|
W1A SDBGRANT AGREMS T
<br />Subgrantee: SANTA ANA WORK CSNTSA Exhibit an
<br />page 12 of la
<br />SUSORANT ND: 094782
<br />N.ODIPICATION N0: NEW
<br />Development Department, the California Department of Social Services, the California Department
<br />of Education, the California Department of Corrections, the County Welfare Department (a), the
<br />County IV -D Directors Office of Child Support, the Office of the District Attorney, the
<br />California Department of Mental Health, the California office of Community Colleges, the
<br />Department of Alcohol and Drug Programs, and individuals requesting program services.
<br />The Subgrantor and Subgrantee agree that:
<br />a). Each party shall keep all confidential information that is exchanged between them in the
<br />strictest confidence and make such information available to their own employees mly on a
<br />"need -to-know- basis.
<br />b). Each party e1ma'_1 provide security sufficient to ensure protection of confidential information from
<br />improper use and disclosures, including sufficient administrative, physical, and technical
<br />safeguards to protect this information from reasonable unanticipated threats to the security
<br />or confidentiality of the information.
<br />c) . Tee Subgrantee agrees that information obtained under this subgrant agreement will not be
<br />reproduced, published, sold or released In original or in any other form for any purpose other
<br />than those specifically identified in this agreement.
<br />1. Aggregate Summeries: All reports and /or publications developed by the Subgrantee based on data
<br />obtained under this agreement shall contain confidential data in aggregated or etatistical
<br />summary form only. 'Aggregated- refera to a data ouput that does not allow identification of
<br />an individual or employer unit.
<br />ii. Publication: Prior to publication, Subgrantee shall carefully analyze aggregated data outputs to
<br />ensure the identity of individuals and /or employer units cannot be inferred pursuant to
<br />Omemploymeat Insurance Code section 1094 to) . personal identifiers must be removed. Geographic
<br />identifiers should be specified only in large areas and as needed, and variables should be
<br />recorded in order to protect confidentiality.
<br />iii. Minimum Data Call Size: The minimum data cell size or derivation thereof shall be three
<br />participants for any data table released to outside parties or to the public.
<br />d). Each party agrees that no disaggregate data, identifying individuals or employers, shall be
<br />released to outside parties or to the public.
<br />e). The Subgrantee shell notify Subgrantor's Information Security Office of any actual or attempted
<br />information security incident$, within 24 hours of initial detection., by telephone at
<br />(916) 654 -6231. Information Security Incidents include, but are not limited ho, any event
<br />(intertional or unintentional), that causes the lose, damage, or destruction, or •unauthorized
<br />access, use, modification, or disclosure of information assets.
<br />The Subgrantee shall cooperate with the Subgranter in any investigations of security incidents.
<br />The system or device affected by an information security incident and containing confidential
<br />data obtained in the administration of this program shall be immediately removed from operation
<br />upon confidential data exposure or a known security breach. It shall remain removed from
<br />operation until correction and mitigation measures are applied.
<br />If the Subgrantee learns of a breach in the security of the system which contains confidential
<br />data obtained under this Subgrant, then the Subgrantee most provide notification to individuals
<br />pursuant to Civil Code section 1798.92.
<br />f) . The Subgrantee shall provide for the management and control of physical access to information
<br />assets (including personal computer systems, computer terminals, mobile computing devices,
<br />and various electronic storage mad'-a) used in performance of this Subgrant. This shall include,
<br />but is not limited to, security measures to physically protect data, systems, and workstations
<br />from unauthorized access and malicious activity; the prevention, detection, and suppression of
<br />fires; and the prevention, detection, and minimization of water damage.
<br />g) At no time will confidential data obtained pureusnt to this agreement be placed on a while
<br />computing device, or on any form of removable electronic storage media of any kind unless the
<br />data are fully encrypted.
<br />!i). each party shall provide its employees with access to confidential information with written
<br />instructione fully disclosing and explaining the penalties for unauthorized use or discloaure
<br />of confidential information found in faction 1798.55 of the Civil Code, section 582 of
<br />the Penal Code, section 2111 of the Unemployment Insurance Code, section 1095) of the welfare
<br />and Institutions Code and other applicable local, state and = aces- lawa.
<br />11. Each party shall (where it is appropriate) store and process information in electronic
<br />format, in such a way that unauthorized persons cannot reasona,,y retri.eve the information
<br />by means of a computer.
<br />1). F.arh party shall promptly return to the other party confidential information when its use
<br />ends, or destroy the confidential information utilizing an approved method of destroying
<br />55B -18
<br />
|