|
i), Survival
<br />The provisions set forth herein shall survive any termination or expiration of this subgrant agreement or
<br />any project schedule.
<br />20, Confidentiality Requirements
<br />The State of California and the Subgrantee will exchange various kinds of information pursuant to this
<br />subgrant agreement. That information will include data, applications, program files, and databases.
<br />These data and information are confidential when they define an individual or an employing unit.
<br />Confide ce.ial ,information requires special precautions to protect it from unauthorized use, access,
<br />disclosure, modification, and destruction. The sources of information may include, but are not limited
<br />to, the EDD, the California Department of Social Services, the California Department of Education, the
<br />California Department of Corrections and Rehabilitation, the County Welfare Department(s), the County IV-
<br />D Directors Office of Child Support, the Office of the District Attorney, the California Department of
<br />Mental Health, the California Office of Community Colleges and the Department of Alcohol and Drug
<br />Programs, -
<br />The "pass - through" entity and Subgrantee agree that:
<br />a), Each party shall keep all information that is exchanged between them in the strictest confidence and
<br />make much information available to their own employees only on a "need -to- know" basic.
<br />b). Each party shall provide security sufficient to ensure protection of confidential information from
<br />improper use and disclosures, including sufficient administrative, physical, and technical safeguards to
<br />protect this information from reasonable unanticipated threats to the security or confidentiality of the
<br />rnformat.ion,
<br />c). The Subgrantee agrees that information obtained under this subgrant agreement will not be reproduced,
<br />published, sold or released in original or in any other form for any purpose other than those
<br />specifically identified in this agreement,
<br />(1) Aggregate Summaries: All reports and /or publications developed by the Subgrantee based on data
<br />obtained under this agreement shall contain confidential data in aggregated or statistical summary form
<br />only, "Aggregated" refers to a data output that does not allow identification of an individual or
<br />employer unit.
<br />(2) Publication; Prior to publication, Subgrantee shall carefully analyze aggregated data outputs to
<br />ensure the identity of individuals and /or employer units cannot be inferred pursuant to Unemployment
<br />Insurance Code Section 1094(e). Personal identifiers must be removed. Geographic identifiers should be
<br />specified only In large areas and as needed, and variables should be recorded in order to protect
<br />Confidentiality.
<br />(3) Minimum Data Cell Size: The minimum data cell size or derivation thereof shall be three participants
<br />for any data table xeleased to outside parties or to the public.
<br />d). Each party agrees that no disaggregate data, identifying individuals or minelayers, shall be released
<br />to outside parties or the public.
<br />e) . The Subgrantee Shall notify "pass- through" entity's Information Security Office of any actual or
<br />attempted information security incidents, within 24 hours of initial detection, by telephone at (916) 654-
<br />6231, Information Security Incidents include, but are not limited to, any event (intentional or
<br />unintentional), that. causes the loss, damage, or destruction, or unauthorized access, use, modification,
<br />or disclosure of information assets.
<br />The Subgrantee shall cooperate with the ^pacts- through" entity in any investigation of security incidents.
<br />The system or device affected by an information security incident and containing confidential, data
<br />obtained in the administration of this program shall be immediately removed from operation upon
<br />confidential data exposure or a known security breach. It shall remain removed from operation until
<br />correction and mitigation measures are applied,
<br />If the Subgrantee learns of a breach in the security of the syatam which contains confidential data
<br />obtained under this Subgrant, then the Subgrantee must provide notification to individuals pursuant. to
<br />Civil Code Section 1798.82.
<br />f). The Subgrantee shall provide for the management and control of physical access to information assets
<br />(including personal computer systems, computer terminals, mobile computing devices, and various
<br />electronic storage media) used in performance of this Subgrant. This shall include, but is not limited
<br />to, security measures to physically prated data, systems, and workstations from unauthorized access and
<br />malicious activity the. prevention, detection, and suppression of fires; and the prevention, detection,
<br />and minimization of water damage.
<br />g). At no time will confidential data obtained pursuant to this agreement be placed on a mobile computing
<br />device, or on any form of removable electronic .storage media of any kind unless the data are fully
<br />encrypted.
<br />h) . Each party shall. provide its employees with access to confidential. informat'ca with written
<br />instructions fully disclosing and explaining the penalties for unauthorized use or disclosure of
<br />confidential information found in Section 1798,55 of the Civil. Code, Section 502 of the Penal Code,
<br />Section 2111 of the Unemployment Insurance Code, Section 1.0850 of the Welfare and lnctitutions Code and
<br />other applicable local, state and federal laws.
<br />i). Each party shall ( %Ilxems iL is appropriate) atone and process information in electronic format, in
<br />such a way that unauthorized persons Cannot reasonably retrieve the information by means of a computer.
<br />i). Each party shall promptly return to the other party confidential information When its use ends, or
<br />destroy the confidential information utilizing an approved method of destroying confidential informati.cn:
<br />shredding, burping, or certified or witnessed destruction. Magnetic media are to be degsnsmed or
<br />returned to the other party.
<br />k) . If the °pass- thrcughP entity or Subgrantee enters into an agreement with a third party to provide
<br />WIOA services, the "pass- through" entity or Subgrantee agrees to inolude tines data and security and
<br />confidentiality requiiremento in the agreement With that third party. In no event shall said information
<br />be disclosed to any individual outside of that third party's authorized staff, subcontractor(s), service
<br />providers, or employees.
<br />1) . The Subgrantee may, in its operation of the America's ,lob Center of California (A.ICC), permit an ASCC
<br />Oporitor to enter into a subcontract to manage confidential information. This subcontract may allow an
<br />individual to register for resume- distribution mervices at the same time the individual enrolls in
<br />CalSCSS, Subgrantee shall, enters that all Such subcontracts comply with the .intellectual property
<br />requirements of paragraph 19 of this Subgrant, de confidentiality requirements of paragraph 20 of this
<br />subgrant and any other terms of this Subgrant that may be applicable. In addition, the fallowing
<br />Page 12 of 13
<br />55A -18
<br />
|