|
Template version date: February 22, 2017 Issued by: 1
<br />Attachment P
<br />Personally Identifiable Information
<br />Requirements for County Contractors, Subcontractors, Vendors and Agents
<br />I.Definitions
<br />Personally Identifiable Information (PII), or Sensitive Personal Information (SPI), as
<br />used in Federal information security and privacy laws, is information that can be
<br />used on its own or with other information to identify, contact, or locate a single
<br />person, or to identify an individual in context. PII may only be used to assist in the
<br />administration of programs in accordance with 45 C.F.R. § 205.40, et seq. and
<br />California Welfare & Institutions Code section 10850.
<br />a.“Assist in the Administration of the Program” means performing
<br />administrative functions on behalf of County programs, such as determining
<br />eligibility for, or enrollment in, and collecting context PII for such purposes, to the
<br />extent such activities are authorized by law.
<br />b.“Breach” refers to actual loss, loss of control, compromise, unauthorized
<br />disclosure, unauthorized acquisition, unauthorized access, or any similar term
<br />referring to situations where persons other than authorized users and for other
<br />than authorized purposes have access or potential access to context PII, whether
<br />electronic, paper, verbal, or recorded.
<br />c.“Contractor” means those contractors, subcontractors, vendors and agents of
<br />the County performing any functions for the County that require access to and/or
<br />use of PII and that are authorized by the County to access and use PII.
<br />d."Personally Identifiable Information” or “PII” is personally identifiable
<br />information that can be used alone, or in conjunction with any other reasonably
<br />available information, to identify a specific individual. PII includes, but is not
<br />limited to, an individual's name, social security number, driver's license number,
<br />identification number, biometric records, date of birth, place of birth, or mother’s
<br />maiden name. PII may be electronic, paper, verbal, or recorded.
<br />e.“Security Incident” means the attempted or successful unauthorized access,
<br />use, disclosure, modification, or destruction of PII, or interference with system
<br />operations in an information system which processes PII that is under the control
<br />of the County or County’s Statewide Automated Welfare System (SAWS)
<br />Consortium, or under the control of a contractor, subcontractor or vendor of the
<br />County, on behalf of the County.
<br />f.“Secure Areas” means any area where:
<br />i.Contractors administer or assist in the administration of County programs;
<br />ii.PII is used or disclosed; or
<br />iii.PII is stored in paper or electronic format.
<br />ATTY/AGR.2021.130/County of San Mateo (Page 24 of 31)
|