Laserfiche WebLink
EDD Agreement Number: M0113589 <br />EDD/SAPD <br />Customer Codes: E00663 <br />Page 2 of 3 <br />EXHIBIT D <br />(Standard Agreement) <br />g. Notify the EDD Information Security Office (ISO) at (916) 664-6231, immediately upon discovery, that <br />there may have been a breach in security which has or may have resulted in compromise to the <br />confidential information. For purposes of this section, immediately is defined within 24 hours of <br />discovery of the breach. The notification shall be by phone and email. It is not sufficient to simply <br />leave a message. The notification must include a detailed description of the incident (such as time, <br />date, location, and circumstances) and Identify responsible personnel (name, title and contact <br />information). The verbal notification shall be followed with an email notification to <br /><I nformationSecurityOffice@edd. ca. gov>. <br />II. MANAGEMENT SAFEGUARDS <br />a. Acknowledge that the confidential Information obtained by SAPD under this Agreement remains the <br />property of the EDD. <br />b. Instruct all personnel assigned to work with the information provided under this Agreement regarding <br />the following: <br />• Confidential nature of the EDD Information. <br />• Requirements of this Agreement. <br />• Sanctions specified in federal and state unemployment compensation laws and any other relevant <br />statutes against unauthorized disclosure of confidential information provided by the EDD. <br />c. Require that all personnel assigned to work with the information provided by the EDD complete the EDD <br />Confidentiality Agreement (Attachment D1): <br />d. Return the following completed documents to the EDD Contract Services Group: <br />o The EDD Indemnity Agreement (Attachment D2): Required to be completed by the <br />SAPD Chief Financial Officer or authorized Management Representative, unless SAPD <br />is a State Agency. <br />o The EDD Statement of Responsibility Information Security Certification (Attachment D3): <br />Required to be completed by the Information Security Officer or authorized Management <br />Representative. <br />e. Permit the EDD to make on -site inspections to ensure that the terms of this Agreement are being met. <br />Make available to the EDD staff, on request and during on -site reviews, copies of the EDD <br />Confidentiality Agreement (Attachment D1) completed by personnel assigned to work with the EDD's <br />confidential information, and hereby made a part of this Agreement. <br />f. Maintain a system of records sufficient to allow an audit of compliance with the requirements under <br />subsection (d) of this part. Permit the EDD to make on -site inspections to ensure that the requirements <br />of federal and state privacy, confidentiality and unemployment compensation statutes and regulations <br />are being met including but not limited to Social Security Act §t 137(a)(5)(r3). <br />Ill. USAGE, DUPLICATION, AND REDISCLOSURE SAFEGUARDS <br />a. Use the EDD's confidential information only for purposes specifically authorized under this Agreement. <br />The information is not admissible as evidence in any action or special proceeding except as provided <br />under section §1094(b) of the UIC. Section 1095(u) of the UIC does not authorize the use of the EDD's <br />confidential information by any private collection agency. <br />b. Extraction or use of the EDD information for any purpose outside the purposes stated in this Agreement <br />is strictly prohibited. The information obtained under this Agreement shall not be reproduced, published, <br />sold, or released in original or any other form not specifically authorized under this Agreement. <br />Confidentiality Requirements STD. [Rev 03108/2016j <br />