Universal Data Sharing Agreement Between Michigan State Police and
Infrastructure Entities Located In Region 4 (West Michigan) & Region 10
(Southeast Michigan) To Establish A Regional Asset Management Pilot Program
Establish A Regional Asset Management Pilot Program
Data Sharing Agreement (“Agreement”)
is between participating entities within Region 4 (West Michigan) and
Region 10 (Southeast Michigan) and the State of Michigan, by and
through the Michigan Department of State Police, (together and with
other participating entities entering into this Agreement, “the
and individually, “a party”).
parties enter into this Agreement to establish a Regional Asset
Management Pilot Program (the “Pilot”)
to achieve the goals set forth in Executive
Directive No. 2017-1.
In this Pilot, entities within Region 4 (West Michigan) and Region
10 (Southeast Michigan) intend to identify existing data, assets,
attributes, and data needs within their regions that are
representative of assets statewide. A goal is to create a regional
structure for future implementation of data collection and evaluation
efforts. By its conclusion, participants in this Pilot will forward
recommendations on how the State of Michigan and its partners can
operationalize a statewide comprehensive asset management database
and system, including where an appropriate system should be housed
and the staffing needed to implement and manage the system.
and use of data can improve efficiency, policy making, emergency
operations procedures, and performance measures, as well as fuel
economic development and provide citizens greater access to engage
their government and make more informed decisions. Conversely, the
privacy of such data—in particular, Michigan’s infrastructure
assets and critical infrastructure data held by public and private
agencies—rests upon actions and agreements—like this one—to
protect such data from unintentional release, access, and
exploitation by institutional and non-institutional actors, including
foreign governments, terrorist organizations, and individual
consideration of the mutual promises, obligations, representations,
and assurances in this Agreement, the parties agree as follows:
The following definitions apply under this Agreement:
means public and private infrastructure assets pertaining to
transportation, water, sanitary and storm sewers, utilities,
energy, electricity, natural gas, information technology, emergency
preparedness systems, telecommunications, and broadband services
affecting or relating to the State of Michigan or its citizens,
including the physical and technological means that support such
means data about Assets,
under this Agreement. Covered
includes both real-time data and Derived
does not include data that was publicly available when received, or
thereafter became publicly available (other than through
means systems and assets, whether physical or virtual, so vital to
the United States or the State of Michigan that the incapacity of
destruction of such systems and assets would have a debilitating
impact on security, economic security, public health, or any
combination of those matters.
means information which:
not customarily in the public domain; and
related to the security of critical infrastructure or protected
systems, as defined in the Critical Infrastructure Information Act
of 2002 at section 212(3).
means any party receiving, accessing, or using Covered
under this Agreement. All employees, officials, contractors,
delegates, representatives, subcontractors, service providers
including information technology and other technical support staff,
agents, etc. of a Data
will have access to
must read this Agreement and agree in writing to be bound by it
prior to having access to Covered
another party. See section 5.i and Addendum
means data, information, or knowledge created from the dissemination
and analysis of data shared under this Agreement, whether or not in
combination with data already in the Data
is included in the definition of
must treat and protect Derived
of Information Act Request”
means a request for information directed to a party under any
applicable public-disclosure statute, which if granted could
reasonably be anticipated to lead to public disclosure of Covered
Information System Data”
means an informational unit or network capable of producing
customized maps based on a digital representation of geographical
a GIS system and saved outputs and datasets covered by this
means a party that owns, collects, or provides Covered Data to a
party under this Agreement.
means use of Covered
by a party to:
the Pilot; and
the requirements of Executive Directive 2017-1.
Agreement establishes the conditions under which the parties agree
to disclose Covered Data to each other in order to meet the
objectives set forth in Executive Directive 2017-1. It also
provides for the protection of Covered Data, and establishes terms
on its use, disclosure, and disposition.
Agreement does not apply to an Original Data Provider’s access to
or use or disclosure of its own Covered Data, unless the Original
Data Provider’s Covered Data is comingled with or includes
Derived Data from another party.
Data provided under this Agreement may only be shared, used, or
accessed by a Data Recipient for Permitted Purposes.
Format, and Method Transfer.
Prior to sharing Covered Data, the Original Data Provider and the
Michigan Department of State Police must agree upon the appropriate
data fields, data format, method and frequency of data transfer, and
other such parameters. The Original Data Provider and Michigan
Department of State Police must document the aforementioned
selections for record-keeping purposes.
Original Data Provider maintains full control and ownership of
Covered Data it provides to another party under this Agreement.
Original Data Provider hereby grants to the Michigan Department of
State Police and other Data Recipients a revocable, non-exclusive,
non-transferable license to process, copy, analyze, use, reformat,
share, or distribute the Original Data Provider’s Covered Data
for a Permitted Purpose, so long as it is otherwise consistent with
this Agreement and applicable licensing agreements. Original Data
Providers must provide Data Recipients a copy of applicable
licensing agreements prior to providing Covered Data to Data
Data Providers’ Responsibilities.
Original Data Providers must:
Data Recipients with access to Covered Data consistent with law,
third-party contractual obligations, and this Agreement; and
access reviews to ensure that Data Recipients have established and
use adequate administrative, technical, and physical safeguards to
protect Covered Data from unauthorized disclosure.
Data Recipients must:
Covered Data as confidential, business-sensitive, and potentially
harmful to the public health and safety and security if
use, and disclose only the minimum amount of Covered Data necessary
to fulfill the purposes of this Agreement;
Covered Data from public or other unpermitted disclosure;
Covered Data solely for a Permitted Purpose;
of Covered Data as directed by the Original Data Provider or as
provided by law;
and Other Requests for Covered Data.
Upon receipt of a FOIA Request or legal process (i.e., discovery
request or subpoena) for information that may include another
party’s Covered Data:
24 hours of receipt of the FOIA Request or demand for Covered
Data, Data Recipient must email the FOIA Request or data demand
FOIA Coordinator of the Michigan Department of State Police;
Original Data Provider; and
other party whose Covered Data or Assets may be affected by the
FOIA Request or demand for Covered Data.
Recipient may not respond to any FOIA Request or demand for
Covered Data without first notifying the Michigan Department of
State Police’s FOIA Coordinator and obtaining the Michigan
Department of State Police’s prior written approval of the
appropriate, Data Recipient must issue a written notice under FOIA
informing the requester that the Covered Data of other parties
does not constitute public records of Data Recipient as the term
public records is defined under FOIA. A FOIA request received by
Data Recipient for information or records identified as, or
reasonably construed to cover, the Covered Data of other parties
must be denied under MCL 15.235(5)(b), which requires
agency’s written certification that the described public record
does not exist within the agency under the name given by the
requester or by another name reasonably known to the agency. As
to the denial, Data Recipient is obligated, under MCL 15.240, to
notify the requester of the requester’s remedial rights. Data
Recipient may refer the requester to the Michigan Department of
State Police to determine whether it might have information or
records responsive to the requester’s description, and whether
such information or records is publically accessible.
the extent consistent with law, Data Recipient must take
reasonable measures to maintain the confidentiality of Covered
Data to be disclosed by seeking a non-disclosure agreement or
negotiating a protective order with a third-party seeking the
disclosure of Covered Data is required by law, Data Recipient may
disclose only that portion of the Covered Data that is compelled
to be released by a court of competent jurisdiction or by law.
Covered Data must be redacted whenever possible and all available
FOIA exemptions must be exercised, including those deemed
permissive under law and MCL 15.243(1)(y). See also Addendum
and use appropriate administrative, technical, and physical
safeguards to protect the data from being accessed, used,
disclosed, or stored in a manner other than as provided in this
Agreement or as provided by law. Protocols must be in writing and
provided to the Original Data Provider, Michigan Department of
State Police, or other parties upon request;
its employees, officials, contractors, delegates, representatives,
subcontractors, service providers including information technology
and other technical support staff, and agents
this Agreement and agree in writing to be bound by it prior to having
access to the Covered Data of another party, with a “Data
at least as stringent as the template set forth in Addendum
a contemporaneous log of those individuals granted access to the
Covered Data of another party by Data Recipient, and upon request,
provide to the Original Data Provider, the Michigan Department of
State Police, and other parties a copy of the log and signed Data
Security Agreements; and
Covered Data, including copies of the data, upon completion of the
relevant Permitted Purposes, consistent with law, and provide
certification of data destruction if requested by a party.
Data Providers must use reasonable efforts to ensure the
completeness, accuracy, and timeliness of data provided under this
Agreement. However, Original Data Providers cannot guarantee data
accuracy and will therefore not be held responsible for any damage
to Data Recipients resulting from the disclosure or use of data that
is inaccurate, incomplete, or outdated.
Execution of Additional Agreements.
The parties will execute such documents as may be necessary to
realize the intentions of this Agreement or comply with law. The
parties will also require third parties to execute such documents as
may be necessary to realize the intentions of this Agreement or
comply with law, prior to granting the third party access to the
parties will work together to resolve issues relating to this
Agreement or with meeting the goals of the Pilot. The parties will
exchange documentation as reasonably necessary to identify and
explain their positions. Any portion of this Agreement that may be
subject to interpretation will be addressed at these meetings.
Each party will be responsible for its own costs, losses, and
damages related to the sharing of data under this Agreement except
as otherwise provided in section 10 below. Parties will not be
liable to one another for any claim related to or arising under this
Agreement for consequential, incidental, indirect, or special
or Compromise of Covered Data.
In the event of any act, error or omission, negligence, misconduct,
or breach on the part of Data Recipient that compromises or is
suspected to compromise the security, confidentiality, or integrity
of another party’s Covered Data, or the physical, technical,
administrative, or organizational safeguards put in place by Data
Recipient that relate to the protection of the security,
confidentiality, or integrity of another party’s Covered Data,
Data Recipient must, as applicable: (a) notify the Michigan
Department of State Police and the affected Original Data Provider
as soon as practicable but no later than 24 hours of becoming aware
of such occurrence; (b) cooperate with the Michigan Department of
State Police and Original Data Provider in investigating the
occurrence, including making available all relevant records, logs,
files, data reporting, and other materials required to comply with
applicable law or as otherwise required by the State; (c) perform or
take any other actions required to comply with applicable law as a
result of the occurrence; (d) pay for any costs associated with the
occurrence, including but not limited to costs incurred by the
Original Data Provider and Michigan Department of State Police in
investigating and resolving the occurrence, including reasonable
attorney’s fees associated with such investigation and resolution;
and (e) provide to Original Data Provider and the Michigan
Department of State Police a detailed plan within 10 calendar days
of the occurrence describing the measures Data Recipient will
undertake to prevent a future occurrence. This sectionsurvives
termination or expiration of this Agreement.
required under this Agreement must be addressed to the individuals
listed on the signature block pages. Parties may amend contact
information by providing written notice of the change to the
Michigan Department of State Police and the other parties. A notice
required under this Agreement is deemed effectively given:
received, if delivered by hand (with written confirmation of
received, if sent by a nationally recognized overnight courier
the date sent by email (with confirmation of transmission), if sent
during normal business hours of the recipient, and on the next
business day if sent after normal business hours of the recipient;
the fifth day after the date mailed, by certified or registered
mail, return receipt requested, postage prepaid.
notices to the State of Michigan shall be copied to Therese Empie,
Strategy Advisor, (517) 331-2475, email@example.com.
This Agreement may be amended by written agreement of the parties
subject to the amendment. If amendment to this Agreement is
required to comply with laws, rules, or regulations, the parties
will promptly enter into negotiations to meet legal requirements.
This Agreement becomes effective when at least two parties have
signed it. The term ends 1 year from the date the Agreement first
became effective. The term of this Agreement may be extended by
party may terminate their participation in this Agreement by
providing written notice to the Michigan Department of State
Police. Termination is effective 30 calendar days from the date
the notice becomes effective.
Michigan Department of State Police must provide written notice to
all other parties to this Agreement when a party terminates its
participation, but the failure to do so does not affect the
effective date of termination.
of a party’s participation in this Agreement does not affect the
continuation of this Agreement as between or among the other
The obligation of a Data Recipient to maintain and safeguard
another party’s Covered Data remains in full force and effect
until the Original Data Provider or a court of competent
jurisdiction opines or rules in writing that the data is no longer
Agreement may be executed in counterparts, each of which is deemed
to be an original, and all of which taken together constitutes one
and the same instrument. The signature of any party transmitted by
email is binding.
Agreement inures to the benefit of and is binding upon the parties,
their respective successors-in-interest by way of reorganization,
operation of law, or otherwise, and their permitted assigns.
Third Party Beneficiaries.
This Agreement does not confer any rights or remedies upon any
person or entity other than the parties and their respective
successors-in-interest by way of reorganization, operation of law,
or otherwise, and their permitted assigns.
This Agreement does not, and is not intended to, impair, divest,
delegate, or contravene any constitutional, statutory, or other
legal right, privilege, power, or immunity of the parties. Nothing
in this Agreement is a waiver of governmental immunity. Unless this
Agreement expressly states otherwise, it does not, and is not
intended to, transfer, delegate, or assign to the other party, any
civil or legal responsibility, duty, obligation, duty of care, cost,
legal obligation, or liability associated with any governmental
function delegated or entrusted to either party under any existing
law or regulation.
This Agreement is governed, construed, and enforced in accordance
with Michigan law, excluding choice-of-law principles, and all
claims relating to or arising out of this Agreement are governed by
Michigan law, excluding choice-of-law principles. Lawsuits must be
initiated in Ingham County, Michigan.
person signing this Agreement represents that they are duly
authorized to execute this Agreement on behalf of their entity.
This Agreement represents the entire agreement between the parties
and supersedes all other agreements between the parties governing
the matters described. The language of this Agreement will be
construed as a whole according to its fair meaning, and not
construed strictly for or against any party.
name of entity, e.g., City of Grand Rapids]
name, insert title]
under this Agreement go to:
name, insert title]
This Data Security Agreement is to be signed by a Data Recipient’s
employees, contractors, etc. that will have access to Covered Data.
Individuals sign this agreement, not entities.]
have read and understand the “Universal Data Sharing Agreement
Between Michigan State Police and Infrastructure Entities Located In
Region 4 (West Michigan) & Region 10 (Southeast Michigan) To
Establish A Regional Asset Management Pilot Program” (“Agreement”).
agree to be bound by the terms of the Agreement, including those
relating to protecting and safeguarding Covered Data from
unauthorized disclosure. I agree not to access, disclose, or share
Covered Data without the express written permission of a person with
authority to grant such permission.
name and title]
Covered Data collected under this Pilot relates to ongoing security
measures, capabilities for responding to terrorism, emergency
response plans, risk planning, threat assessment, and domestic
preparedness strategies. The parties agree to deem Covered Data
exempt from public disclosure under the Freedom of Information Act
under MCL 15.243(1)(y) because the public interest in nondisclosure
is high, whereas, the public interest in disclosure would be minimal.
public interest in the nondisclosure of the data outweighs any public
interest in disclosure, where disclosure to the world at large under
FOIA would impair the ability of the parties, as well as federal and
other state and local authorities, to protect the security and safety
of persons and property. This impairment would be the direct result
of allowing, from this single source, unfettered public access to the
broad critical infrastructure information composing the data. It
essentially would provide unintended, but actual, aid and assistance
to persons, both domestic and foreign, bent on harming United States
citizens and communities, and “whatever else the criminal mind
might evoke.” Mager
v Dep’t of State Police,
460 Mich 134 (1999).
security concerns raised by the public disclosure and dissemination
of the data is self-evident. The Congressional Record is replete
with facts on terrorism’s ever-rising and forging threats and
capabilities. For example, three of many such reports include:
Congressional Record, 114th Congress, 2nd Session, Issue: Vol. 162,
No. 24, February 10, 2016; 114th Congress, 2nd Session, Issue: Vol.
162, No. 90, June 8, 2016; 115th Congress, 1st Session, Issue: Vol.
163, May 2, 2017.