Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 45 – Information Security

Revised May 20, 2013

View All Sections >

49020.9.5 Confidentiality Agreements

  • Requirements for confidentiality or non-disclosure agreements reflecting the CDCRCalifornia Department of Corrections and Rehabilitation’s needs for the protection of information should be identified and regularly reviewed. Confidentiality and non-disclosure agreements protect organizational information and inform signatories of their responsibility to protect, use, and disclose information in a responsible and authorized manner.

  • Confidentiality or non-disclosure agreements should address the requirement to protect confidential information using legally enforceable terms. To identify requirements for confidentiality or non-disclosure agreements, the following elements should be considered:

    • A definition of the information to be protected (e.g., confidential information);

    • Expected duration of an agreement, including cases where confidentiality might need to be maintained indefinitely;

    • Required actions when an agreement is terminated;

    • Responsibilities and actions of signatories to avoid unauthorized information disclosure (such as “need to know”);

    • Ownership of information, trade secrets and intellectual property, and how this relates to the protection of confidential information;

    • The permitted use of confidential information, and rights of the signatory to use information;

    • The right to audit and monitor activities that involve confidential information;

    • Process for notification and reporting of unauthorized disclosure or confidential information breaches;

    • Terms for information to be returned or destroyed at agreement cessation; and

    • Expected actions to be taken in case of a breach of this agreement.

  • Based on the CDCRCalifornia Department of Corrections and Rehabilitation’s security requirements, other elements may be needed in a confidentiality or non-disclosure agreement. Confidentiality and non-disclosure agreements should comply with all applicable laws and regulations for the jurisdiction to which it applies. Requirements for confidentiality and non-disclosure agreements should be previewed periodically and when changes occur that influence these requirements.