The URL can be used to link to this page

Home My WebLink About15-144 - WA. State Dept. of Licensing - Driver and Plate Search (DAPS)DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 15 -144 Council Approval N/A Revised 10-21 -2014 B6Siiit ra Stiff OfFAifilEN1 Of C' LICENSING DRIVER AND PLATE SEARCH (DAPS) USE AND DISCLOSURE CONTRACT TUKWILA POLICE DEPARTMENT DOL Contract No. K5332 DOL Account No. 911069 • New L Renewal This Contract is made and entered into between DOL and the Contractor listed below. Hereinafter referred to as the "Contractor "or "USER ". By signing this Contract, Contractor acknowledges that they read and reviewed this Contract in its entirety with all employees who will have access to DAPS. Contractor understands and agrees to comply with all Terms and Conditions, Attachments and documents of the Contract contained herein or incorporated by reference, which are located at httn: //www. dot. wa. nov/ vehiclereaistration /extemaldaps.html . Upon execution, this Contract sets forth in full all Terms and Conditions and cancels and supersedes any previous DAPS Contract(s), including Attachments. Contract Start'Date: Date; of, execution iContract End Date May'31 2020 .,. ContractrAmountr" - 4• Non- Financlal' . _ Purpose (brief description) Provide access to Driver And Plate Search (DAPS), and the use of the information contained in the records obtained. -•Contractor coritactiinformation. Contractor Name Tukwila Police Department Contractor dba N/A Contractor Address 6200 Southcenter Blvd Tukwila WA 98188 Contractor Uniform Business Identifier (UBI) N/A Contractor Employment Identification Number(EIN) N/A Contractor Contact Jeff Richards Contractor Contact Telephone 206 -433 -1808 Contractor Fax 206 - 244 -6181 Contractor E -Mail Address , jric hards(tukwila .w a.us DprmentlOfLlcersl g(DOLcontct,tfrnatlon y a o . Administration Data Licensing Contracts Unit Division Programs and Services Contract Manager Debbie Dunn DOL Contact Address Post Office Box 2076 Olympia WA, 98507 -2076 DOL Contract Manager Telephone 360 - 902 -0136 DOL Contract Manager Fax 360- 570 -4943 DOL Contract Manager E-Mail DDunnpdol.wa.gov 'Authority y - _ _ _ - ._ ..... :.. ' _ Revised Code Washington (RCW) chapters RCW 39.34, 42.56, 46.12, 46.52 and Washington Administrative Code (WAC) 308 -10 and Chapter 18 USC Sec. 2721 -2725 Driver Privacy Protection Act (DPPA) or other applicable laws as currently written or hereafter amended. Attachments- _ The following documents and Attachments are available online at http:// www. dol. wa. gov/ vehicleregistration /externaldaps.html and are incorporated herein and /or by reference: El General Terms and Conditions (required reading and compliance) 0 Agency Access Request (420 -201) (retum to DOL with signed Contract) CI Employee Access/Change Request (420 -205) (retum to DOL with signed Contract) ® Data Security Requirements (required reading and compliance) Destruction of Data (for completion and return to DOL upon expiration or termination of Contract) IN WITNESS WHEREOF, the parties hereby acknowledge and accept the terms and conditions of this Contract which is executed by the persons signing below that warrant they have the authority to execute it on behalf of DOL and the Contractor. This Contract shall be binding on DOL only upon signature by DOL. Contractor signature Date Signed :4110 v Q.02. 6 lialligliftd by: Date Signed �� 3/10/2015 `%e%f T contractor name and title /e(& 2/2's amemii`d`d 4bt.44" I "' Melissa Cox Manager DOL Contract Office DAPS Use and Disclosure Contract Page 1 of 4 i 01- I ea z a 2/8/2015 DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 Revised 10-21 -2014 DRIVER AND PLATE SEARCH (DAPS) CONTRACT USES AND DISCLOSURES 1. SCOPE DOL provides the application in a browser environment and is available for search queries 24 hours a day, except during system maintenance as needed. NOTE: regarding the updating of information: a. Vehicle responses received may contain information that has not been updated for up to 48 hours. b. Driver responses received may contain information that has not been updated for up to 24 hours. DOL shall disclose vehicle and driver record information for inspection by USER over a secure Internet connection using DOL's DAPS application. Access to DAPS is for secure use by Contractor and employees only. 2. USE OF DATA Contractor agrees that the use and disclosure of Data provided will be limited to the following: a. Only for the limited purposes of carrying out activities pursuant to this Contract as described in USER'S Agency Access Request (420 -201) submitted prior to issuance of this Contract and incorporated by reference herein. b. (When Applicable) The use of this information as necessary for the Title IV -D of the Social Security Act: Child Support Enforcement Program purposes only. Access will permit the Contractor's authorized staff (registered USERS) and their Prosecuting Attorneys, Title IV -D Contract Attorneys, and /or the Attorney General to obtain information to be used exclusively to accomplish their official child support program related job functions under the Title IV -D of the Social Security Act. Attorneys representing the State of Washington and their authorized staff may, as part of their official duties, file information obtained within the scope of this Contract into an official court record and are authorized to re- disclose for the Title IV -D purposes only. c. For use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self- regulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and orders, or pursuant to an order of a Federal, State, or local court. d. (NOTE) • DAPS does not provide the optional mailing address for a registered owner(s) of the vehicle record. The optional mailing is used to mail notifications to the registered owner(s) of vehicles. DAPS only displays the primary residence address, which is not always the address used for notifications to customers and may be different from the optional mailing address. • DAPS is not intended to be used by courts or govemment agencies having jurisdiction over standing, stopping, parking violations or other infractions, e.g. automated traffic safety cameras, or automated school bus safety cameras to notify the registered owner(s) of a vehicle related to RCW 46.16A.120. To do so may result in the notification not being delivered to the intended recipient, and is at the risk of the Contractor, not DOL. • DOL will not be liable for any inaccuracy that may occur with the information obtained from the vehicle record. Contractor assumes all liabilities for how information is used and with any notifications made to the registered owner(s) of a vehicle using information obtained from the DAPS system. 3. CONTRACTOR RESPONSIBILITY Contractor Shall: a. Read and comply with all applicable laws and statutes, the entire Contract, all terms and conditions, and all required online documents. The following documents are available online at DAPS Use and Disclosure Contract Page 2 of 4 2/6/2015 DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 Revised 10-21 -2014 b. http: / /www.dol.wa. qov/ vehiclereaistration /externaldaps.html and are incorporated herein and /or by reference: • Attachment A, General Terms and Conditions (required reading and compliance); • Attachment B, Agency Access Request (420 -201) (required to be completed and retum to DOL with signed Contract); • Attachment C, Employee Access /Change Request (420 -205) (required to be completed and return to DOL with signed Contract); • Attachment D, Data Security Requirements (required reading and compliance); • Attachment E, Destruction of Data (for completion and return to DOL upon expiration or termination of Contract). b. Take all steps necessary to ensure the application is accessible and used only by authorized personnel to accomplish their official job functions. c. Require each employee accessing the DAPS application to register with SecureAccess Washington (SAW). d. Have the ability and is responsible to cancel each Users SAW account. e. Ensure that information will not be shared, duplicated, or re- disclosed. f. Obtain necessary forms (numbers 420 -201, 420 -205) from the DAPS website at http://www.dol.wa.gov/vehiclerepistration/externaldaDS.html. Notify DOL in writing of employees who are eligible for access to the DAPS system using the DAPS Employee Access/Change Request (420 -205) form incorporated herein by reference. h. Be responsible to immediately notify DOL in writing of any changes to the access eligibility by using the DAPS Employee Access/Change Request (420 -205) form incorporated herein by reference. Update and submit to DOL annually for accuracy and accountability for continued access to DAPS. i. Ensure the Contractor, employees, and agents will maintain the confidentiality of vehicle and driver records by: • protecting their account numbers and passwords; • regularly changing passwords, by instructing users to change their password every 90 days, as recommended for security enhancement and by using hard to guess passwords; particularly when there are changes in personnel; • instituting penalties for misuse of data; and • ensuring that employees are familiar with the provisions of this Contract. With a written request to DOL, USER may be allowed to obtain hard copies of records, as authorized in RCW 46.12.635, RCW 46.52.120 and RCW 46.52.130. 4. PROHIBITED USE OF DATA Contractor Shall a. Ensure that information will not be shared, duplicated, or re- disclosed. b. Not use any information for personal purposes and /or benefit. Any use of the application by persons other than employees of the USER or for purposes other than to accomplish the USER's official job functions is grounds for immediate termination of this Contract as provided herein. c. Not sell or otherwise distribute any vehicle or driver record information, e.g. name, addresses, driver license number, social security number, etc. All exceptions to the above must be pre- approved in writing by the Director of DOL, or the Director's designee, setting out any limitations or conditions to which the approval is subject. Such written approval must be granted by the DOL prior to the requested use of, or release of, the information that is subject to the exception. g. DAPS Use and Disclosure Contract Page 3 of 4 2/6/2015 DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 Revised 10-21 -2014 5. PROGRAM SUPPORT COMMUNICATIONS All program support communications from the USERs to DOL shall be directed through the DOL Client Support, for contact information. The office contact for the USER shall be the primary contact for all communications regarding: • Installation and operations of DAPS; • Registration process with SecureAccess Washington; • Troubleshooting issues or problems that occur; • User acceptance testing for system updates; • Law enforcement questions; • Processes for modifying, adding, terminating employees from Employee Access /Change Request and /or general questions; • Notification of system maintenance. The Program Support for DOL is: Department of Licensing Data Licensing Contracts Unit PO Box 2076 Olympia, WA 98507 -2076 Phone: 360 - 902 -3708 FAX: 360 - 570 -4943 E -Mail: dapscomm @dol.wa.gov Mon -Fri. 8:OOam to 5:OOpm 6. DATA CLASSIFICATION DECLARATION Data described in this data sharing Contract is assessed to be in the following data classification: Confidential Information Requiring Special Handling Confidential information requiring special handling is information that is specifically protected from disclosure by law and for which: a. Especially strict handling requirements are dictated, such as by statutes, regulations, or Contracts. b. Serious consequences could arise from unauthorized disclosure, such as threats to health and safety, or legal sanctions. 7. ACCESS TO DATA Method of Access Transfer The data shall be provided by DOL using SecureAccess Washington. Frequency of Data Exchange Repetitive: Continual as needed basis. Authorized Access to Data Access to "Confidential" information is limited to individual agency staff and business partners who are specifically authorized and who have a business need -to -know. As required by state law and federal law. DSHS will receive Social Security Number data for the purpose of child support enforcement completion of form (420 -206), available upon request. (See RCW 26.23.150 and 26.23.120) 8. DATA DISPOSITION Using the Attachment D, Data Security Requirements, the Contractor shall comply with destruction of all Data sets as described herein upon expiration or termination of this Contract, and shall retain no copies. Data shall be destroyed so it cannot be recovered in any way. Contractor shall submit a completed Attachment E, Destruction of Data, within fifteen (15) days of contract completion or termination. If the Contractor is a govemment agency, and is exempt from the requirements of this section by statutes, and the parties have mutually determined that return or destruction is not feasible. Contractor shall adhere to its required retention schedule. DAPS Use and Disclosure Contract Page 4 of 4 2/6/2015 DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 REVISED 10 -2 -2013 DAPS USE AND DISCLOSURE CONTRACT ATTACHMENT A GENERAL TERMS AND CONDITIONS In consideration of the DAPS Use and Disclosure Contract, these General Terms and Conditions contained herein are incorporated by reference, and the parties agree as follows: 1. DEFINITIONS As used throughout this Contract, the following terms shall have the meanings set forth below: 1.1 Access shall mean the way Vehicle /Driver record information is requested or retrieved by the Contractor or authorized User and shall include but not be limited to the use of DAPS, email, FAX, and phone requests. 1.2 Acknowledgment shall mean the Contractor has read this Contract in its entirety and is agreeing to comply with all contractual requirements, obligations and responsibilities contained in this Contract and all incorporated documents either attached or available online. 1.3 Confidential Information means information that may be exempt from disclosure to the public or other unauthorized persons under either chapter 42.56 RCW or other state or federal statutes and data defined as more sensitive than "public" and requires security protection. Confidential Information includes, but is not limited to, vehicle legal owner, social security numbers, credit card information, driver license numbers, Personal Information, law enforcement records, agency security data, and banking profiles. (Note: the 5 digit zip is not considered confidential) 1.4 Contractor means the primary agency, firm, provider, organization, individual, agent and /or other entity performing services or accessing the DAPS data system under this Contract. 1.5 Data means information contained in the vehicle and driver records provided to Contractor under this Contract via DAPS. 1.6 Individually Identifiable Health Information is a subset of health information, including demographic information collected from an individual and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual, as set forth in 45 CFR E 164.501 as currently enacted and subsequently amended or revised. 1.7 Legal Owner means the following information to include name, address, city, state, and excludes the five (5) digit zip code of the party listed as legal owner of a vehicle. 1.8 Notification shall include but may not be limited to USPS, email, Fax, and FedEx. 1.9 Personal Information means information identifiable to any person, including, but not limited to information that relates to a person's name, health, finances, education, business, use or receipt of governmental services or other activities, addresses, telephone numbers, social security numbers, driver license numbers, e-mail addresses, credit card information, law enforcement records or other identifying numbers or Protected Health Information, any financial identifiers, and other information that may be exempt from disclosure to the public or other unauthorized persons under either RCW 42.56.360, 42.56 RCW, or other state and federal statutes. 1.10 Protected Health Information means Individually Identifiable Health Information that is transmitted by electronic media, or transmitted or maintained in any other form or medium, as set forth in 45 CFR § 164.501, as currently enacted and subsequently amended or revised. 1.11 SecureAccess Washington (SAW) means SecureAccess Washington (No Fee), and is a single sign -on application gateway created by Washington State's Department of Enterprise Services and allows Internet access to multiple online government services with the use of a unique single self- generated User -ID and password. DAPS Use and Disclosure Contract, Attachment A, General Terms and Conditions Page 1 of 4 DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 REVISED 10 -2 -2013 1.12 Subcontractor means one not in the employment of a party to this Contract, who is performing all or part of those services under this contract under a separate contract with a party to this Contract. The terms "subcontractor" and "subcontractors" mean subcontractor(s) in any tier. 1.13 USER means the Contractor, the Contractor employee(s) or agent(s) or authorized entity performing on behalf of the primary Contractor and who will access the DAPS data system. 2. STATEMENT OF WORK The parties to this Contract shall fumish the necessary personnel, equipment, material and /or service(s) and otherwise do all things necessary for, or incidental to, the exchange of data as set forth in the: • Attachment A, General Terms and Conditions; • Attachment B, Agency Access Request (420 -201); • Attachment C, Employee Access /Change Request (420 -205); • Attachment D, Data Security Requirements, which are incorporated herein by reference. 3. PERIOD OF PERFORMANCE This Contract may be extended for periods of up to one (1) to five (5) years in duration each for a maximum Period of Performance not to exceed fifteen (15) years and is at the exclusive option of the DOL and shall be affected by the DOL giving written notice of extension or renewal to Contractor prior to expiration as provided herein. Prior to an extension or renewal being issued, the Contractor must submit a new DAPS Agency Access Request (form 420 -201). To assist DOL in maintaining a current account of USERS, the Contractor must submit a new DAPS Employee Access /Change Request (form 420 -205) yearly and upon request. 4. ALTERATIONS AND AMENDMENTS This Contract may be amended by mutual Contract of the parties. Such amendments shall not be binding unless they are in writing and signed by personnel authorized to bind each of the parties. 5. COMPENSATION This is a non - financial Contract. In no event shall either party seek compensation for work performed under this Contract. 6. RECORDS, DOCUMENTS The Contractor shall maintain books, records, documents and other evidence of data security procedures and practices. These records shall be subject at all reasonable times to inspection, review, or audit by personnel duly authorized by DOL, the Office of the State Auditor, and federal officials so authorized by law, rule, regulation, or Contract. The Contractor will retain all books, records, documents, and other materials relevant to this Contract for six (6) years after settlement, and make them available for inspection by persons authorized under this provision. The Contractor shall be responsible for any audit exceptions or disallowed costs incurred by the Contractor or any of its Subcontractors. 7. CONFIDENTIALITY The use or disclosure by any party of any information concerning the other party for any purpose not directly connected with the administration of responsibilities, with respect to services provided under this Contract, is prohibited except as otherwise required by law or by prior written consent of the other party. Each party shall maintain as confidential all information concerning study findings and recommendations, as well as the business of the other party, its financial affairs, and relations with its clientele and its employees, and any other information, which is specifically classified as Confidential Information by law. To the extent consistent with Washington State law, each party shall maintain all information, which the other party specifies in writing as Confidential Information. Each party shall have an appropriate Contract with its employees and subcontractors to this effect. DAPS Use and Disclosure Contract, Attachment A, General Terms and Conditions Page 2 of 4 DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 REVISED 10 -2 -2013 8. SAFEGUARDING OF CONFIDENTIAL INFORMATION Each Party shall not use or disclose Confidential Information in any manner that would constitute a violation of federal law or applicable provisions of Washington State law. Each Party agrees to comply with all federal and state laws and regulations, regarding data security and electronic data interchange of Confidential Information. Each party shall protect Confidential Information collected, used, or acquired in connection with this Contract, against unauthorized use, disclosure, modification or loss. Each party shall ensure their directors, officers, employees, subcontractors or agents use it solely for the purposes of accomplishing the services set forth in this Contract. Each party and its Subcontractors agree not to release, divulge, print, publish, transfer, sell or otherwise make it known to unauthorized persons without the express written consent of the other party or as otherwise authorized by law (i.e. in response to a court order or subpoenas). Each party agrees to implement physical, electronic, and managerial policies, procedures, and safeguards to prevent unauthorized access, use, or disclosure. "USER" shall make the Personal Information available to amend as directed by DOL and incorporate any amendments into all the copies maintained by "USER" or its Subcontractors. USER shall notify DOL immediately of becoming aware of any unauthorized access, use or disclosure. Any breach of this clause may result in termination of the Contract, suspension of on -line access accounts, and the demand for return of all confidential information. 9. RIGHTS IN DATA Unless otherwise provided, data, which originates from this Contract shall be "works for hire" as defined by the U.S. Copyright Act of 1976 and shall be owned by the DOL. Data shall include, but not be limited to, reports, documents, pamphlets, advertisements, books, magazines, surveys, studies, computer programs, films, tapes, and /or sound reproductions. Ownership includes the right to copyright, patent, register, and the ability to transfer these rights. 10. SECURITY OF DATA Contractor agrees to comply with the Attachment D, DOL Data Security Requirements for the duration of the Contract as described herein. Each party shall take due care to protect the shared data from unauthorized physical and electronic access as described in this Contract. SecureAccess Washington (SAW) is considered to have this strong authentication mechanism. SAW adds an additional layer of protection to DAPS data available via the Internet. 11. INDEPENDENT CAPACITY The employees or agents of each party who are engaged in the performance of this Contract shall continue to be employees or agents of that party and shall not be considered for any purpose to be employees or agents of the other party. 12. SUBCONTRACTING With prior written consent, either party may enter into subcontracts for any of the work or services contemplated under this Contract. Consent shall not be unreasonably withheld. This clause does not include contracts of employment between a party and personnel assigned to work under this Contract. Each party is responsible for ensuring that all terms, conditions, assurances and certifications set forth in this Contract are carried forward to any subcontracts. 13. TERMINATION FOR CONVENIENCE Either party may terminate this Contract upon 30 days prior written notification to the other party. If this Contract is so terminated, the parties shall be liable only for performance rendered or costs incurred in accordance with the terms of this Contract prior to the effective date of termination. 14. TERMINATION OF ACCESS Each party may at its discretion disqualify an individual authorized by the other party from gaining access to data in the DAPS system. Notice of termination of access will be by written notice and become effective upon receipt by the other party. Termination of access of one individual by either party does not affect other individuals authorized under this Contract. 15. DISPUTES In the event that a dispute arises under this Contract, a Dispute Board shall determine it in the following manner: Each party to this Contract shall appoint one member to the Dispute Board The members so appointed shall jointly appoint an additional member to the Dispute Board. DAPS Use and Disclosure Contract, Attachment A, General Terms and Conditions Page 3 of 4 DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 REVISED 10 -2 -2013 The Dispute Board shall review the facts, Contract terms and applicable statutes and rules and make a determination of the dispute. The determination of the Dispute Board shall be final and binding on the parties hereto. 16. GOVERNANCE This Contract shall be construed and interpreted in accordance with the laws of the state of Washington and the venue of any action brought hereunder shall be in the Superior Court for Thurston County. 17. ORDER OF PRECEDENCE This Contract is entered into pursuant to and under the authority granted by the laws of the state of Washington, and any applicable federal laws. The provisions of this Contract shall be construed to conform to those laws. In the event of an inconsistency in the terms of this Contract, or between its terms and any applicable statute or rule, the inconsistency shall be resolved by giving precedence in the following order: 1. Applicable state and federal statutes and rules; 2. Interagency Driver And Plate Search (DAPS) Contract Uses and Disclosures; 3. Attachment A, General Terms and Conditions (required reading and compliance); 4. Attachment B, Agency Access Request (420 -201), to be completed and returned to DOL with signed Contract; 5. Attachment C, Employee Access /Change Request (420 -205) (to be completed and returned to DOL with signed Contract); 6. Attachment D, Data Security Requirement (required reading and compliance), and any other provisions of the Contract, including materials incorporated by reference. 18. ASSIGNMENT The ability of the Contractor to obtain data pursuant to this Contract shall not be assigned or delegated in whole or in part, except as expressly provided by this Contract or by the express prior written consent of DOL. 19. WAIVER A failure by either party to exercise its rights under this Contract shall not preclude that party from subsequent exercise of such rights and shall not constitute a waiver of any other rights under this Contract unless stated to be such in a writing signed by an authorized representative of the party and attached to the original Contract. 20. SEVERABILITY If any term or condition of this Contract is held invalid, such, invalidity shall not affect the validity of the other terms or conditions of this Contract. 21. INDEMNIFICATION Each party to this Contract shall be responsible for its own acts and /or omissions and those of its officers, employees and agents. No party to this Contract shall be responsible for the acts and /or omissions of entities or individuals not a party to this Contract. 22. RIGHTS OF INSPECTION Each party shall provide right of access to the other party, or any of its officers, or to any other authorized agent or official of the state of Washington or the federal govemment at all reasonable times, in order to monitor and evaluate performance, compliance, and /or quality assurance of internal policies and procedures, and /or records relating to the safeguarding, use, and disclosure of Confidential Information obtained or used as a result of this Contract. Each party shall make available information necessary for the other party to comply with an individual's right to access, amend, and receive an accounting of disclosures of their Confidential Information. 23. CONTRACT MANAGEMENT The Contract Manager for each of the parties shall be responsible for and shall be the contact person for all communications and billings regarding the performance of this Contract located on page one (1) of the DAPS Use and Disclosure. DAPS Use and Disclosure Contract, Attachment A, General Terms and Conditions Page 4 of 4 DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 Revised 9 -11 -2013 DAPS USE AND DISCLOSURE CONTRACT ATTACHMENT D DATA SECURITY REQUIREMENTS FOR WEB -BASED ACCESS 1. Computer Security Contractor shall maintain the computers that access DOL data by ensuring the operating system and software are updated and patched, such that they remain secure from known vulnerabilities as declared by security notifications (e.g., US -CERT, SANS, Microsoft). Contractor further agrees that the computer device(s) are installed with an Anti -Virus solution and signatures updated regularly. 2. Data Security Contractor shall preserve the confidentiality, integrity and accessibility of DOL data with administrative, technical and physical measures that conform to generally recognized industry standards and best practices. 3. Data Storage Contractor shall ensure any and all DOL data will be stored, processed, and maintained solely on DOL designated systems and that no DOL data at any time will be processed on or transferred to any other computing device or storage medium. 4. Data Transmission Contractor shall ensure any and all electronic transmission or exchange of system and application data with DOL will be conducted via a secure solution (e.g., HTTPS, SFT, or equivalent). 5. Distribution of Data Contractor shall ensure no DOL data of any kind shall be transmitted, exchanged or otherwise passed to other contractors /vendors or interested parties except on a case -by -case basis as specifically agreed to in writing by DOL. Contractor further agrees not to provide screen prints outside their control. Any screen print must be disposed of as referenced in the next section, Destruction of Data. 6. Destruction of Data Contractor shall, upon termination of this Contract, erase, destroy, and render unrecoverable all DOL data and certify in writing using the Attachment E, Destruction of Data (located online at http:// www. dol. wa. gov/ vehicleregistration /externaldaps.html) that these actions have been completed within thirty (30) days of the termination of this Contract or within seven (7) days of the request of an agent of DOL, whichever shall come first. At a minimum, media sanitization is to be performed according to the standards enumerated by the National Institute of Standards and Technology (NIST), Guidelines for Media Sanitization, SP 800 -88, Appendix A, http: / /csrc.nist.gov /. If the Contractor is a govemment agency, and is exempt from the requirements of this section by statutes, and the parties have mutually determined that return or destruction is not feasible. Contractor shall adhere to its required retention schedule. 7. Security Breach Notification Contractor shall comply with all applicable laws that require the notification of individuals in the event of unauthorized release of DOL data or other event requiring notification. In the event of a breach of any of the Contractor's security obligations, or other event requiring notification under applicable law, Contractor agrees to the following: a) Notify by telephone and e-mail of such an event within 24 hours of discovery: DOL Help Desk, phone: (360) 902 -0111; email: hlbhelpeldol.wa.gov b) Indemnify, hold harmless and defend DOL and its trustees, officers, and employees from and against any claims, damages, or other harm related to such notification event. c) Mitigate the risk of loss and comply with any notification or other requirements imposed by law and implement any reasonable requirements from DOL that will mitigate future risk of loss. 8. Access to Data Access to the data will be restricted to authorized users by requiring a login using a unique user ID and complex password or other authentication mechanism which provides equal or greater security. Further, passwords must be changed on a periodic basis. The sharing of user ID accounts and passwords is strictly prohibited. DAPS Use and Disclosure Contract, Page 1 of 1 Attachment D, Data Security Requirements DocuSign Envelope ID: E0B3D4C5- 9003- 4A18- A350- 475309BE8BB1 Revised 10 -2 -2013 DAPS USE AND DISCLOSURE CONTRACT ATTACHMENT E DESTRUCTION OF DATA Date of Destruction Upon expiration or termination of this Contract, complete and return this form to: Fax: 360-570-4943 or Email: DAPSCOMMt''dal.wa.aov. ® CHECK ALL THAT APPLY ❑ All copies of any data sets related to this Contract have been deleted from all data storage systems and media so it cannot be recovered in any way. ❑ All on -line access accounts related to this Contract have been deleted. ❑ All printed and hard copy materials and all computer media containing any data related to this Contract have been destroyed so it cannot be recovered in any way. ❑ All copies of any data sets related to this Contract shall be retained for purposes stated herein for a period of time not to exceed e.g., one year, etc. , after which all data shall be destroyed so it cannot be recovered in any way. ❑ The parties have mutually determined that return or destruction is not feasible, and mutual determination is outlined in the attached MOU. Contractor agrees to only use the Confidential Information as authorized herein and by state and federal laws. ❑ Contractor is a government agency and shall adhere to it required retention schedule. 1 hereby certify, by signing below, the destruction of data as required in the DAPS Use and Disclosure Contract and Attachment D, Data Security Requirements, have been completed and all data is destroyed as indicated above. (Account Number) (Contractor Name) (Signature) (Date) (Print Name) (Title) (Area Code & Phone Number) DAPS Use and Disclosure Contract, Page 1 of 1 Attachment E, Destruction of Data