Laserfiche WebLink
WIA SBBGR.ANT AGREEMENT <br />Subgrantee: SANTA ANA WORK CENTER Exhibit BB <br />Page 13 of 14 <br />SOBGRAVNT NO: K594782 <br />MODIFICATION NO: NEW <br />confidential information: shredding, burning, or certified or witnessed destruction. <br />Magnetic media are to be degaussed or returned to the other party. <br />k) . If the Subgrantor or Subgrantee enters into an agreement with a third party to provide WIA <br />services, the Subgrantor or Subgrantee agrees to include these data and security and <br />confidentiality requirements in the agreement with that third party. In no event shall said <br />information be disclosed to any individual outside of that third party's authorized staff, <br />subcontractor(s), service providers, or employees. <br />The Subgrantee may, in its operation of the One- Stops, permit a One -Stop Operator to enter <br />into a subcontract to manage confidential information. This subcontract may allow an <br />individual to register for resume - distribution services at the same time the individual <br />enrolls in CalJ0B8. Suhgrantee shall ensure that all such subcontracts comply with the <br />intellectual property requirements of paragraph 19 of this Subgrant, the confidentiality <br />requirements of paragraph 20 of this Subgrant and any other terms of this Subgrant that <br />may be applicable. In addition, the following requirements must be included in the <br />subcontracts: <br />(1) All client information submitted over the Internet to the subcontractor's databases <br />must be protected, at a minimum, by 128 -bit Secure Socket Layer (SSL) encryption. <br />Clients' social security numbers must be stored in a separate database within the <br />subcontractor's network of servers, and protected by a firewall and a secondary <br />database server firewall or AES data encryption. If a subcontractor receives client <br />social security numbers or other confidential information in the course of business, <br />for example a resume - distribution service that provides enrollment in CaIaOBS, social <br />security numbers must be destroyed within two days after the client registers for <br />Ce1JO8S. if a subcontractor obtains confidential information as an agent of the <br />subgrantes, the subcontract must specifically state the purpose for the data collection <br />and the term of records retention must be stated, and directly related, to the purpose <br />and use of the information. In accordance wiht 29 Code of Federal Regulations 97.42, <br />social security numbers and other client specific information shall not be retained for <br />more than three years after a client completes services. The subgrantee should extend <br />this period, only if any litigation, claim, negotiation, audit, or other action <br />involving the records has been started before the end of the the three -year retention <br />period. In this case the records should be maintained until completion of the action <br />and resolution of all issues arising fron it, or until the close of the three -year <br />retention period, whichever is later. (29 CPR sec. 97.42 (b)(2).) <br />(2) Client information (personal information that identifies a client such as name and <br />social security number) and /or demographic information of a client (such as wage <br />history, address, and previous employment) shall not be used as a basis for commercial <br />solicitation during the time the client or agency is using the subcontractor's services. <br />Client information and /or demographic information shall not be used for any purposes <br />other than those specific program purposes set forth in the subcontract. <br />(3) A One -Stop client must still be given the option to use the one - stop's services, <br />including Ca1J0BS, even if he or she chooses not to use any services of the <br />subcontractor. This option shall be prominently, clearly, and immediately communicated <br />to the client upon registration within the One -Stop or for Ca1J0BS, the subcontractor's <br />resume - distribution services, or any other services subcontractor offers to the client <br />or the One -Stop Operator. <br />(4) The subcontractor must clearly disclose all of its potential and intended uses of <br />the client's personal and /or demographic information for the services the clients <br />seeks and for any other services the subcontractor offers. The subcontractor shall <br />not use a client's personal and /or demographic information without the client's <br />prior permission. A link to the subcontractor's - Privacy Policy shall appear prominently <br />on the registration screens that list the potential and intended uses of the client's <br />personal and /or demographic information. <br />(5) when the Subgrantor modifies State automated systems such as the State Ca1J0BS System, <br />it shall provide reasonable notice of such changes to the Subgrantee. The Subgrantee <br />shall be responsible to communicate such changes to the one -Stop Operator(s) in the <br />local area. <br />m). Each party shall designate an employee who shall be responsible for overall security and <br />confidentiality of its data and information systems and each party shall notify the other <br />of any changes in that designation. As of this date, the following are those individuals: <br />FOR THE SBBGRIM TOR <br />Name: Cindy Hobart <br />Title: Section Manager <br />Address: P.O. pox 826880, MIC 69 <br />Sacramento, CA 94280 -0001 <br />Telephone: (916) 653 -5955 <br />