Common use of Security Violation Clause in Contracts

Security Violation. An act from within an organization that bypasses or disobeys security policies, practices, or procedures. Sensitive data: Sensitive data is a special category of personally identifiable information (PII) that has the potential to cause great harm to an individual, government agency, or program if abused, misused, or breached. It is sensitive information protected against unwarranted disclosure and carries specific criminal and civil penalties for an individual convicted of unauthorized access, disclosure, or misuse. Protection of sensitive information usually involves specific classification or legal precedents that provide special protection for legal and ethical reasons. Security Information Management (SIM): SIM is software that automates the collection of event log data from security devices such as firewalls, proxy servers, intrusion detection systems and anti-virus software. The SIM translates the data into correlated and simplified formats. SMDS (Switched Multimegabit Data Service (SMDS): SMDS is a telecommunications service that provides connectionless, high- performance, packet- switched data transport. Although not a protocol, it supports standard protocols and communications interfaces using current technology. SSA-provided data/information: Synonymous with “SSA-supplied data/information‟, defines information under the control of SSA provided to an external entity under the terms of an information exchange agreement with SSA. The following are examples of SSA-provided data/information:  SSA’s response to a request from an EIEP for information from SSA (e.g., date of death)  SSA’s response to a query from an EIEP for verification of an SSN SSA data/information: This term, sometimes used interchangeably with “SSA-provided data/information,‟ denotes information under the control of SSA provided to an external entity under the terms of an information exchange agreement with SSA. However, “SSA data/information” also includes information provided to the EIEP by a source other than SSA, but which the EIEP attests to that SSA verified it, or the EIEP couples the information with data from SSA as to to certify the accuracy of the information. The following are examples of SSA information:  SSA’s response to a request from an EIEP for information from SSA (e.g., date of death)  SSA’s response to a query from an EIEP for verification of an SSN  Display by the EIEP of SSA’s response to a query for verification of an SSN and the associated SSN provided by SSA  Display by the EIEP of SSA’s response to a query for verification of an SSN and the associated SSN provided to the EIEP by a source other than SSA  Electronic records that contain only SSA’s response to a query for verification of an SSN and the associated SSN whether provided to the EIEP by SSA or a source other than SSA SSN: Social Security Number STC: A State Transmission/Transfer Component is an organization, which performs as an electronic information conduit or collection point for one or more other entities (also referred to as a hub). System-generated transaction: A transaction automatically triggered by an automated system process. Example: A user enters a client’s information including the client’s SSN on an input screen and presses the “ENTER‟ key to acknowledge that input of data is complete. An automated process then matches the SSN against the organization’s database and when the systems finds no match, automatically sends an electronic request for verification of the SSN to SSA. Systems process: Systems Process refers to a software program module that runs in the background within an automated batch, online, or other process. Third Party: Third Party pertains to an entity (person or organization) provided access to SSA- provided information by an EIEP or other SSA business partner for which one or more of the following apply:  is not stipulated access to SSA-provided information by an information- sharing agreement between an EIEP and SSA  has no data exchange agreement with SSA  SSA does not directly authorize access to SSA-provided information Transaction-driven: This term pertains to an automatically initiated online query of or request for SSA information by an automated transaction process (e.g., driver license issuance, etc.). The query or request will only occur the automated process meets prescribed conditions. Uncontrolled transaction: This term pertains to a transaction that falls outside a permission module. An uncontrolled transaction is not subject to a systematically enforced relationship between an authorized process or application and an existing client record.

Security Violation. An act from within an organization that bypasses or disobeys security policies, practices, or procedures. Sensitive data: Sensitive data is a special category of personally identifiable information (PII) that has the potential to cause great harm to an individual, government agency, or program if abused, misused, or breached. It is sensitive information protected against unwarranted disclosure and carries specific criminal and civil penalties for an individual convicted of unauthorized access, disclosure, or misuse. Protection of sensitive information usually involves specific classification or legal precedents that provide special protection for legal and ethical reasons. Security Information Management (SIM): SIM is software that automates the collection of event log data from security devices such as firewalls, proxy servers, intrusion detection systems and anti-virus software. The SIM translates the data into correlated and simplified formats. SMDS (Switched Multimegabit Data Service (SMDS): SMDS is a telecommunications service that provides connectionless, high- performance, packet- switched data transport. Although not a protocol, it supports standard protocols and communications interfaces using current technology. SSA-provided data/information: Synonymous with “SSA-supplied data/information‟, defines information under the control of SSA provided to an external entity under the terms of an information exchange agreement with SSA. The following are examples of SSA-provided data/information:  • SSA’s response to a request from an EIEP for information from SSA (e.g., date of death)  • SSA’s response to a query from an EIEP for verification of an SSN SSA data/information: This term, sometimes used interchangeably with “SSA-provided data/information,‟ denotes information under the control of SSA provided to an external entity under the terms of an information exchange agreement with SSA. However, “SSA data/information” also includes information provided to the EIEP by a source other than SSA, but which the EIEP attests to that SSA verified it, or the EIEP couples the information with data from SSA as to to certify the accuracy of the information. The following are examples of SSA information:  • SSA’s response to a request from an EIEP for information from SSA (e.g., date of death)  • SSA’s response to a query from an EIEP for verification of an SSN  • Display by the EIEP of SSA’s response to a query for verification of an SSN and the associated SSN provided by SSA  • Display by the EIEP of SSA’s response to a query for verification of an SSN and the associated SSN provided to the EIEP by a source other than SSA  • Electronic records that contain only SSA’s response to a query for verification of an SSN and the associated SSN whether provided to the EIEP by SSA or a source other than SSA SSN: Social Security Number STC: A State Transmission/Transfer Component is an organization, which performs as an electronic information conduit or collection point for one or more other entities (also referred to as a hub). System-generated transaction: A transaction automatically triggered by an automated system process. Example: A user enters a client’s information including the client’s SSN on an input screen and presses the “ENTER‟ key to acknowledge that input of data is complete. An automated process then matches the SSN against the organization’s database and when the systems finds no match, automatically sends an electronic request for verification of the SSN to SSA. Systems process: Systems Process refers to a software program module that runs in the background within an automated batch, online, or other process. Third Party: Third Party pertains to an entity (person or organization) provided access to SSA- provided information by an EIEP or other SSA business partner for which one or more of the following apply:  • is not stipulated access to SSA-provided information by an information- sharing agreement between an EIEP and SSA  • has no data exchange agreement with SSA  • SSA does not directly authorize access to SSA-provided information Transaction-driven: This term pertains to an automatically initiated online query of or request for SSA information by an automated transaction process (e.g., driver license issuance, etc.). The query or request will only occur the automated process meets prescribed conditions. Uncontrolled transaction: This term pertains to a transaction that falls outside a permission module. An uncontrolled transaction is not subject to a systematically enforced relationship between an authorized process or application and an existing client record.