Confidentiality Requirements. The MCWDB and PROVIDER will exchange various kinds of information pursuant to this agreement. That information will include data, applications, program files, and databases. These data and information are confidential when they define an individual or an employing unit. Confidential information requires special precautions to protect it from unauthorized use, access, disclosure, modification, and destruction. The sources of information may include, but are not limited to, the MCWDB, State of California EDD, California Department of Social Services, California Department of Education, California Department of Corrections and Rehabilitation, County Welfare Department(s), County IV-D Directors Office of Child Support, Office of the District Attorney, California Department of Mental Health, California Office of Community Colleges and Department of Alcohol and Drug Programs. The MCWDB and PROVIDER agree that: a. Each party must recognize and safeguard personally identifiable information (PII) and information designated as sensitive in accordance with Uniform Guidance 2 CFR 200.303 – Safeguarding Personally Identifiable Information. PROVIDER must take reasonable measures to safeguard protected PII, as well as any information that the MCWDB designates as sensitive. Both PROVIDER and MCWDB must meet the requirements in Training and Employment Guidance letter (TEGL) 39-11, Guidance on the Handling and Protection of Personally Identifiable Information, located at xxxx://xxx.xxxxxx.xxx/directives/corr_doc.cfm?DOCN=7872. b. Each party shall keep all information that is exchanged between them in the strictest confidence and make sure information available to their respective employees is only on a “need-to-know” basis. c. Each party shall provide security sufficient to ensure protection of confidential information from improper use and disclosures, including sufficient administrative, physical, and technical safeguards to protect this information from reasonable unanticipated threats to the security or confidentiality of the information. d. PROVIDER agrees that information obtained under this agreement will not be reproduced, published, sold or released in original or in any other form for any purpose other than those specifically identified in this agreement.
Appears in 2 contracts
Samples: Cooperative Agreement, Cooperative Agreement
Confidentiality Requirements. The MCWDB State of California and PROVIDER the Subrecipient will exchange various kinds of information pursuant to this agreement. That information will include data, applications, program files, and databases. These data and information are confidential when they define an individual or an employing unit. Confidential information requires special precautions to protect it from unauthorized use, access, disclosure, modification, and destruction. The sources of information may include, but are not limited to, the MCWDB, State of California EDD, the California Department of Social Services, the California Department of Education, the California Department of Corrections and Rehabilitation, the County Welfare Department(s), the County IV-D Directors Office of Child Support, the Office of the District Attorney, the California Department of Mental Health, the California Office of Community Colleges and the Department of Alcohol and Drug Programs. The MCWDB SDWP and PROVIDER Subrecipient agree that:
a. Each party must recognize and safeguard personally identifiable information (PII) and information designated as sensitive in accordance with Uniform Guidance 2 CFR 200.303 – Safeguarding Personally Identifiable Information. PROVIDER must take reasonable measures to safeguard protected PII, as well as any information that the MCWDB designates as sensitive. Both PROVIDER and MCWDB must meet the requirements in Training and Employment Guidance letter (TEGL) 39-11, Guidance on the Handling and Protection of Personally Identifiable Information, located at xxxx://xxx.xxxxxx.xxx/directives/corr_doc.cfm?DOCN=7872.
b. Each party shall keep all information that is exchanged between them in the strictest confidence and make sure such information available to their respective own employees is only on a “need-"need- to-know” " basis.
c. b. Each party shall provide security sufficient to ensure protection of confidential information from improper use and disclosures, including sufficient administrative, physical, and technical safeguards to protect this information from reasonable unanticipated threats to the security or confidentiality of the information.
d. PROVIDER c. The Subrecipient agrees that information obtained under this agreement will not be reproduced, published, sold or released in original or in any other form for any purpose other than those specifically identified in this agreement.
i. Aggregate Summaries: All reports and/or publications developed by the Subrecipient based on data obtained under this agreement shall contain confidential data in aggregated or statistical summary form only. "Aggregated" refers to a data output that does not allow identification of an individual or employer unit.
ii. Publication: Prior to publication, Subrecipient shall carefully analyze aggregated data outputs to ensure the identity of individuals and/or employer units cannot be inferred pursuant to Unemployment Insurance Code Section 1094(c). Personal identifiers must be removed. Geographic identifiers should be specified only in large areas and as needed, and variables should be recorded in order to protect confidentiality.
Appears in 1 contract
Samples: General Provisions Agreement
Confidentiality Requirements. The MCWDB County and PROVIDER Contractor will exchange various kinds of information pursuant to this agreementAgreement. That information will include data, applications, program files, and databases. These data and information are confidential when they define an individual or an employing unit. Confidential information requires special precautions to protect it from unauthorized use, access, disclosure, modification, and destruction. The sources of information may include, but are not limited to, the MCWDBCounty of Merced, State of California EDD, California Department of Social Services, California Department of Education, California Department of Corrections and Rehabilitation, County Welfare Department(s), County IV-D Directors Office of Child Support, Office of the District Attorney, California Department of Mental Health, California Office of Community Colleges and Department of Alcohol and Drug Programs. The MCWDB County and PROVIDER Contractor agree that:
a. Each party must recognize and safeguard personally identifiable information (PII) and information designated as sensitive in accordance with Uniform Guidance 2 CFR 200.303 – Safeguarding Personally Identifiable Information. PROVIDER Contractor must take reasonable measures to safeguard protected PII, as well as any information that the MCWDB County designates as sensitive. Both PROVIDER Contractor and MCWDB the County must meet the requirements in Training and Employment Guidance letter (TEGL) 39-11, Guidance on the Handling and Protection of Personally Identifiable Information, located at xxxx://xxx.xxxxxx.xxx/directives/corr_doc.cfm?DOCN=7872.
b. Each party shall keep all information that is exchanged between them in the strictest confidence and make sure information available to their respective employees is only on a “need-to-know” basis.
c. Each party shall provide security sufficient to ensure protection of confidential information from improper use and disclosures, including sufficient administrative, physical, and technical safeguards to protect this information from reasonable unanticipated threats to the security or confidentiality of the information.
d. PROVIDER Contractor agrees that information obtained under this agreement Agreement will not be reproduced, published, sold or released in original or in any other form for any purpose other than those specifically identified in this agreementAgreement.
Appears in 1 contract
Samples: Special Services Agreement
Confidentiality Requirements. The MCWDB and PROVIDER Contractor will exchange various kinds of information pursuant to this agreementAGREEMENT. That information will include data, applications, program files, and databases. These data and information are confidential when they define an individual or an employing unit. Confidential information requires special precautions to protect it from unauthorized use, access, disclosure, modification, and destruction. The sources of information may include, but are not limited to, the MCWDBCounty of Monterey, State of California EDD, California Department of Social Services, California Department of Education, California Department of Corrections and Rehabilitation, County Welfare Department(s), County IV-D Directors Office of Child Support, Office of the District Attorney, California Department of Mental Health, California Office of Community Colleges and Department of Alcohol and Drug Programs. The MCWDB and PROVIDER Contractor agree that:
a. Each party must recognize and safeguard personally identifiable information (PII) and information designated as sensitive in accordance with Uniform Guidance 2 CFR 200.303 – Safeguarding Personally Identifiable Information. PROVIDER Contractor must take reasonable measures to safeguard protected PII, as well as any information that the MCWDB designates as sensitive. Both PROVIDER Contractor and the MCWDB must meet the requirements in Training and Employment Guidance letter (TEGL) 39-11, Guidance on the Handling and Protection of Personally Identifiable Information, located at xxxx://xxx.xxxxxx.xxx/directives/corr_doc.cfm?DOCN=7872.
b. Each party shall keep all information that is exchanged between them in the strictest confidence and make sure information available to their respective employees is only on a “need-to-know” basis.
c. Each party shall provide security sufficient to ensure protection of confidential information from improper use and disclosures, including sufficient administrative, physical, and technical safeguards to protect this information from reasonable unanticipated threats to the security or confidentiality of the information.
d. PROVIDER Contractor agrees that information obtained under this agreement AGREEMENT will not be reproduced, published, sold or released in original or in any other form for any purpose other than those specifically identified in this agreementAGREEMENT.
Appears in 1 contract
Samples: Service Agreement
Confidentiality Requirements. The MCWDB and PROVIDER Contractor will exchange various kinds of information pursuant to this agreementAGREEMENT. That information will include data, applications, program files, and databases. These data and information are confidential when they define an individual or an employing unit. Confidential information requires special precautions to protect it from unauthorized use, access, disclosure, modification, and destruction. The sources of information may include, but are not limited to, the MCWDBCounty of Monterey, State of California EDD, California Department of Social Services, California Department of Education, California Department of Corrections and Rehabilitation, County Welfare Department(s), County IV-D Directors Office of Child Support, Office of the District Attorney, California Department of Mental Health, California Office of Community Colleges and Department of Alcohol and Drug Programs. The MCWDB and PROVIDER Contractor agree that:
a. Each party must recognize and safeguard personally identifiable information (PII) and information designated as sensitive in accordance with Uniform Guidance 2 CFR 200.303 – Safeguarding Personally Identifiable Information. PROVIDER Contractor must take reasonable measures to safeguard protected PII, as well as any information that the MCWDB designates as sensitive. Both PROVIDER Contractor and the MCWDB must meet the requirements in Training and Employment Guidance letter (TEGL) 39-11, Guidance on the Handling and Protection of Personally Identifiable Information, located at xxxx://xxx.xxxxxx.xxx/directives/corr_doc.cfm?DOCN=7872.
b. Each party shall keep all information that is exchanged between them in the strictest confidence and make sure information available to their respective employees is only on a “need-to-know” basis.
c. Each party shall provide security sufficient to ensure protection of confidential information from improper use and disclosures, including sufficient administrative, physical, and technical safeguards to protect this information from reasonable unanticipated threats to the security or confidentiality of the information.
d. PROVIDER Contractor agrees that information obtained under this agreement AGREEMENT will not be reproduced, published, sold or released in original or in any other form for any purpose other than those specifically identified in this agreementAGREEMENT.
Appears in 1 contract
Samples: Service Agreement
Confidentiality Requirements. The MCWDB State of California, County and PROVIDER the Contractor will exchange various kinds of information pursuant to this agreementAgreement. That information will include data, applications, program files, and databasesdatabases and information about specific participants receiving services. These data and information are confidential when they define an individual or an employing unitunit or when the disclosure is restricted or prohibited by any provision of law. Confidential information requires special precautions to protect it from unauthorized use, access, disclosure, modification, and destruction. The sources of information may include, but are not limited to, the MCWDBEmployment Development Department, State of California EDD, the California Department of Social Services, the California Department of Education, the California Department of Corrections and Rehabilitation, the County Welfare Department(s), the County IV-D Directors Director’s Office of Child Support, the Office of the District Attorney, the California Department of Mental Health, the California Office of Community Colleges and Colleges, the Department of Alcohol and Drug Programs, and individuals requesting program services. The MCWDB County and PROVIDER Contractor agree that:
a. Each party must recognize and safeguard personally identifiable information (PII) and information designated as sensitive in accordance with Uniform Guidance 2 CFR 200.303 – Safeguarding Personally Identifiable Information. PROVIDER must take reasonable measures to safeguard protected PII, as well as any information that the MCWDB designates as sensitive. Both PROVIDER and MCWDB must meet the requirements in Training and Employment Guidance letter (TEGL) 39-11, Guidance on the Handling and Protection of Personally Identifiable Information, located at xxxx://xxx.xxxxxx.xxx/directives/corr_doc.cfm?DOCN=7872.
b. Each party shall keep all information that is exchanged between them in the strictest confidence and make sure such information available to their respective employees is only on a “need-to-need to know” basis.
c. b. Each party shall provide security sufficient to ensure protection of confidential information from improper use and disclosures, including sufficient administrative, physical, and technical safeguards to protect this information from reasonable unanticipated threats to the security or confidentiality of the information.
d. PROVIDER c. The Contractor agrees that information obtained under this agreement Agreement will not be reproduced, published, sold or released in original or in any other form for any purpose other than those specifically identified in this agreementAgreement.
d. Each party agrees that no disaggregate data, identifying individuals or employers, shall be released to outside parties or to the public.
e. The Contractor shall notify County of any actual or attempted information security incidents, within 24 hours of initial detection, by telephone at (000) 000-0000. Information Security Incidents include, but are not limited to any event (intentional or unintentional), that cause the loss, damage, or destruction, or unauthorized access use modification, or disclosure of information assets. The Contractor shall cooperate with the Subgrantor and/or County in any investigations of security incidents. The system or device affected by an information security incident and containing confidential data obtained in the administration of this program shall be immediately removed from operation upon confidential data exposure or a known security breach. It shall remain removed from operation until correction and mitigation measures are applied. If the Contractor learns of a breach in the security of the system which contains confidential data obtained under this Agreement, then the Contractor must provide notification to individuals pursuant to Civil Code Section 1798.82.
f. The Contractor shall provide the management and control of physical access to information assets (including personal computer systems, computer terminals, mobile communicating devices, and various electronic storage media) used in performance of this Agreement. This shall include, but is not limited to, security measures to physically protect data, systems, and workstations from unauthorized access and malicious activity; the prevention, detection, and suppression of fires; and the prevention, detection and minimization of water damage.
g. At no time will confidential data obtained pursuant to this agreement be placed on a mobile computing/communication device, or on any form of removable electronic storage media of any kind unless the data are fully encrypted.
h. Each party shall provide its employees with access to confidential information with written instructions fully disclosing and explaining the penalties for unauthorized use or disclosure of confidential information found in Section 1798.55 of the Civil Code, Section 502 of the Penal Code, Section 2111 of the Unemployment Insurance Code, Section 10850 of the Welfare and Institutions Code and other applicable local, State and federal laws.
i. Each party shall (where it is appropriate) store and process information in electronic format, in such a way that unauthorized persons cannot reasonably retrieve the information by means of a computer.
j. Each party shall promptly return to the other party confidential information when its use ends, or destroy the confidential information utilizing an approved method of destroying confidential information: shredding, burning, or certified or witnessed destruction. Magnetic media are to be degaussed or returned to the other party.
k. If the County or Contractor enters into an agreement with a third party to provide WIOA services, the County or Contractor agrees to include these data and security and confidentiality requirements in the agreement with that third party. In no event shall said information be disclosed to any individual outside of that third party's authorized staff, subcontractor(s), service providers, or employees.
l. The County may, in its operation of the One-Stops, permit a One-Stop Operator to enter into a subcontract to manage confidential information. This Agreement and any Subcontract(s) may allow an individual to register for resume distribution services at the same time the individual enrolls in Ca1JOBs. County shall ensure that this Agreement and all such Subcontracts comply with the intellectual property requirements of paragraph 42 of this Agreement, the confidentiality requirements of paragraph 43 of this Agreement and any other terms of this Agreement that may be applicable. In addition, the following requirements must be included in the subcontracts:
1.) All client information submitted over the Internet to the Contractor or Sub- contractor databases must be protected, at a minimum, by 128-bit Secure Socket Layer (SSL) encryption. Clients' social security numbers must be stored in a separate database within the Contractor’s or Subcontractor's network of servers, and protected by a firewall and a secondary database server firewall or AES data encryption. If a Contractor or Subcontractor receives client social security numbers or other confidential information in the course of business, for example a resume-distribution service that provides enrollment in Ca1JOBs, social security numbers must be destroyed within two days after the client registers for Ca1JOBs. If a Contractor or Subcontractor obtains confidential information as an agent of the Contractor, the Contractor or Subcontract must specifically state the purpose for the data collection and the term of records retention must be stated, and directly related, to the purpose and use of the information. In accordance with 29 Code of Federal Regulations 97.42, social security numbers and other client specific information shall not be retained for more than three (3) years after a client completes services. The County should extend this period, only if any litigation, claim, negotiation, audit, or other action involving the records has been started before the end of the three-year retention period. In this case the records should be maintained until completion of the action and resolution of all issues arising from it, or until the close of the three-year retention period, whichever is later. (29 CFR sec. 97.42 (b)(2))
2.) Client information (personal information that identifies a client such as name and social security number) and/or demographic information of a client (such as wage history, address, and previous employment) shall not be used as a basis for commercial solicitation during the time the client or agency is using the Contractor’s or Subcontractor's services. Client information and/or demographic information shall not be used for any purposes other than those specific program purposes set forth in the Agreement.
3.) A One-Stop client must still be given the option to use the One-Stop's services, including Ca1JOBs, even if he or she chooses not to use any services of the Contractor or Subcontractor. This option shall be prominently, clearly, and immediately communicated to the client upon registration within the One- Stop or for CalJOBs, the Contractor’s or Subcontractor's resume-distribution services, or any other services Contractor or Subcontractor offers to the client or the One-Stop Operator.
4.) The Contractor or Subcontractor must clearly disclose all of its potential and intended uses of the client's personal and/or demographic information for the services the clients seek and for any other services the subcontractor offers. The Contractor or Subcontractor shall not use a client's personal and/or demographic information without the client's prior permission. A link to the Contractor’s or Subcontractor's Privacy Policy shall appear prominently on the registration screens that list the potential and intended uses of the client's personal and/or demographic information.
5.) When the County modifies State automated systems such as the State’s CalJOBS, it shall provide reasonable notice of such changes to the Contractor. The County shall be responsible to communicate such changes to the One-Stop Operator(s) in the local area.
m. Each party shall designate an employee who shall be responsible for overall security and confidentiality of its data and information systems and each party shall notify the other of any changes in that designation. As of this date, the following are those individuals: Name: Xxxx Xxxx Title: Fiscal Supervisor 1880 Wardrobe Avenue Merced, CA 95341 Telephone: (000) 000-0000 FAX: (000) 000-0000 Name: Xxxxxx Xxxx Title: Coordinator, Workforce Innovation and Opportunity Act Programs/Cal-SOAP 632 West 13th Street Merced, CA 00000-0000 Telephone: (000) 000-0000 FAX: (000) 000-0000
Appears in 1 contract
Samples: Agreement for Special Services
