Laserfiche WebLink
EXHIBIT 2 <br />individual outside of that third party's authorized staff, subcontractor(s), service <br />providers, or employees. <br />m. The Subrecipient may, in its operation of the America's Job Center of California <br />(AJCC), permit an AJCC Operator to enter into a subcontract to manage confidential <br />information. This subcontract may allow an individual to register for resume <br />distribution services at the same time the individual enrolls in CaIJOBS. <br />Subrecipient shall ensure that all such subcontracts comply with the intellectual <br />property requirements of this subgrant agreement, the confidentiality requirements of <br />this subgrant agreement and any other terms of this subgrant agreement that may be <br />applicable. In addition, the following requirements must be included in the <br />subcontracts: <br />1. All client information submitted over the internet to the subcontractor's <br />databases must be protected, at a minimum, by 128-bit Secure Socket Layer (SSL) <br />encryption. Clients' social security numbers must be stored in a separate <br />database within the subcontractor's network of servers, and protected by a <br />firewall and a secondary database server firewall or AES data encryption. If a <br />subcontractor receives client social security numbers or other confidential <br />information in the course of business, for example a resume -distribution service <br />that provides enrollment in CaIJOBS, social security numbers must be destroyed <br />within two days after the client registers for CaIJOBS. If a subcontractor <br />obtains confidential information as an agent of the Subrecipient, the subcontract <br />must specifically state the purpose for the data collection and the term of <br />records retention must be stated, and directly related, to the purpose and use of <br />the information. Social security numbers and other client specific information <br />shall not be retained for more than three years after a client completes <br />services. <br />2. Client information (personal information that identifies a client such as name <br />and social security number) and/or demographic information of a client (such as <br />wage history, address, and previous employment) shall not be used as a basis for <br />commercial solicitation during the time the client or agency is using the <br />subcontractor's services. Client information and/or demographic information <br />shall not be used for any purposes other than those specific program purposes set <br />forth in the subcontract. <br />3. An AJCC client must still be given the option to use the AJCC's services, <br />including CaIJOBS, even if he or she chooses not to use any services of the <br />subcontractor. This option shall be prominently, clearly and immediately <br />communicated to the client upon registration within the AJCC or for CaIJOBS, the <br />subcontractor's resume -distribution services, or any other services <br />subcontractor offers to the client or the AJCC Operator. <br />4. The subcontractor must clearly disclose all of its potential and intended uses of <br />the client's personal and/or demographic information for the services the client <br />seeks and for any other services the subcontractor offers. The subcontractor <br />shall not use a client's personal and/or demographic information without the <br />client's prior permission. A link to the subcontractor's Privacy Policy shall <br />appear prominently on the registration screens that list the potential and <br />intended uses of the client's personal and/or demographic information. <br />5. When the Pass -through Entity modifies State automated systems such as the State <br />CaIJOBS System, it shall provide reasonable notice of such changes to the <br />Subrecipient. The Subrecipient shall be responsible to communicate such changes <br />to the AJCC Operator(s) in the local area. <br />n. Each party shall designate an employee who shall be responsible for overall security <br />and confidentiality of its data and information systems and each party shall notify <br />the other of any changes in that designation. As of this date, the following are <br />those individuals: <br />Page 13 of 14 <br />