SAFEGUARDING AND REPORTING Sample Clauses

SAFEGUARDING AND REPORTING. RESPONSIBILITIES FOR PERSONALLY IDENTIFIABLE INFORMATION (“PII”): 1. The State will ensure that the employees, contractors, and agents of each State Agency receiving or accessing SSA data under this IEA: a. properly safeguard PII furnished by SSA under this IEA from loss, theft, or inadvertent disclosure; b. understand that they are responsible for safeguarding this information at all times, regardless of whether or not the State employee, contractor, or agent is at his or her regular duty station; c. ensure that laptops and other electronic devices/media containing PII are encrypted and/or password protected; d. send emails containing PII only if encrypted or if to and from addresses that are secure; and e. limit disclosure of the information and details relating to a PII loss only to those with a need to know. 2. If an employee of a State Agency or an employee of a State Agency’s contractor or agent becomes aware of suspected or actual loss of PII, he or she must immediately contact the State official responsible for Systems Security designated below or his or her delegate. That State official or delegate must then notify the SSA Regional Office Contact and the SSA Systems Security Contact identified below. If, for any reason, the responsible State official or delegate is unable to notify the SSA Regional Office or the SSA Systems Security Contact within 1 hour, the responsible State Agency official or delegate must report the incident by contacting SSA’s National Network Service Center at ▇-▇▇▇-▇▇▇-▇▇▇▇. The responsible State official or delegate will use the worksheet, attached as Attachment 6, to quickly gather and organize information about the incident. The responsible State official or delegate must provide to SSA timely updates as any additional information about the loss of PII becomes available. 3. SSA will make the necessary contact within SSA to file a formal report in accordance with SSA procedures. SSA will notify the Department of Homeland Security’s United States Computer Emergency Readiness Team if loss or potential loss of PII related to a data exchange under this IEA occurs. 4. If the State, or any of its State Agencies under this IEA, experiences a loss or breach of data, the State will determine whether or not to provide notice to individuals whose data has been lost or breached and bear any costs associated with the notice or any mitigation.