Laserfiche WebLink
EDD Agreement Number: M0113589 <br />EDD/SAPD <br />Customer Codes: E00663 <br />Page 2 of 3 <br />EXHIBIT D <br />(Standard Agreement) <br />Notify the EDD Information Security Office (ISO) at (916) 654-6231, immediately upon discovery, that <br />there may have been a breach in security which has or may have resulted in compromise to the <br />confidential information. For purposes of this section, immediately is defined within 24 hours of <br />discovery of the breach. The notification shall be by phone and email. It is not sufficient to simply <br />leave a message. The notification must include a detailed description of the incident (such as time, <br />date, location, and circumstances) and identify responsible personnel (name, title and contact <br />information). The verbal notification shall be followed with an email notification to <br /><i nformationSecurityOffice@edd.ca.gov>. <br />II. MANAGEMENT SAFEGUARDS <br />a. Acknowledge that the confidential information obtained by SAPID under this Agreement remains the <br />property of the EDD. <br />b. Instruct all personnel assigned to work with the information provided Linder this Agreement regarding <br />the following: <br />• Confidential nature of the EDD Information. <br />• Requirements of this Agreement. <br />• Sanctions specified in federal and state unemployment compensation laws and any other relevant <br />statutes against unauthorized disclosure of confidential information provided by the EDD. <br />c. Require that all personnel assigned to work with the information provided by the EDD complete the EDD <br />Confidentiality Agreement (Attachment D1): <br />d. Return the following completed documents to the EDD Contract Services Group: <br />o The EDD Indemnity Agreement (Attachment 132): Required to be completed by the <br />SAPD Chief Financial Officer or authorized Management Representative, unless SAPD <br />is a State Agency. <br />a The EDD Statement of Responsibility information Security Certification (Attachment D3): <br />Required to be completed by the Information Security Officer or authorized Management <br />Representative. <br />e. Permit the EDD to make on -site inspections to ensure that the terms of this Agreement are being met. <br />Make available to the EDD staff, on request and during on -site reviews, copies of the EDD <br />Confidentiality Agreement (Attachment D1) completed by personnel assigned to work with the EDD's <br />confidential information, and hereby made a part of this Agreement. <br />f. Maintain a system of records sufficient to allow an audit of compliance with the requirements under <br />subsection (d) of this part. Permit the EDD to make on -site inspections to ensure that the requirements <br />of federal and state privacy, confidentiality and unemployment compensation statutes and regulations <br />are being met including but not limited to Social Security Act §1137(a)(5)(8). <br />III. USAGE, DUPLICATION, AND REDISCLOSURE SAFEGUARDS <br />If <br />a. Use the EDD's confidential information only for purposes specifically authorized under this Agreement. <br />The information is not admissible as evidence in any action or special proceeding except as provided <br />under section §1094(b) of the UIC. Section 1095(u) of the UIC does not authorize the use of the EDD's <br />confidential information by any private collection agency. <br />b. Extraction or use of the EDD information for any purpose outside the purposes stated in this Agreement <br />is strictly prohibited. The information obtained under this Agreement shall not be reproduced, published, <br />sold, or released in original or any other form not specifically authorized under this Agreement. <br />Confidentiality Requirements STD. [Rev 03108/2016] <br />