|
Page 9
<br />20.1. Definitions
<br />Personally Identifiable Information (PII), or Sensitive Personal Information (SPI), as used in
<br />Federal information security and privacy laws, is information that can be used on its own or with
<br />other information to identify, contact, or locate a single person, or to identify an individual in
<br />context. PII may only be used to assist in the administration of programs in accordance with 45
<br />C.F.R. § 205.40, et seq. and California Welfare & Institutions Code section 10850.
<br />a.means performing administrative functions
<br />on behalf of County programs, such as determining eligibility for, or enrollment in, and collecting
<br />context PII for such purposes, to the extent such activities are authorized by law.
<br />b.refers to actual loss, loss of control, compromise, unauthorized disclosure,
<br />unauthorized acquisition, unauthorized access, or any similar term referring to situations where
<br />persons other than authorized users and for other than authorized purposes have access or
<br />potential access to context PII, whether electronic, paper, verbal, or recorded.
<br />c. means those contractors, subcontractors, vendors and agents of the County
<br />performing any functions for the County that require access to and/or use of PII and that are
<br />authorized by the County to access and use PII.
<br />d.is personally identifiable information that can
<br />be used alone, or in conjunction with any other reasonably available information, to identify a
<br />specific individual. PII includes, but is not limited to, an individual's name, social security
<br />number, driver's license number, identification number, biometric records, date of birth, place of
<br />birth, or name. PII may be electronic, paper, verbal, or recorded.
<br />e.means the attempted or successful unauthorized access, use,
<br />disclosure, modification, or destruction of PII, or interference with system operations in an
<br />information system which processes PII that is under the control of
<br />Statewide Automated Welfare System (SAWS) Consortium, or under the control of a contractor,
<br />subcontractor or vendor of the County, on behalf of the County.
<br />Secure Areas
<br />i. Contractors administer or assist in the administration of County programs; ii. PII is used
<br />or disclosed; or
<br />iii. PII is stored in paper or electronic format.
<br />20.2. Restrictions on Contractor re Use and Disclosure of PII
<br />a. Contractor agrees to use or disclose PII only as permitted in this Agreement and only to
<br />assist in the administration of programs in accordance with 45 CFR § 205.50,et seq. and
<br />California Welfare & Institutions Code section 10850 or as otherwise authorized or required by
<br />law. Disclosures, when authorized or required by law, such as in response to a court order, or
<br />when made upon the explicit written authorization of the individual, who is the subject of the PII,
<br />are allowable. Any other use or disclosure of PII requires the express approval in writing by the
<br />County. No Contractor shall duplicate, disseminate or disclose PII except as allowed in this
<br />Agreement.
<br />authorized by the County to access and use PII.authorized by the County to access and use PII.
<br />is personally is personally identifiable informationidentifiable information
<br />ATTY/AGR/2025.134/ CORE SERVICE AGENCY CONTRACT (SMC AND RWC)
<br />REV: 06-04-25 VR Page 9 of 48
<br />6.L. - Page 12 of 51
<br />109
|