Laserfiche WebLink
d. Each party agrees that no disaggregate data, identifying Individuals or employers, <br />shall be released to outside parties or the public. <br />a, The Subreciplent shall notify Pass -through Entity's Information Security Office of <br />any actual or attempted information security incidents, within 24 hours of initial <br />detection, by telephone at (916) 654-6231. Information security incidents Include, <br />but are not limited to, any event (Intentional or unintentional), that causes the <br />loss, damage, or destruction, or unauthorized access, use, modification, or <br />disclosure of Information assets. <br />The Subreciplent shall cooperate with the Pass -through Entity In any investigation <br />of security incidents. The system or device affected by an Information security <br />Incident and containing confidential data obtained in the administration of this <br />program shall be immediately removed from operation upon confidential data exposure <br />or a known security breach. It shall remain removed from operation until correction <br />and mitigation measures are applied. If the Subreciplent learns of a breach In the <br />security of the system which contains confidential data obtained under this <br />Subgrant, then the Subreclplent must provide notification to individuals pursuant <br />to California Civil Code Section 1798.82, <br />The Subrecipient shall be responsible for all costs incurred by the Pass -through <br />Entity due to a security incident resulting from the Subreclpient's failure to <br />perform or negligent acts of Its personnel, and resulting In an unauthorized <br />disclosure, release, access, review, or destruction; or loss, theft or misuse of <br />an information asset. If the Subreciplent experiences a loss or breach of data, <br />the Subreciplent shall immediately report report the loss or breach to the Pass - <br />through Entity. If the Pass -through Entity determines that notice to the <br />individuals whose data has been lost or breached is appropriate, the Subreciplent <br />will bear any and all costs associated with the notice or any mitigation selected <br />by the Pass -through Entity. These costs include, but are not limited to, staff <br />time, material costs, postage, media announcements, and other identifiable costs <br />associated with the breach or loss of data. <br />f. The Subreciplent shall provide for the management and control of physical access to <br />information assets (including personal computer systems, computer terminals, mobile <br />computing devices, and various electronic storage media) used in performance of this <br />Subgrant. This shall Include, but Is not limited to, security measures to physically <br />protect data, systems, and workstations from unauthorized access and malicious <br />activity; the prevention, detection, and suppression of fires; and the prevention, <br />detection, and minimization of water damage. <br />g. At no time will confidential data obtained pursuant to this agreement be placed on a <br />mobile computing device, or on any form of removable electronic storage media of any <br />kind unless the data are fully encrypted. <br />h. Each party shall provide Its employees with access to confidential Information with <br />written instructions fully disclosing and explaining the penalties for unauthorized <br />use or disclosure of confidential Information found In Section 1798.65 of the <br />California Civil Code, Section 502 of the California Penal Code, Section 2111 of the <br />California Unemployment Insurance Code, Section 10850 of the California Welfare and <br />Institutions Code and other applicable local, state and federal laws. <br />I. Each party shall (where it is appropriate) store and process Information In <br />electronic format, in such a way that unauthorized persons cannot reasonably retriove <br />the information by means of a computer. <br />J. All Subreciplent staff and subcontractors that are provided access to any data <br />systems of the Pass -through Entity, excluding CaIJOBS, are required to complete <br />and sign an Employee Confidentiality Statement (DE 7410), <br />k. Each party shall promptly return to the other party confidential Information when <br />Its use ends, or destroy the conlidential information utilizing an approved method of <br />destroying confidential Information: shredding, burning, or certified or witnessed <br />destruction. Magnetic media are to be degaussed or returned to the other party. <br />1. If the Pass -through Entity or Subreciplent enters into an agreement with a third <br />party to provide W1OA services, the Pass -through Entity or Subreciplent agrees to <br />Include these data and security and confidentiality requirements in the agreement <br />with that third party. In no event shall said Information be disclosed to any <br />Page 15 of 17 <br />