Laserfiche WebLink
iv. Safeguarding Data Including Personally Identifiable Information <br />Applicant's submitting proposals-in response to this SGA must recognize that confidentiality of sensitive data is of . <br />paramount importance to the Department of Labor and must be observed except where disclosure is allowed by the prior <br />written approval of the Grant Officer or by court order. By submitting a proposal, Grantees are assuring that all data <br />exchanges conducted through or during the - course of performance of this grant will be conducted in a manner consistent <br />with applicable Federal law. All such activity conducted by ETA and /or Grantee /s will be,performed in, a manner consistent <br />with applicable state and Federal laws. <br />By submitting a grant proposal, the applicant agrees to take all necessary steps to protect such confidentiality by <br />complying with the following provisions that are applicable in governing their handling of confidential information: <br />1. Grantees shall not extract information'from data supplied by DOUETA for any purpose not stated in the SGA. <br />2. Grantees shall retain data received from DOUETA only for the period of <br />time required to utilize it for assessment and other purposes, or to satisfy applicable federal records retention <br />requirements, if any. Thereafter, the Grantee agrees that all data will be destroyed, including the degaussing of <br />magnetic tape files and permanent deletion of electronic data. <br />3. Grantees shall ensure that any information used during the performance of this Grant has been obtained and is <br />being transmitted In conformity with applicable Federal and state laws governing the confidentiality of information. <br />Information - transmitted to DOUETA containing sensitive information including personally identifiable information <br />(1311) must be encrypted using National. Institute of Standards and Technology (NIST) Federal Information <br />Processing Standards (FIPS) 140 -2 validated-products. The encrypted information must'be encrypted in a form <br />that would allow the receiver of the information to decrypt the information without installing additional software or <br />tools. <br />4. Access to any information created by DOUETA shall be restricted to only those employees of the Grant recipient <br />who need it in their official capacity to perform duties in connection with the Scope of Work outlined in this SGA. <br />5. Grantee employees and other personnel who will have access to sensitive /confidential /proprietary /private data <br />shall be advised of the confidential nature of the information, the safeguards required to protect the information, <br />and the civil and criminal sanctions for noncompliance with such safeguards that are contained in Federal and <br />state laws. <br />6. Prior to being able to have access to confidential data, Grantee employees and other personnel shall execute a <br />standard document acknowledging their understanding of the confidential nature of the data and the safeguards <br />with which they must comply in their handling of such data as well as the fact that they may be liable to civil and <br />criminal sanctions for improper disclosure. <br />7. Grantees further acknowledge that all data obtained through DOUETA shall be stored in an area that is physically <br />safe from access by unauthorized persons at all times and the data will be processed using grantee issued <br />equipment, managed information, technology (IT) services, and designated locations approved by DOUETA. <br />Accessing, processing, and storing of DOUETA data on personally owned equipment, at off -site locations e.g. <br />employee's home, and non - Grantee managed IT services e.g, yahoo mail, is strictly prohibited unless approved <br />by DOUETA. <br />8. All data shall be processed in a manner that will protect the confidentiality of the records /documents and is <br />designed to prevent unauthorized persons from retrieving such records by computer, remote terminal or any other <br />means. Data may be downloaded to, or maintained on, mobile or portable devices only if the data are encrypted <br />using NIST FIPS 140 -2 validated products. In addition, wage data may only be accessed.from secure locations. <br />9. Data obtained by the Grantee through a request shall not be disclosed to third <br />partie's except as permitted by the Grant Officer. <br />10. Grantees shall permit ETA to make onsite inspections during regular business hours <br />for the purpose of conducting audits and /or to conduct other investigations to assure that the Grantee is <br />complying with the confidentiality requirements described abbve. In accordance with this responsibility, Grantees <br />shall make records applicable to this Agreement available to authorized persons for the purpose of inspection, <br />review, and /or audit. <br />11. Grantees shall take the steps necessary to ensure the privacy of all PH obtained <br />from participants and /or other individuals and to protect such information from disclosure to unauthorized <br />individuals. Grantees shall maintain such PII in accordance with the DOL /ETA standards for information security <br />provided herein, including any updates to such standards provided to the Grantee by DOUETA. Grantees shall <br />report immediately to the DOL ETA Information Security Officer (ISO) any suspected or confirmed breaches or <br />compromise of PH obtained from participants and /or other individuals, <br />4111_dI1I1 <br />