Laserfiche WebLink
Agency DSA 22-01 <br />DSA Agreement between Agency and SAO <br />Agency DSA: 22-01 <br />Agency staff shall not disclose, in whole or in part, the confidential data provided by SAO to any <br />individual or agency, unless this Agreement specifically authorizes the disclosure. Confidential <br />data may be disclosed only to persons and entities that have the need to use the data to achieve <br />the stated purposes of this Agreement. In the event of a public disclosure request for the SAO’s <br />data, Agency will notify the SAO <br />a.Agency shall not access or use the data for any commercial or personal purpose. <br />b.Any exceptions to these limitations must be approved in writing by SAO. <br />c.The Agency shall ensure that all staff with access to the data described in this Agreement <br />are aware of the use and disclosure requirements of this Agreement and will advise new <br />staff of the provisions of this Agreement. <br />12.DATA DISPOSAL <br />Upon request by the SAO or Agency, or at the end of the DSA term, or when no longer needed, <br />Confidential Information/Data must be returned or destroyed, except as required to be maintained <br />for compliance or accounting purposes. <br />13.INCIDENT NOTIFICATION AND RESPONSE <br />The compromise of Confidential Information or reasonable belief that confidential information <br />has been acquired and/or accessed by an unauthorized person that may be a breach that requires <br />timely notice to affected individuals under RCW 42.56.590 or any other applicable breach <br />notification law or rule must be reported to the [Agency contact]. <br />If the Receiving Party does not have full details about the incident, it will report what information <br />it has and provide full details within 15 business days of discovery. To the extent possible, these <br />initial reports must include at least: A. The nature of the unauthorized use or disclosure, including <br />a brief description of what happened, the date of the event(s), and the date of discovery; B. A <br />description of the types of information involved; C. The investigative and remedial actions the <br />Receiving Party or its Subcontractor took or will take to prevent and mitigate harmful effects and <br />protect against recurrence; D. Any details necessary for a determination of whether the incident is <br />a breach that requires notification under RCW 42.56.590, or any other applicable breach <br />notification law or rule. E. Any other information SAO or Agency reasonably requests. <br />14.OVERSIGHT <br />The SAO and Agency agree that they will have the right, at any time with reasonable notice, to <br />monitor, audit, and review activities and methods in implementing this Agreement in order to <br />assure compliance. <br />15.TERMINATION <br />Either party may terminate this Agreement with 30 days written notice to the other party’s <br />Agency Contact named on Page 1. However, once data is accessed by the SAO or Agency, this <br />Agreement is binding as to the confidentiality, use of the data, and disposition of all data received <br />as a result of access, unless otherwise amended by the mutual agreement of both parties.