Laserfiche WebLink
The Subrecipient shall be responsible for all costs incurred by the Pass-through <br /> Entity due to a security incident resulting from the Subrecipient's failure to <br /> perform or negligent acts of its personnel, and resulting in an unauthorized <br /> disclosure, release, access, review, or destruction; or loss, theft or misuse of <br /> an information asset. If the Subrecipient experiences a loss or breach of data, <br /> the Subrecipient shall immediately report report the loss or breach to the Pass- <br /> through Entity. If the Pass-through Entity determines that notice to the <br /> individuals whose data has been lost or breached is appropriate, the Subrecipient <br /> will bear any and all costs associated with the notice or any mitigation selected <br /> by the Pass-through Entity. These costs include, but are not limited to, staff <br /> time, material costs, postage, media announcements, and other identifiable costs <br /> associated with the breach or loss of data. <br /> f. The Subrecipient shall provide for the management and control of physical access to <br /> information assets (including personal computer systems, computer terminals, mobile <br /> computing devices, and various electronic storage media) used in performance of this <br /> Subgrant. This shall include, but is not limited to, security measures to physically <br /> protect data, systems, and workstations from unauthorized access and malicious <br /> activity; the prevention, detection, and suppression of fires; and the prevention, <br /> detection, and minimization of water damage. <br /> g. At no time will confidential data obtained pursuant to this agreement be placed on a <br /> mobile computing device, or on any form of removable electronic storage media of any <br /> kind unless the data are fully encrypted. <br /> h. Each party shall provide its employees with access to confidential information with <br /> written instructions fully disclosing and explaining the penalties for unauthorized <br /> use or disclosure of confidential information found in Section 1798.55 of the <br /> California Civil Code, Section 502 of the California Penal Code, Section 2111 of the <br /> California Unemployment Insurance Code, Section 10850 of the California Welfare and <br /> Institutions Code and other applicable local, state and federal laws. <br /> i. Each party shall (where it is appropriate) store and process information in <br /> electronic format, in such a way that unauthorized persons cannot reasonably retrieve <br /> the information by means of a computer. <br /> j. All Subrecipient staff and subcontractors that are provided access to any data <br /> systems of the Pass-through Entity, excluding CalJOBS, are required to complete <br /> and sign an Employee Confidentiality Statement (DE 7410). <br /> k. Each party shall promptly return to the other party confidential information when <br /> its use ends, or destroy the confidential information utilizing an approved method of <br /> destroying confidential information: shredding, burning, or certified or witnessed <br /> destruction. Magnetic media are to be degaussed or returned to the other party. <br /> l. If the Pass-through Entity or Subrecipient enters into an agreement with a third <br /> party to provide WIOA services, the Pass-through Entity or Subrecipient agrees to <br /> include these data and security and confidentiality requirements in the agreement <br /> with that third party. In no event shall said information be disclosed to any <br /> individual outside of that third party’s authorized staff, subcontractor(s), service <br /> providers, or employees. <br /> m. The Subrecipient may, in its operation of the America's Job Center of California <br /> (AJCC), permit an AJCC Operator to enter into a subcontract to manage confidential <br /> information. This subcontract may allow an individual to register for resume <br /> distribution services at the same time the individual enrolls in CalJOBS. <br /> Subrecipient shall ensure that all such subcontracts comply with the intellectual <br /> property requirements of this subgrant agreement, the confidentiality requirements of <br /> this subgrant agreement and any other terms of this subgrant agreement that may be <br /> applicable. In addition, the following requirements must be included in the <br /> subcontracts: <br /> 1. All client information submitted over the internet to the subcontractor's <br /> databases must be protected, at a minimum, by 128-bit Secure Socket Layer (SSL) <br /> encryption. Clients' social security numbers must be stored in a separate <br /> database within the subcontractor's network of servers, and protected by a <br /> firewall and a secondary database server firewall or AES data encryption. If a <br /> subcontractor receives client social security numbers or other confidential <br /> information in the course of business, for example a resume-distribution service <br />Page 15 of 16