Second Amendment of Contract
Exhibit 10.2
Second Amendment of Contract
This Second Amendment (the Second Amendment), is made and entered into September 28, 2006, by and between the State of Louisiana, through the Division of Administration, Office of Community Development (hereinafter referred to as “OCD”) and ICF Emergency Management Services, LLC (hereinafter referred either as “ICF” or “Contractor”). Capitalized terms used in the amendment but not defined herein have the meanings ascribed to them in the hereinafter described Contract.
WHEREAS, OCD and Contractor have heretofore executed and entered into that certain Contract with an effective date of June 12, 2006 (the “Contract”) in which ICF agreed to serve as Louisiana’s Road Home Manager and otherwise obligated itself to complete the Project; which Contract was amended by the First Amendment dated July 24, 2006.
Whereas the State and Contractor desire to amend and modify the Contract to further delineate duties and responsibilities of the parties in the collection, use and protection of Confidential Information;
Now therefore, for and in consideration of the foregoing premises, the State and Contractor agree as follows:
Section 11.0 of the Contract is deleted in its entirety and is replaced as follows:
11.0 CONFIDENTIALITY OF INFORMATION
11.1 Confidential Information, General
All of the reports, information, data, etc., prepared or assembled by the Contractor under this Contract are confidential and the Contractor agrees that they shall not he made available to any individual or organization without prior written approval of the State.
All financial, statistical, personal, technical and other data and information relating to the State’s operation that are designated confidential by the State and made available to the Contractor in order to carry out this Contract, or that become available to the Contractor in carrying out this Contract (“Confidential Information”), shall be protected by the contractor from unauthorized use and disclosure through the observance of the same or more effective procedural requirements as are applicable to the State. The identification of all such confidential data and information as well as the State’s procedural requirements for protection of such data and information from unauthorized use and disclosure shall be provided by the State in writing to the Contractor. If the methods and procedures employed by the Contractor for the protection of the Contractor’s data and information are deemed by the State to be adequate for the protection of the State’s confidential information, such methods and procedures may be used, with the written consent of the State, to carry out the intent of this paragraph. The Contractor shall not be required under the provisions of the paragraph to keep confidential any data or information that is or becomes publicly available, is already rightfully in the Contractor’s possession, is independently developed by the Contractor outside the scope of the contract, or is rightfully obtained from third parties.
1
11.2 Confidential Information of Applicants:
It shall be presumed that all information (including an applicant’s photo identification, photographic likeness, and thumb scan image) acquired by Contractor or its subcontractors, from whatever source, relating to individual applicants for any grant, loan, or other programs administered under this Contract, (“Confidential Applicant Data”) shall he deemed confidential and protected from access, disclosure or use other than in compliance with this Contract. Confidential Applicant Data is included within the term Confidential Information, and shall be entitled in all protections provided Confidential Information, as well as all other increased protections provided herein.
Summaries of applicant information compiled in an aggregate fashion which cannot be used to identify an individual may be reported as directed by OCD by Contractor in its performance of this Contract.
Other than as directed in writing by OCD, only Contractor’s employees and subcontractors’ employees with a defined need to know (established in the written protocols and procedures specified in section 11.3 below) shall be granted access to Confidential Applicant Data and only after they have been informed of the confidential nature of the Confidential Applicant Data. The level of access of such individuals shall he dictated by the level of their defined need to know.
Confidential Applicant Data shall not be distributed, disclosed or conveyed to any subcontractor except those subcontractors who have a defined need to know the Confidential Applicant Data.
11.3 State’s Procedural Requirements
In accordance with Section 11.1 above, OCD has provided to the Contractor: (a) the State Information Security Policy and (b) the Procedures for Information Requests from The Road Home Database or Open Records Requests. As mutually agreed by the Parties, Contractor shall implement these policies and procedures, including revisions thereto, as well as Contractor’s own policies and procedures and other appropriate, technical, physical and administrative safeguards in order to protect Confidential Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Contractor shall submit its written policies and procedures required under this part to OCD for approval. As the State may revise its policies and procedures, Contractor shall continue to provide the necessary updates and upgrades for compliance with Section 11 and its subsections thereof. The obligations under of Section 11 are in addition to, and not in place of, the agreements under Exhibit A, Scope of Work, Section 1.2 et al.
2
11.4 Duties to Monitor and Report Security Breach or Unauthorized Release Use or Release of Information
Contractor and its subcontractors shall implement monitoring plans in accordance with Section 11.3 above to detect unauthorized access to or use of Confidential Information or any attempts to gain unauthorized access to Confidential Information. Contractor and its subcontractors shall provide SPM with immediate notification (not more than 24 hours) of Contractor’s awareness of any security incident (“Security Incident”) involving Confidential Information. The reference to Security Incident herein may include, but not be limited to the following: successful attempts at gaining unauthorized access to Confidential Information, or the unauthorized use of a system for the processing or storage of Confidential Information, or the unauthorized use or disclosure, whether intentional or otherwise, of Confidential Information.
In the event of unauthorized access to or disclosure of information, Contractor, as well as any subcontractor, involved in a Security Incident, shall consult with OCD regarding the necessary steps to address the factors giving rise to the Security Incident and to address the consequences of such Security Incident.
Nothing in this Contract shall be deemed to affect any rights an individual applicant may have under any applicable state or federal law concerning the unauthorized access, use or disclosure of Confidential Applicant Data.
11.5 Third Party Requests for Release of Information
Should third parties request Contractor to submit Confidential Information to them pursuant to a public records request, subpoena, summons, search warrant or governmental order, Contractor, will notify OCD immediately upon receipt of such request. Notice shall be forwarded via e-mail and via telefax to the representative designated in writing by OCD as the OCD contact for requests for release of information. Protocols for the handling of’ such requests are found in the Procedures for Information Requests from The Road Home Database or Open Records Requests, as promulgated or as hereafter modified by OCD. Contractor shall cooperate with OCD with respect to defending against any such requested release of information or obtaining any necessary judicial protection against such release if, in the opinion of OCD, the information contains Confidential Information which should be protected against such disclosure. The legal fees and related expenses incurred by Contractor or its subcontractor in resisting the release of information shall constitute reimbursable expenses under this Contract.
11.6 Subcontract Agreements
Contractor shall obtain agreements by all subcontractors to be bound by the terms of the provisions of Section 11.1 above. In addition, those subcontractors who have a need to know Confidential Applicant Data shall he required to agree to all the terms of this Section 11.0, including all subsections thereof.
3
11.7 Non-confidential Data and Data Obtained from Third Parties
In the event Confidential Applicant Data is or becomes part of the public domain, other than as a result of a Security Incident, Contractor and subcontractors shall continue to treat such information as private and avoid the unnecessary use or release of such information, unrelated to the performance under the Contract. The State agrees that some portions of Confidential Applicant Data may be obtained from insurance companies or other third parties.
11.8 Limitations on Copying; Delivery of Confidential Information to OCD; Destruction of Database; Obligations Against Use and Disclosure Survive Termination of Contract
No copies or reproductions shall be made of any Confidential Information except to effectuate the purposes of this Contract or upon the prior approval of OCD. Contractor and subcontractors shall not make use of any Confidential Information for their own benefit or for the benefit of any third party, except as directed by OCD in writing.
In accordance with Section 13.0 of the Contract, as between the Contractor and the State, all Confidential Information is deemed to be the property of the State.
Upon termination or expiration of the Contract, all databases and other storage media containing Confidential Applicant Data shall be delivered to the State, who shall retain such information for the periods of time then required in accordance with any applicable state and federal statutes and regulations controlling such record retention. Contractor and subcontractors shall not keep any copies of the Confidential Applicant Data in any medium format; upon delivery of the Confidential Applicant Data to the State under this provision, Contractor and applicable subcontractors shall certify under penalty of perjury that no copies of the Confidential Applicant Data have been retained. Any exceptions to this provision must be approved in writing by the SPM, and shall set forth the scope of data required to be retained, the reasons justifying such retention, and the terms and conditions of such retention.
11.9 The obligations under Section 11.0 and all subsections thereof shall survive the termination or expiration of the Contract.
IN WITNESS WHEREOF, the Parties hereto have caused this Second Amendment to be executed by their duly authorized representatives as of the day and year first above written.
State of Louisiana, Division of Administration
By | /s/ Xxxxx Xxxx Xxxxxxx | |
Xxxxx Xxxx Xxxxxxx | ||
Commissioner of Administration |
Date September 28, 2006
4
ICF Emergency Management Services, LLC
By | /s/ X X XxXxxxx |
Typed Name | Xxxxxx X XxXxxxx |
Title | Assistant Secretary |
5