Common use of Data Protection and Privacy Requirements Clause in Contracts

Data Protection and Privacy Requirements. 1. Web Services Employers must practice proper Internet security; this means using HTTP over SSL/TLS (also known as HTTPS) when accessing DHS information resources such as E-Verify [NIST SP 800-95]. Internet security practices like this are necessary because Simple Object Access Protocol (SOAP), which provides a basic messaging framework on which Web Services can be built, allows messages to be viewed or modified by attackers as messages traverse the Internet and is not independently designed with all the necessary security protocols for E-Verify use. 2. In accordance with DHS standards, the Web Services Employer agrees to maintain physical, electronic, and procedural safeguards to appropriately protect the information shared under this MOU against loss, theft, misuse, unauthorized access, and improper disclosure, copying use, modification or deletion. 3. Any data transmission requiring encryption shall comply with the following standards: • Products using FIPS 197 Advanced Encryption Standard (AES) algorithms with at least 256-bit encryption that has been validated under FIPS 140-2. • NSA Type 2 or Type 1 encryption. 4. User ID Management (Set Standard): All information exchanged between the parties under this MOU will be done only through authorized Web Services Employer representatives identified above. 5. The Web Services Employer agrees to use the E-Verify browser instead of its own interface if it has not yet upgraded its interface to comply with the Federal Acquisition Regulation (FAR) system changes. In addition, Web Services Employers whose interfaces do not support the Form I-9 from 2/2/2009 or 8/7/2009 agree to use the E-Verify browser until the system upgrade is completed. 6. The Web Services Employer agrees to use the E-Verify browser instead of its own interface if it has not completed updates to its system to the satisfaction of DHS or its assignees within six months from the date DHS notifies the Web Services Employer of the system update. The Web Services Employer can resume use of its interface once it is up-to-date, unless the Web Services Employer has been suspended or terminated from continued use of the system.

Data Protection and Privacy Requirements. 1. Web Services Employers must practice proper Internet security; this means using HTTP over SSL/TLS (also known as HTTPS) when accessing DHS information resources such as E-Verify [NIST SP 800-95]. Internet security practices like this are necessary because Simple Object Access Protocol (SOAP), which provides a basic messaging framework on which Web Services can be built, allows messages to be viewed or modified by attackers as messages traverse the Internet and is not independently designed with all the necessary security protocols for E-Verify use. 2. In accordance with DHS standards, the Web Services Employer agrees to maintain physical, electronic, and procedural safeguards to appropriately protect the information shared under this MOU against loss, theft, misuse, unauthorized access, and improper disclosure, copying use, modification or deletion. 3. Any data transmission requiring encryption shall comply with the following standards: • : a. Products using FIPS 197 Advanced Encryption Standard (AES) algorithms with at least 256-bit encryption that has been validated under FIPS 140-2. • . b. NSA Type 2 or Type 1 encryption. 4. User ID Management (Set Standard): All information exchanged between the parties under this MOU will be done only through authorized Web Services Employer representatives identified above. 5. The Web Services Employer agrees to use the E-Verify browser instead of its own interface if it has not yet upgraded its interface to comply with the Federal Acquisition Regulation (FAR) system changes. In addition, Web Services Employers whose interfaces do not support the Form I-9 from 2/2/2009 or 8/7/2009 agree to use the E-E- Verify browser until the system upgrade is completed. 6. The Web Services Employer agrees to use the E-Verify browser instead of its own interface if it has not completed updates to its system to the satisfaction of DHS or its assignees within six months from the date DHS notifies the Web Services Employer of the system update. The Web Services Employer can resume use of its interface once it is up-to-date, unless the Web Services Employer has been suspended or terminated from continued use of the system.

Data Protection and Privacy Requirements. 1. Web Services Employers must practice proper Internet security; this means using HTTP over SSL/TLS (also known as HTTPS) when accessing DHS information resources such as E-Verify [NIST SP 800-95]. Internet security practices like this are necessary because Simple Object Access Protocol (SOAP), which provides a basic messaging framework on which Web Services can be built, allows messages to be viewed or modified by attackers as messages traverse the Internet and is not independently designed with all the necessary security protocols for E-Verify use. 2. In accordance with DHS standards, the Web Services Employer agrees to maintain physical, electronic, and procedural safeguards to appropriately protect the information shared under this MOU against loss, theft, misuse, unauthorized access, and improper disclosure, copying use, modification or deletion. 3. Any data transmission requiring encryption shall comply with the following standards: • Products using FIPS 197 Advanced Encryption Standard (AES) algorithms with at least 256-bit encryption that has been validated under FIPS 140-2. • NSA Type 2 or Type 1 encryption. 4. User ID Management (Set Standard): All information exchanged between the parties under this MOU will be done only through authorized Web Services Employer representatives identified above. 5. The Web Services Employer agrees to use the E-Verify browser instead of its own interface if it has not yet upgraded its interface to comply with the Federal Acquisition Regulation (FAR) system changes. In addition, Web Services Employers whose interfaces do not support the Form I-9 from 2/2/2009 or 8/7/2009 agree to use the E-Verify browser until the system upgrade is completed. 6. The Web Services Employer agrees to use the E-Verify browser instead of its own interface if it has not completed updates to its system to the satisfaction of DHS or its assignees within six months from the date DHS notifies the Web Services Employer of the system update. The Web Services Employer can resume use of its interface once it is up-to-date, unless the Web Services Employer has been suspended or terminated from continued use of the system.