Data Breach Terms and Conditions

Data Breach Planning and Response Services

Breach Services

Breach Terms

Breach FAQs

Terms and Conditions

1. The nxg|PROTECT Biz Services (“Services”) are offered through a group services agreement between the sponsoring financial institution (“Program Sponsor”) and NXG Strategies, LLC (“NXG”), and are extended to Business Members through ownership of one or more covered accounts that meet the requirements established by the Program Sponsor for the Services (“Eligibility Requirement”). Additional information about the Services and the Eligibility Requirement can be found at the Program Sponsor’s website.

2. A “Business Member” is a business domiciled in the United States which has one hundred (100) or fewer Employees. “Employees” include all full-time and part-time employees of the Business Member. Business Members are entitled to access the Data Breach Planning Services, Data Breach Response Services, and Data Breach Remediation Services (collectively, the “Data Breach Services”).

3. Access to the Data Breach Services begins when the Business Member first meets the Eligibility Requirement, and ends when the Business Member no longer meets the Eligibility Requirement or when Program Sponsor terminates the Services, whichever occurs first (“Benefits Period”). Only Data Breach Services utilized during the Benefits Period will be covered by the Services. The Data Breach Services are performed with agencies and institutions in the United States, or territories where U.S. law applies.

4. “Data Breach Planning Services” provides Business Members with access to:

a. A Data Breach Response Plan Template to assist Business Members in the pre-planning for, and responding to, a “Data Breach”. A Data Breach is a malicious or accidental incident that causes a loss of control of non-public information or personally identifiable information of Employees or customers, entrusted to the Business Member, to an untrusted environment. A Data Breach is defined by a single discovery of data compromise, regardless of the duration of the incident. Incidents include, but are not limited to, accidental release or publication of information, systems or network intrusion, employee theft, and physical break-ins.
b. Data Breach Awareness Training for the Business Member’s Employees.
c. Guide on how to conduct annual Data Breach Drills.

5. “Data Breach Response Services” provides consultation for the management of the Business Member’s suspected or confirmed Data Breach. Data Breach Response Services are limited to up to two (2) Data Breaches per Business Member per year. Only Data Breach incidents that are discovered and reported during the Benefits Period will be covered by the Data Breach Response Services. The Business Member should contact NXG directly by calling 877-207-9545.

a. At time of Data Breach NXG will consult with the Business Member regarding the Data Breach and provide a customized plan of action for implementing a response to support the Business Member’s expressed needs.
b. As requested, NXG will create the draft of one or more customized notification letters based on the circumstances of the Data Breach.
c. As requested, NXG will create a draft of a customized talking points script for the Business Member’s employees, and at the option of the Business Member, for the use of the Privacy Advocates in the form of a “Frequently Asked Questions” about document.
d. As requested, NXG will create a draft of messaging that the Business Member can use on their consumer-facing and/or internal-facing websites specific to the Data Breach.
e. As requested, NXG will create a draft of other public relations documents to assist in the management of the Data Breach response, such as employee notices, and press releases.
f. NXG can provide access to additional optional services to support the Data Breach response, as requested.

6. “Data Breach Remediation Services” provides professionals to manage the detection, investigation, and remediation of incidents of identity fraud caused by Identity Theft, for persons whose Records have been compromised in a Data Breach (“Affected Individuals”). Data Breach Remediation Services are limited to up to twenty five thousand (25,000) Records per Business Member per year. Data Breach Remediation Services are available to Affected Individuals for one (1) year after they are notified of the Data Breach. Data Breach Remediation Services can be provided to additional Records at the time of a Data Breach for an additional cost.

a. A “Record” is a collection of data elements, including but not limited to name in any combination with address, email address, Social Security number, account numbers, or date of birth, that identifies a single consumer whose information has been lost or stolen in a Data Breach. For example, an account may be made up of more than one record if there are multiple consumers named on the account. On the other hand, a consumer may have more than one account that is compromised in a single Data Breach but it constitutes only one compromised Record. Closed or inactive accounts also constitute Records at risk.
b. “Identity Theft” is defined as fraud that involves the use of any combination of an Affected Individual's name, address, date of birth, Social Security number, bank or credit/debit card account number, or other identifying information without the knowledge of the Business Member, and such information is used to commit fraud or other crimes. Only Identity Theft incidents that are discovered and reported during the Benefits Period will be covered by the Services.
c. THE SERVICES DO NOT INCLUDE CREDIT COUNSELING OR REPAIR TO CREDIT THAT HAS NOT BEEN AFFECTED BY FRAUD OR IDENTITY THEFT.
d. Following a Data Breach, the Business Member shall make available a list of names and certain other minimal identifying information of persons in the Covered Group so that NXG may pre-register those persons who may seek Services under this Agreement. At the time that Identity Theft occurs, the Business Member or its designated representative may be asked to further validate the Affected Individuals eligibility in writing if it cannot be clearly determined whether the Affected Individual is entitled to the Services.

NXG utilizes one or more providers to deliver the Services to Business Members (“Service Providers”). NXG, FOR ITSELF AND ITS SERVICE PROVIDERS, MAKES NO EXPRESS, IMPLIED OR STATUTORY REPRESENTATIONS, WARRANTIES, OR GUARANTEES IN CONNECTION WITH THE SERVICES, RELATING TO THE QUALITY, SUITABILITY, TRUTH, ACCURACY OR COMPLETENESS OF ANY INFORMATION OR MATERIAL CONTAINED OR PRESENTED IN THE SERVICES, NOR IMPLIED WARRANTIES ARISING OUT OF COURSE OF PERFORMANCE, COURSE OF USAGE, OR OTHERWISE IN CONNECTION WITH ANY SERVICE OR SOLUTION. NXG DOES NOT WARRANT THAT THE SERVICES SHALL OPERATE ERROR-FREE OR UNINTERRUPTED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES, AND ANY INFORMATION OR MATERIAL CONTAINED OR PRESENTED THROUGH THE SERVICES, ARE PROVIDED TO YOU ON AN “AS IS,” “AS AVAILABLE” AND “WHERE-IS” BASIS WITH NO WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD-PARTY RIGHTS. NXG DOES NOT OFFER ANY WARRANTY OF ANY KIND REGARDING THIRD PARTY DATA, SOFTWARE, SYSTEMS OR OTHER TECHNOLOGY. THE INFORMATION PROVIDED IN THE FULFILLMENT OF THE DATA BREACH SERVICES SHOULD NOT BE CONSIDERED LEGAL ADVICE.

7. The Data Breach Services are non-transferable and non-cancelable by the Business Member and have no cash equivalent. There is no fee for the Services, whether accessed by the Business Member or not, but additional optional services may include a fee. NXG cannot be held responsible for failure to provide or for delay in providing Data Breach Services when such failure or delay is caused by conditions beyond its control.

8. The Data Breach Services do not cover financial losses of any kind arising from any Data Breach Incident. The successful completion of the Data Breach Services described herein depends on the cooperation of the Business Member.

9. The Data Breach Services may be refused or terminated if it is deemed that the Business Member is committing fraud or other illegal acts, making untrue statements, or failing to perform his/her responsibilities as part of the Services, or has obtained the Services knowingly without meeting the Eligibility Requirement. The Services will not be refused or terminated due to the complexity of a Data Breach.

Privacy Policy

Report abuse