|
6.113. - Page 8 of 42
<br />Attachment P
<br />Personally Identifiable Information
<br />Requirements for County Contractors, Subcontractors, Vendors and Agents
<br />I. Definitions
<br />Personally Identifiable Information (PII), or Sensitive Personal Information (SPI), as used in
<br />Federal information security and privacy laws, is information that can be used on its own or
<br />with other information to identify, contact, or locate a single person, or to identify an individual
<br />in context. PH may only be used to assist in the administration of programs in accordance
<br />with 45 C.F.R. § 205.40, et seq. and California Welfare & Institutions Code section 10850.
<br />a. "Assist in the Administration of the Program" means performing
<br />administrative functions on behalf of County programs, such as
<br />determining eligibility for, or enrollment in, and collecting context PII for
<br />such purposes, to the extent such activities are authorized by law.
<br />b. "Breach" refers to actual loss, loss of control, compromise, unauthorized
<br />disclosure, unauthorized acquisition, unauthorized access, or any similar
<br />term referring to situations where persons other than authorized users and
<br />for other than authorized purposes have access or potential access to
<br />context PII, whether electronic, paper, verbal, or recorded.
<br />c. "Contractor" means those contractors, subcontractors, vendors and
<br />agents of the County performing any functions for the County that require
<br />access to and/or use of PII and that are authorized by the County to
<br />access and use PII.
<br />d. "Personally Identifiable Information" or "Pill" is personally identifiable
<br />information that can be used alone, or in conjunction with any other
<br />reasonably available information, to identify a specific individual. PII
<br />includes, but is not limited to, an individual's name, social security number,
<br />driver's license number, identification number, biometric records, date of
<br />birth, place of birth, or mother's maiden name. PII may be electronic,
<br />paper, verbal, or recorded.
<br />e. "Security Incident" means the attempted or successful unauthorized
<br />access, use, disclosure, modification, or destruction of PII, or interference
<br />with system operations in an information system which processes PII that
<br />is under the control of the County or County's Statewide Automated
<br />Welfare System (SAWS) Consortium, or under the control of a contractor,
<br />subcontractor or vendor of the County, on behalf of the County.
<br />f. "Secure Areas" means any area where:
<br />Template Version Date —August 26, 2016
<br />Page 5
<br />22
<br />
|