Laserfiche WebLink
Contract #31317 City of Santa Ana AJCC <br />S. Confidentiality <br />A. Contractor agrees that any report or material created during the performance of <br />this agreement will not be released to any source except as required by this <br />agreement or otherwise authorized by DOR. <br />B. Contractor agrees that any information obtained in the performance of this <br />agreement is confidential and shall not be published or open to public inspection <br />in any manner, except as authorized by DM <br />C. Contractor agrees to maintain the confidentiality of any information concerning <br />any consumers that the contractor may obtain in the performance of this <br />agreement and specifically agrees to comply with the provisions applicable to <br />such information as set forth in 34 Code of Federal Regulations, Section 361.38, <br />title 9, California code of Regulations, Section 7140 et seq., and the Information <br />Practices Act of 1977 (California Civil Code Section 1798 et seq.). <br />D. Contractor agrees to report any security breach or information security incident <br />involving DOR consumers' personal information to the DOR's Contract <br />Administrator and the DOR's Information Security Officer. The DOR's <br />Information Security Officer can be contacted via e-mail at isoinfo aC),dor.ca.gov. <br />E. Security breaches or information security incidents that shall be reported <br />include, but are not limited to: <br />1. Inappropriate use or unauthorized disclosure of DOR consumers' personal <br />information by the Contractor or the Contractor's assignees. Disclosure <br />methods include, but are not limited to, electronic, paper, and verbal. <br />2. Unauthorized access to DOR consumers' personal information. Information <br />can be held in medium that includes, but is not limited to, electronic and <br />paper. <br />3. Loss or theft of information technology (IT) equipment, electronic <br />devices/media, paper media, or data containing DOR consumers' personal <br />information. IT equipment and electronic devices/media include, but are not <br />limited to, computers (e.g., laptop and desktop, netbooks, tablets), <br />smartphones, cell phones, CDs, DVDs, USB flash drives, servers, printers, <br />peripherals, assistive technology devices (e.g., notetakers, videophones), <br />and copiers. Data can be held in medium that includes, but is not limited to, <br />electronic and paper. <br />F. Contractor agrees to provide annual security and privacy training for all <br />Individuals who have access to personal, confidential, or sensitive information <br />relating to the performance of this agreement. <br />Exhibit D <br />