Laserfiche WebLink
ATTACHMENT H: DOL PRIVACY AND DATA SECURITY REQUIREMENTS <br />Department of Licensing Page 32 of 36 Contract No. K9319 <br />1. DEFINITIONS <br />As used throughout this Contract, the following terms shall have the meanings set forth below. Most <br />terms used throughout this Contract are defined in RCWs 46.22.010, 46.04.652, 46.04.209, and <br />46.04.1615, and applicable WAC. If there is a conflict between the definitions in this Contract and <br />definitions appearing in the RCW or WAC, the RCW or WAC will take precedence. <br />a) “Data Breach” means an unauthorized acquisition, loss of control or exposure to an unauthorized <br />person or business, or Misuse of Personal Information. Ransomware and unauthorized <br />Offshoring of Personal Information are included in this definition. <br />b) “Incident” means an event that confirms, or is reasonably thought to be, the unauthorized access <br />to, or Misuse of, Personal Information. Ransomware attacks are included in this definition. <br />c) “Misuse” means the access, disclosure or use of Personal Information without the express, <br />written authorization from DOL in a data sharing Contract. “Misuse” also includes a violation of <br />any privacy requirement outlined this Contract. <br />d) “Offshoring” means the electronic or hardcopy transmission, accessing, viewing, capturing <br />images, storage, or processing of Personal Information outside the United States. <br /> <br />2. CATEGORIZATION OF DATA <br />The classification of the Data collected and shared under this Agreement includes Category 3 – <br />Confidential Information Requiring Special Handling. This category of data is also known as ‘Protected <br />Personal Information’, ‘Personally Identifiable Information (PII)’ and/or ‘Personal Information’. <br />3. INCIDENT OR DATA BREACH NOTIFICATION <br />Contractor must notify DOL when it reasonably believes an Incident or Data Breach has occurred, <br />including Incidents and Data Breaches involving a Subcontractor providing services under this Contract <br />at each of the following: <br /> <br /> DOL Help Desk, phone: (360) 902-0111, <br />DOL Contract Manager, phone: (360) 902-3917, and <br />DOL Event Management, email: DOLEventMgmt@dol.wa.gov <br />In addition to the above requirement to notify DOL, Contractor must also comply with all <br />applicable laws that require the notification of individuals as required by RCW 19.255.010, or <br />other law as applicable. Contractor must cooperate with DOL to notify individuals as determined <br />by DOL or other legal authority. <br />Contractor must disclose the Incident or Data Breach to DOL prior to any notification to the public. <br />Contractor is responsible for all costs, including, but not limited to, notification and credit monitoring <br />costs resulting from an Incident or Breach. This includes DOL’s costs for responding to the Incident <br />or Breach. <br />For purposes of this provision, unauthorized disclosure includes the disclosure to any employees or <br />subcontractor of Contractor who do not have a direct business need to access the Personal <br />Information. <br />4. INCIDENT OR BREACH RESPONSE <br />When Personal Information is involved in a Data Breach or Incident, the Contractor has a duty to <br />cooperate with DOL’s investigation, as a routine part of DOL’s incident response plan. In response to <br />any Incident or Data Breach, Contractor must: <br />a. Participate in the exchange of information related to the Incident or Data Breach, <br />b. Cooperate in the investigation of an Incident or Data Breach, and <br />c. Make personnel available to participate in DOL’s incident response team. <br />Docusign Envelope ID: 4798BD77-1E90-44A1-9098-432C0EDF7393