DocuSign Envelope ID: 4F49ED83-A0E8-4535-BBB4-F1419D233380
<br />Agreement # P0307
<br />N. CONFIDENTIALITY AND SAFEGUARDING INFORMATION
<br />Each Party may have access to confidential information made available by the other. The
<br />provisions of the Florida Public Records Act, Chapter 119, F.S., and other applicable state and
<br />federal laws will govern disclosure of any confidential information received by the State of Florida.
<br />Grantee must implement procedures to ensure the appropriate protection and confidentiality of
<br />all data, files, and records involved with this Agreement.
<br />Except as necessary to fulfill the terms of this Agreement and with the permission of DEO, Grantee
<br />shall not divulge to third parties any confidential information obtained by Grantee or its agents,
<br />distributors, resellers, subcontractors, officers, or employees in the course of performing
<br />Agreement work, including, but not limited to, security procedures, business operations
<br />information, or commercial proprietary information in the possession of the State or DEO.
<br />Grantee shall not use or disclose any information concerning a recipient of services under this
<br />Agreement for any purpose in conformity with state and federal law or regulations except upon
<br />written consent of the recipient, or Recipients' responsible parent or guardian when authorized
<br />by law, if applicable.
<br />When Grantee has access to DEO's network and/or applications, in order to fulfill Grantee's
<br />obligations under this Agreement, Grantee shall abide by all applicable DEO Information
<br />Technology Security procedures and policies. Grantee (including its employees, subcontractors,
<br />agents, or any other individuals to whom Grantee exposes confidential information obtained
<br />under this Agreement), shall not store, or allow to be stored, any confidential information on any
<br />portable storage media (e.g., laptops, thumb drives, hard drives, etc.) or peripheral device with
<br />the capacity to hold information. Failure to strictly comply with this provision shall constitute a
<br />breach of Agreement.
<br />Grantee shall immediately notify DEO in writing when Grantee, its employees, agents, or
<br />representatives become aware of an inadvertent disclosure of DEO's unsecured confidential
<br />information in violation of the terms of this Agreement. Grantee shall report to DEO any Security
<br />Incidents of which it becomes aware, including incidents sub -contractors or agents reported to
<br />Grantee. For purposes of this Agreement, "Security Incident" means the attempted or successful
<br />unauthorized access, use, disclosure, modification, or destruction of DEO information in Grantee's
<br />possession or electronic interference with DEO operations; provided, however, that random
<br />attempts at access shall not be considered a security incident. Grantee shall make a report to
<br />DEO not more than seven business days after Grantee learns of such use or disclosure. Grantee's
<br />report shall identify, to the extent known: (i) the nature of the unauthorized use or disclosure, (ii)
<br />the confidential information used or disclosed, (iii) who made the unauthorized use or received
<br />the unauthorized disclosure, (iv) what Grantee has done or shall do to mitigate any detrimental
<br />effect of the unauthorized use or disclosure, and (v) what corrective action Grantee has taken or
<br />shall take to prevent future similar unauthorized use or disclosure. Grantee shall provide such
<br />other information, including a written report, as DEO's Information Security Manager requests.
<br />In the event of a breach of security concerning confidential personal information involved with
<br />this Agreement, Grantee shall comply with Section 501.171, F.S., as applicable. When notification
<br />to affected persons is required under this section of the statute, Grantee shall provide that
<br />Page 10 of 37
<br />Rev. 9/27/18
<br />
|