Laserfiche WebLink
WIA SUBGRANT AGREEMENT <br />Subgrantee: SANTA ANA WORK CENTER Exhibit BB <br />Page 12 of 14 <br />SUBGRANT NO: K386318 <br />N,ODIFICATION NO: NEW <br />Development Department, the California Department of Social Services, the California Department <br />of Education, the California Department of Corrections, the County Welfare Department(s), the <br />County IV-D Directors Office of Child Support, the Office of the District Attorney, the <br />California Department of Mental Health, the California Office of Community Colleges, the <br />Department of Alcohol and Drug Programs, and individuals requesting program services. <br />The Subgrantor and Subgrantee agree that: <br />a). Each party shall keep all confidential information that is exchanged between them in the <br />strictest confidence and'make such information available to their own employees only on a <br />"need-to-know" basis. <br />b). Each party shall provide security sufficient to ensure protection of confidential information from <br />improper use and disclosures, including sufficient administrative, physical, and technical <br />safeguards to protect this information from reasonable unanticipated threats to the security <br />or confidentiality of the information. <br />c). The Subgrantee agrees that information obtained under this subgrant agreement will not be <br />reproduced, published, sold or released in original or in any other form for any purpose other <br />than those specifically identified in this agreement. <br />Aggregate Summaries: All reports and/or publications developed by the Subgrantee based on data <br />obtained under this agreement shall contain confidential data in aggregated or statistical <br />summary form only. "Aggregated" refers to a data ouput that does not allow identification of <br />an individual or employer unit. <br />ii. Publication: Prior to publication, Subgrantee shall carefully analyze aggregated data outputs to <br />ensure the identity of individuals and/or employer units cannot be inferred pursuant to <br />Umemployment Insurance Code section 1094(c). Personal identifiers must be removed. Geographic <br />identifiers should be specified only in large areas and as needed, and variables should be <br />recorded in order to protect confidentiality. <br />iii. Minimum Data Cell Size: The minimum data cell size or derivation thereof shall be three <br />participants for any data table released to outside parties or to the public. <br />d). Each party agrees that no disaggregate data, identifying individuals or employers, shall be <br />released to outside parties or to the public, <br />e). The Subgrantee shall notify Subgrantor's Information Security Office of any actual or attempted <br />information security incidents, within 24 hours of initial detection, by telephone at <br />(916) 654-6231. Information Security Incidents include, but are not limited to, any event <br />(intentional or unintentional), that causes the loss, damage, or destruction, or unauthorized <br />access, use, modification, or disclosure of information assets. <br />The Subgrantee shall cooperate with the Subgrantor in any investigations of security incidents. <br />The system or device affected by an information security incident and containing confidential <br />data obtained in the administration of this program shall be immediately removed from operation <br />upon confidential data exposure or a known security breach. It shall remain removed from <br />operation until correction and mitigation measures are applied. <br />If the Subgrantee learns of a breach in the security of the system which contains confidential <br />data obtained under this Subgrant, then the Subgrantee must provide notification to individuals <br />pursuant to Civil Code section 1798.82. <br />f). The Subgrantee shall provide for the management and control of physical access to information <br />assets (including personal computer systems, computer terminals, mobile computing devices, <br />and various electronic storage media) used in performance of this Subgrant. This shall include, <br />but is not limited to, security measures to physically protect data, systems, and workstations <br />from unauthorized access and malicious activity; the prevention, detection, and suppression of <br />fires; and the prevention, detection, and minimization of water damage. <br />g). At no time will confidential data obtained pursuant to this agreement be placed on a mobile <br />computing device, or on any form of removable electronic storage media of any kind unless the <br />data are fully encrypted. <br />h). Each party shall provide its employees with access to confidential information with written <br />instructions fully disclosing and explaining the penalties for unauthorized use or disclosure <br />of confidential information found in section 1798.55 of the Civil Code, section 502 of <br />the Penal Code, section 2111 of the Unemployment Insurance Code, section 10850 of the Welfare <br />and institutions Code and other applicable local, state and federal laws. <br />i). Each party shall (where it is appropriate) store and process information in electronic <br />format, in such a way that unauthorized persons cannot reasonably retrieve the information <br />by means of a computer, <br />j). Each party shall promptly return to the other party confidential information when its use <br />ends, or destroy the confidential information utilizing an approved method of destroying <br />55A-19