused by negligence in the provision of services on the company`s sites; or, to the extent that such exclusion or restriction is not legally permitted by other means. On the basis of these provisions, PCH argued that the shutdown of its computers was not only a loss of data, but a material damage. In support, PCH stated that, because of NotPetya, it was necessary to replace 59 jobs and rebuild its computer network from scratch. In addition, Nuance submitted that the force majeure provision in section 14.2 of the agreement qualified liability for the losses suffered by PCH. On this point, the nuance was based on the language of the provision: “… Non-compliance with any of the contracting parties is excluded to the extent that the benefit is … Government acts or orders or restrictions, acts of terrorism, war… As NotPetya was a cyberattack by the Russian military, Nuance argued that he should not be responsible for the PCH`s losses. In accordance with the approaches described above, experts should also include a compensation clause for the protection of the creditor. In addition to other claims and damages, this provision should provide the seller with compensation for damages resulting from 1) unauthorized access to data resulting from a customer`s act or omission; 2) unauthorized access to the customer`s IT environment or data resulting from a customer`s act or omission; 3) the breach of contract by the customer; 4) Client negligence; or 5) the customer`s violation of the applicable law.