Common use of Ensuring Privacy and Security of Consumer Personally Identifiable Information Clause in Contracts

Ensuring Privacy and Security of Consumer Personally Identifiable Information. (PII) 30 Applicants should develop and include with their application a plan to protect the privacy and security of consumers’ PII that includes a discussion of the following: • (5 points) How the applicant intends to comply with FFE privacy and security standards and to use computers, including laptops or tablets, in accordance with those standards and 45 C.F.R. § 155.260. The privacy and security standards for current Navigator awardees under opportunity CA-NAV-19-001 can be found here: xxxxx://xxx.xxx.xxx/files/document/2020-privacy-and-security-terms- and-conditions-508-ejs-5-4-2021.pdf • (5 points) Process for ensuring all persons performing Navigator functions and others who have access to sensitive information or PII related to the organization’s Navigator functions complete all required training related to ensuring privacy and security of consumer PII, including training on compliance with FFE privacy and security standards; Project Narrative Topics Total Available Points Scoring Criteria Breakdown • (5 points) Process for ensuring that applicants for coverage available through an Exchange application (1) are informed of the functions and responsibilities of Navigators, including that Navigators are not acting as tax advisers or attorneys when providing assistance as Navigators and cannot provide tax or legal advice within their capacity as Navigators; (2) provide authorization prior to a Navigator’s obtaining access to their personally identifiable information; and (3) may revoke at any time the authorization provided to the Navigator; • (5 points) How the applicant plans to conduct ongoing monitoring throughout the duration of the period of performance to ensure that persons performing Navigator functions and others who have access to sensitive information or PII related to the organization’s Navigator functions are protecting consumer PII and other sensitive data in accordance with their training and the organization’s operating policies. Applicant should also discuss mitigation plans for addressing PII breaches, should any occur. • (10 points total) Applicant should also discuss the following:  (5 points) Plans for training persons performing Navigator functions and others who have access to sensitive information or PII related to the organization’s Navigator functions on how to receive, secure, and handle PII or other sensitive data, and  (5 points) Process for evaluating qualifications of persons performing Navigator functions and others who have access to sensitive information or PII related to the organization’s Navigator functions for receiving, securing, and handling PII or other sensitive data, including if background checks are conducted. If background checks are conducted, applicants should explain on whom they are conducted, what would be considered to Project Narrative Topics Total Available Points Scoring Criteria Breakdown be adverse findings of a background check and/or findings that would preclude someone from working on the organization’s Navigator activities or accessing PII related to those activities, and whether the following types of recommended background checks are used:  Office of Inspector General (OIG) Sanction Check • HHS OIG has a list that identifies individuals who are debarred/sanctioned from participating on any Federal programs.  Criminal Background Investigation • This type of investigation can include a national criminal database search, as well as a locality search (to include Federal, District & County Court and criminal records check).  State-required Background Check • This can include any investigations required of Navigators under state law.