Laserfiche WebLink
WIA SUBGRANT AGREEMENT <br />Subgrantee: SANTA ANA WORK CENTER Exhibit BB <br />Page 13 of Lk <br />SUBGRANT NO: K491039 , <br />MODIFICATION NO: NEW <br />confidential information: shredding, burning, or certified or witnessed destruction. <br />Magnetic media are to be degaussed or returned to the other party. <br />k;. if the Subgrantor or Subgrantee enters into an agreement with a third party to provide WIA <br />services, the Subgrantor or Subgrantee agrees to include these data and security and <br />confidentiality requirements in the agreement with that third party. In no event shall said <br />information be disclosed to any individual outside of that third party's authorized staff, <br />subcontractor(s), service providers, or employees. <br />1'. The Subgrantee may, in its operation of the One-Stops, permit a one-Stop Operator to enter <br />into a subcontract to manage confidential information. This subcontract may allow an <br />individual to register for resume-distribution services at the same time the individual <br />enrolls in Cd1JOBS. Subgrantee shall ensure that all such subcontracts comply with the <br />intellectual property requirements of paragraph 19 of this Subgrant, the confidentiality <br />requirements of paragraph 20 of this Subgrant and any other terms of this Subgrant that <br />may be applicable. In addition, the following requirements must be included in the <br />subcontracts: <br />(1) All client information submitted over the Internet to the subcontractor's databases <br />must be protected, at a minimum, by 128-bit Secure Socket Layer (SSL) encryption. <br />Clients' social security numbers must be stored in a separate database within the <br />subcontractor's network of servers, and protected by a firewall and a secondary <br />database server firewall or AES data encryption. If a subcontractor receives client <br />social security numbers or other confidential information in the course of business, <br />for example a resume-distribution service that provides enrollment in CalJOBS, social <br />security numbers must be destroyed within two days after the client registers for <br />C'alJOBS. If a subcontractor obtains confidential information as an agent of the <br />subgrantee, the subcontract must specifically state the purpose for the data collection <br />and the term of records retention must be stated, and directly related, to the purpose <br />and use of the information. In accordance wiht 29 Code of Federal Regulations 97.42, <br />social security numbers and other client specific information shall not be retained for <br />more than three years after a client completes services. The subgrantee should extend <br />this period, only if any litigation, claim, negotiation, audit, or other action <br />involving the records has been started before the end of the the three-year retention <br />period. In this case the records should be maintained until completion of the action <br />and resolution of all issues arising fron it, or until the close of the three-year <br />retention period, whichever is later. (29 CFR sec. 97.42 (b)(2).) <br />;2) Client information (personal information that identifies a client such as name and <br />social security number) and/or demographic information of a client ;such as wage <br />history, address, and previous employment) shall not be used as a basis for commercial <br />solicitation during the time the client or agency is using the subcontractor's services. <br />Client information and/or demographic information shall not be used for any purposes <br />other than those specific program purposes set forth in the subcontract. <br />l3) A One-Stop client must still be given the option to use the one-stop's services, <br />including CalJOBS, even if he or she chooses not to use any services of the <br />subcontractor. This option shall be prominently, clearly, and immediately communicated <br />to the client upon registration within the One-Stop or for CaIJOBS, the subcontractor's <br />resume-distribution services, or any other services subcontractor offers to the client <br />or the One-Stop Operator. <br />(4) The subcontractor must clearly disclose all of its potential and intended uses of <br />the client's personal and/or demographic information for the services the clients <br />seeks and for any other services the subcontractor offers. The subcontractor shall <br />not use a client's personal and/or demographic information without the client's <br />prior permission. A link to the subcontractor's Privacy Policy shall appear prominently <br />on the registration screens that list the potential and intended uses of the client's <br />personal and/or demographic information. <br />;5) When the Subgrantor modifies State automated systems such as the State Cd1JOBS System, <br />it shall provide reasonable notice of such changes to the Subgrantee. The Subgrantee <br />shall be responsible to communicate such changes to the One-Stop Operator(s) in the <br />local area. <br />m). Each party shall designate an employee who shall be responsible for overall security and <br />confidentiality of its data and information systems and each party shall notify the other <br />of any changes in that designation. As of this date, the following are those individuals: <br />FOR THE SUBGRANTOR <br />Name: Art. O'Neal <br />Title: Section Manager <br />Address: P.O. Box 826880, MIC 69 <br />Sacramernto, CA 94280-0001 <br />Telephone: .916) 654-9699 <br />55B-20