Laserfiche WebLink
The Subrecipient shall be responsible for all costs incurred by the Pass -through <br />Entity due to a security incident resulting from the Subreciplent's failure to <br />perform or negligent acts of its personnel, and resulting in an unauthorized <br />disclosure, release, access, review, or destruction; or loss, theft or misuse of <br />an information asset. If the Subrecipient experiences a loss or breach of data, <br />the Subrecipient shall immediately report report the loss or breach to the Pass - <br />through Entity. If the Pass -through Entity determines that notice to the <br />Individuals whose data has been lost or breached is appropriate, the Subrecipient <br />will bear any and all costs associated with the notice or any mitigation selected <br />by the Pass -through Entity. These costs include, but are not limited to, staff <br />time, material costs, postage, media announcements, and other identifiable costs <br />associated with the breach or loss of data. <br />f. The Subrecipient shall provide for the management and control of physical access to <br />information assets (including personal computer systems, computer terminals, mobile <br />computing devices, and various electronic storage media) used in performance of this <br />Subgrant. This shall include, but is not limited to, security measures to physically <br />protect data, systems, and workstations from unauthorized access and malicious <br />activity; the prevention, detection, and suppression of fires; and the prevention, <br />detection, and minimization of water damage. <br />g. At no time will confidential data obtained pursuant to this agreement be placed on a <br />mobile computing device, or on any form of removable electronic storage media of any <br />kind unless the data are fully encrypted. <br />h. Each party shall provide its employees with access to confidential information with <br />written instructions fully disclosing and explaining the penalties for unauthorized <br />use or disclosure of confidential information found in Section 1798.55 of the <br />California Civil Code, Section 502 of the California Penal Code, Section 2111 of the <br />California Unemployment Insurance Code, Section 10850 of the California Welfare and <br />Institutions Code and other applicable local, state and federal laws. <br />i. Each party shall (where it is appropriate) store and process information in <br />electronic format, in such a way that unauthorized persons cannot reasonably retrieve <br />the information by means of a computer. <br />j. All Subrecipient staff and subcontractors that are provided access to any data <br />systems of the Pass -through Entity, excluding CaIJOBS, are required to complete <br />and sign an Employee Confidentiality Statement (DE 7410). <br />k. Each party shall promptly return to the other party confidential information when <br />its use ends, or destroy the confidential information utilizing an approved method of <br />destroying confidential information: shredding, burning, or certified or witnessed <br />destruction. Magnetic media are to be degaussed or returned to the other party. <br />I. If the Pass -through Entity or Subrecipient enters into an agreement with a third <br />party to provide WIOA services, the Pass -through Entity or Subrecipient agrees to <br />Include these data and security and confidentiality requirements in the agreement <br />with that third party. In no event shall said information be disclosed to any <br />individual outside of that third party's authorized staff, subcontractor(s), service <br />providers, or employees. <br />m. The Subrecipient may, in its operation of the America's Job Center of California <br />(AJCC), permit an AJCC Operator to enter Into a subcontract to manage confidential <br />information. This subcontract may allow an individual to register for resume <br />distribution services at the same time the individual enrolls in CaIJOBS. <br />Subrecipient shall ensure that all such subcontracts comply with the intellectual <br />property requirements of this subgrant agreement, the confidentiality requirements of <br />this subgrant agreement and any other terms of this subgrant agreement that may be <br />applicable. In addition, the following requirements must be included in the <br />subcontracts: <br />All client Information submitted over the internet to the subcontractor's <br />databases must be protected, at a minimum, by 128-bit Secure Socket Layer (SSL) <br />encryption. Clients' social security numbers must be stored in a separate <br />database within the subcontractor's network of servers, and protected by a <br />f rewall and a secondary database server firewall or AES data encryption. If a <br />subcontractor receives client social security numbers or other confidential <br />information in the course of business, for example a resume -distribution service <br />Page 15 of 16 <br />