Laserfiche WebLink
DocuSign Envelope ID: 4F49ED83-A0E8-4535-BBB4-F1419D233380 <br />Agreement # P0307 <br />N. CONFIDENTIALITY AND SAFEGUARDING INFORMATION <br />Each Party may have access to confidential information made available by the other. The <br />provisions of the Florida Public Records Act, Chapter 119, F.S., and other applicable state and <br />federal laws will govern disclosure of any confidential information received by the State of Florida. <br />Grantee must implement procedures to ensure the appropriate protection and confidentiality of <br />all data, files, and records involved with this Agreement. <br />Except as necessary to fulfill the terms of this Agreement and with the permission of DEO, Grantee <br />shall not divulge to third parties any confidential information obtained by Grantee or its agents, <br />distributors, resellers, subcontractors, officers, or employees in the course of performing <br />Agreement work, including, but not limited to, security procedures, business operations <br />information, or commercial proprietary information in the possession of the State or DEO. <br />Grantee shall not use or disclose any information concerning a recipient of services under this <br />Agreement for any purpose in conformity with state and federal law or regulations except upon <br />written consent of the recipient, or Recipients' responsible parent or guardian when authorized <br />by law, if applicable. <br />When Grantee has access to DEO's network and/or applications, in order to fulfill Grantee's <br />obligations under this Agreement, Grantee shall abide by all applicable DEO Information <br />Technology Security procedures and policies. Grantee (including its employees, subcontractors, <br />agents, or any other individuals to whom Grantee exposes confidential information obtained <br />under this Agreement), shall not store, or allow to be stored, any confidential information on any <br />portable storage media (e.g., laptops, thumb drives, hard drives, etc.) or peripheral device with <br />the capacity to hold information. Failure to strictly comply with this provision shall constitute a <br />breach of Agreement. <br />Grantee shall immediately notify DEO in writing when Grantee, its employees, agents, or <br />representatives become aware of an inadvertent disclosure of DEO's unsecured confidential <br />information in violation of the terms of this Agreement. Grantee shall report to DEO any Security <br />Incidents of which it becomes aware, including incidents sub -contractors or agents reported to <br />Grantee. For purposes of this Agreement, "Security Incident" means the attempted or successful <br />unauthorized access, use, disclosure, modification, or destruction of DEO information in Grantee's <br />possession or electronic interference with DEO operations; provided, however, that random <br />attempts at access shall not be considered a security incident. Grantee shall make a report to <br />DEO not more than seven business days after Grantee learns of such use or disclosure. Grantee's <br />report shall identify, to the extent known: (i) the nature of the unauthorized use or disclosure, (ii) <br />the confidential information used or disclosed, (iii) who made the unauthorized use or received <br />the unauthorized disclosure, (iv) what Grantee has done or shall do to mitigate any detrimental <br />effect of the unauthorized use or disclosure, and (v) what corrective action Grantee has taken or <br />shall take to prevent future similar unauthorized use or disclosure. Grantee shall provide such <br />other information, including a written report, as DEO's Information Security Manager requests. <br />In the event of a breach of security concerning confidential personal information involved with <br />this Agreement, Grantee shall comply with Section 501.171, F.S., as applicable. When notification <br />to affected persons is required under this section of the statute, Grantee shall provide that <br />Page 10 of 37 <br />Rev. 9/27/18 <br />