Laserfiche WebLink
d. Each party agrees that no disaggregate data, identifying individuals or employers, <br /> shall be released to outside parties or the public. <br /> e. The Subreclpient shall notify Pass through Entity's Information Security Office of <br /> any actual or attempted information security incidents, within 24 hours of initial <br /> detection, by telephone at(916) 654-6231. Information security incidents include, <br /> but are not limited to, any event(intentional or unintentional), that causes the <br /> loss, damage, or destruction, or unauthorized access, use, modification, or <br /> disclosure of information assets. <br /> The Subrecipient shall cooperate with the Pass-through Entity in any investigation <br /> of security incidents. The system or device affected by an information security <br /> incident and containing confidential data obtained in the administration of this <br /> program shall be immediately removed from operation upon confidential data exposure <br /> or a known security breach. It shall remain removed from operation until correction <br /> and mitigation measures are applied. If the Subrecipient learns of a breach in the <br /> security of the system which contains confidential data obtained under this <br /> Subgrant, then the Subrecipient must provide notification to individuals pursuant <br /> to California Civil Code Section 1798.82. <br /> The Subrecipient shall be responsible for all costs incurred by the Pass-through <br /> Entity due to a security incident resulting from the Subrecipient's failure to <br /> perform or negligent acts of its personnel, and resulting in an unauthorized <br /> disclosure, release, access, review, or destruction; or loss, theft or misuse of <br /> an information asset. If the Subrecipient experiences a loss or breach of data, <br /> the Subrecipient shall immediately report report the loss or breach to the Pass- <br /> through Entity. If the Pass-through Entity determines that notice to the <br /> individuals whose data has been lost or breached is appropriate, the Subreciplent <br /> will bear any and all costs associated with the notice or any mitigation selected <br /> by the Pass-through Entity. These costs include, but are not limited to, staff <br /> time, material costs, postage, media announcements, and other identifiable costs <br /> associated with the breach or loss of data. <br /> f. The Subrecipient shall provide for the management and control of physical access to <br /> information assets (including personal computer systems, computer terminals, mobile <br /> computing devices, and various electronic storage media)used in performance of this <br /> Subgrant. This shall include, but is not limited to, security measures to physically <br /> protect data, systems, and workstations from unauthorized access and malicious <br /> activity; the prevention, detection, and suppression of fires; and the prevention, <br /> detection, and minimization of water damage. <br /> g.At no time will confidential data obtained pursuant to this agreement be placed on a <br /> mobile computing device, or on any form of removable electronic storage media of any <br /> kind unless the data are fully encrypted. <br /> h. Each party shall provide its employees with access to confidential information with <br /> written instructions fully disclosing and explaining the penalties for unauthorized <br /> use or disclosure of confidential information found in Section 1798.55 of the <br /> California Civil Code, Section 502 of the California Penal Code, Section 2111 of the <br /> California Unemployment Insurance Code, Section 10850 of the California Welfare and <br /> Institutions Code and other applicable local, state and federal laws. <br /> L Each party shall (where it is appropriate) store and process information in <br /> electronic format, in such a way that unauthorized persons cannot reasonably retrieve <br /> the information by means of a computer. <br /> j.All Subrecipient staff and subcontractors that are provided access to any data <br /> systems of the Pass-through Entity, excluding CaIJOBS, are required to complete <br /> and sign an Employee Confidentiality Statement(DE 7410). <br /> k. Each party shall promptly return to the other party confidential information when <br /> its use ends, or destroy the confidential information utilizing an approved method of <br /> destroying confidential information: shredding, burning, or certified or witnessed <br /> destruction. Magnetic media are to be degaussed or returned to the other party. <br /> I. If the Pass-through Entity or Subrecipient enters into an agreement with a third <br /> party to provide WOA services,the Pass-through Entity or Subrecipient agrees to <br /> include these data and security and confidentiality requirements in the agreement <br /> with that third party. In no event shall said information be disclosed to any <br /> Page 12 0f 14 <br />