|
WIA SUBGRANT AGREEMENT
<br />Exhibit BB
<br />Subgrantee: SANTA ANA WORK CENTER Page 12 of 14
<br />SUBGRANT NO: R970558
<br />MODIFICATION N0: NEW
<br />County IV-D Directors Office of Child Support, the Office of the District Attorney, the
<br />California Department of Mental Health, the California Office of Community Colleges, the
<br />Department of Alcohol and Drug Programs, and individuals requesting program services.
<br />The Subgrantor and Subgrantee agree that:
<br />a). Each party shall keep all confidential information that is exchanged between them in the
<br />strictest confidence and make such information available to theiz own employees only on a
<br />"need-to-know" basis.
<br />b). Each party shall provide security sufficient to ensure protection of confidential information from
<br />improper use and disclosures, including aufficiAnt administrative, physical, and technical
<br />safeguards to protect this information from reasonable unanticipated threats to the security
<br />or confidentiality of the information.
<br />c). The Subgrantee agrees that information obtained under this subgrant agreement will not be
<br />reproduced, published, sold or released in original or in any other form for any purpose other
<br />than those specifically identified in this agreement.
<br />i. Aggregate Summaries: All reports and/or publications developed by the Subgrantee based on data
<br />obtained under this agreement shall contain confidential data in aggregated or statistical
<br />summary form only. "Aggregated" refers to a data ouput that does not allow identification of
<br />an individual or employer unit.
<br />ii. Publication: Prior to publication, Subgrantee shall carefully analyze aggregated data outputs to
<br />ensure the identity of individuals and/or employer unite cannot be inferred pursuant to
<br />Unemployment Insurance Code section 1094(c). Personal identifiers must be removed. Geographic
<br />identifiers should be specified only in large areas and as needed, and variables should be
<br />recorded in order to protect confidentiality.
<br />iii. Minimum Data Cell Size: The minimum data cell size or derivation thereof shall be three
<br />participants for any data table released to outside parties or to the public.
<br />d). Each party agrees that no disaggregate data, identifying individuals or employers, shall be
<br />released to outside parties or to the public.
<br />e}, The Subgrantee shall notify Subgrantor's.Information Security Office of any actual or attempted
<br />information security incidents, within 24 hours of initial detection, by telephone at
<br />(916) 654-6231. Information Security Incidents include, but are not limited to, any event
<br />(intentional or unintentional), that causes the loss, damage, or destruction, or unauthorized
<br />access, use, modification, or disclosure of information assets.
<br />The Subgrantee shall cooperate with the Subgrantor in any investigations of security incidents.
<br />The system or device affected by an information security incident and containing confidential
<br />data obtained in the administration of this program shall be immediately removed from operation
<br />upon confidential data exposure or a known security breach. It shall remain removed from
<br />operation until correction and mitigation measures are applied:
<br />If the Subgrantee learns of a breach in the security of the system which contains confidential
<br />data obtained under this Subgrant, then the Subgrantee must provide notification to individuals
<br />pursuant to Civil Code section 1798.82.
<br />f). The Subgrantee shall provide for the management and control of physical access to information
<br />assets (including personal computer systems, computer terminals, mobile computing devices,
<br />and various electronic storage media) used in performance of this Subgrant. This shall include,
<br />but is not limited to, security measures to physically protect data, systems, and workstations
<br />from unauthorized access and malicious activity; the prevention, detection, and suppression of
<br />fires; and the prevention, detection, and minimization of water damage.
<br />g). At no time will confidential data obtained pursuant to this agreement be placed on a mobile
<br />computing device, or on any form of removable electronic storage media of any kind unless the
<br />data are fully encrypted.
<br />h). Each party shall provide its employees with access to confidential information with written
<br />instructions fully disclosing and explaining the penalties for unauthorized use or disclosure
<br />of confidential information found in section 1798.55 of the Civil Code, section 502 of
<br />the Penal Code, section 2111 of the Unemployment Insurance Code, section 10850 of the Welfare
<br />and Institutions Code and other applicable local, state and federal laws.
<br />i). Each party shall (where it is appropriate) store and process information in electronic.
<br />format, in such a way that unauthorized persons cannot reasonably retrieve the information
<br />by means of a computer.
<br />j). Each party shall promptly return to the other party confidential information when its use
<br />ends, or destroy the confidential information utilizing an approved method of destroying
<br />confidential information: shredding, burning, or certified or witnessed destruction.
<br />Magnetic media are to be degaussed or returned to the other party.
<br />55C-17
<br />
|