|
program files,and databases.These data and information are confidential when they define •
<br /> an Individual or an employing unit er when the disclosure is restricted or prohibited by any
<br /> provision of law. Confidential Information requires special precautions to protect It from
<br /> unauthorized use, access,disclosure,modification,and destruction,The sources of
<br /> Information may include, but are notlimited to,the EDD,the California Department of
<br /> Social Services,the California Department of Education,the California Department of
<br /> Corrections and Rehabilitation,the County Welfare Department(s), the County IV-0 Directors
<br /> Office of Child.Support,the Office of the District Attorney,the California Department of
<br /> Mental Health,the California Office of Community Colleges and the Department of Alcohol and
<br /> Drug Programs.
<br /> The Pass-through Entity and Subrecipient agree that: •
<br /> a. Each party shall keep all Information that Is exchanged between them In the.striotest
<br /> confidence and makesuch Information available to their own employees only on a
<br /> "need-to-know"basis,
<br /> N Each-party-s hal'rprovide secu ity suflctent to ensure protection of confidential
<br /> information from improper use and disclosures,Including sufiicient'administrative, •
<br /> physical,.and technical safeguards to protect this Information from reasonable •
<br /> unanticipated threats to the.security pr confidentiality of the Information,
<br /> a,The Subreciplent agrees that information obtained-under this subgrant agreement will
<br /> not be reproduced, published,sold or released in original or in any other form for
<br /> any purpose other than those.specifically Identified in this agreement.
<br /> 1. Aggregate Summaries: All reports and/or publications developed by the
<br /> Subreclpient based on data obtained under this agreement shall contain •
<br /> confidential data in aggregated or statistical summary form only."Aggregated"
<br /> refers to.a data output that does not allow Identlfioation of an€ndividual or
<br /> employer unit,
<br /> 2. Publication: Prior to publication;Subrecipient shall carefully analyze
<br /> aggregated.data outputs to ensure the Identity of individuals and/or employer
<br /> units cannot be Interred pursuant to California Unemployment Insurance Code •
<br /> •
<br /> Section 1094(c). Personal Identifiers-must be removed.Geographic identifiers
<br /> should be specified only In large areas and as needed,and variables should be.
<br /> recorded in order to protect confidentiality.
<br /> 3. Minimum Data Cell Size:The.minimum date cell size or derivation thereof shall •
<br /> be three participants for any data table released to outside parties or to the.
<br /> public.
<br /> d, Each party agrees that no disaggregate data,identifying'individuals or employers,
<br /> shall be released to outside parties or the public.
<br /> •
<br /> e.The Subreciplent shall notify Pass-through Entity's Information Security Office of
<br /> any actual or attempted Information security Incidents,within 24 hours of initial
<br /> detection, by telephone at(916)654-6231. Information.securityincidents include,
<br /> but are not limited to,any event(Intentional or unintentional),that.causes the
<br /> loss,damage,or destruction,or unauthorized access,use, modification,or
<br /> disclosure of information assets.
<br /> The Subreciplent shall cooperate with the Pass-through Entity in any Investigation
<br /> of security Incidents,the system or device affected by an information security •
<br /> Incident and containing confidential data obtained in the administration of this
<br /> program shall be immediately removed.from operation upon confidential data exposure
<br /> or a known security breach. It shall remain removed from operation until correction
<br /> and mitigation measures are applied. If the Subrecipient learns of a breach in the
<br /> security of the system which contains confidential data obtained under this
<br /> Subgrant,then the Subreciplent must provide notification to Individuals.pursuant
<br /> to California Civil Code Section 1798.82,
<br /> •
<br /> The Subrecipient shall be responsible for all costs Incurred by the Pass-through •
<br /> Entity due to a security incident resulting from the Subreoiplent's failure to
<br /> • perform er negligent acts of its personnel,and resulting fn an unauthorized •
<br /> disclosure, release,access, review,or destruction: or loss,theft or misuse of •
<br /> an information asset.if the Subrecipient experiences a loss or breach of data,
<br /> Page 14 Of 16
<br />
|