712C - Personally Identifiable Information and Protected Personally Identifiable Information Requirements Applicable to all Federal Awards

 

In compliance with Uniform Grant Guidance in Title 2 Code of Federal Regulation (C.F.R.) Grants and Agreements, Part 200 Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, it is the policy of: Eddyville-Blakesburg-Fremont CSD to protect Personally Identifiable Information (PII) of employees, customers, vendors, contractors, volunteers, etc. The electronic restrictions and safeguards outlined in 2 C.F.R. 200.79 Personally Identifiable Information, and 200.82 Protected Personally Identifiable Information (PPII), along with 2 C.F.R 200.303 Internal Controls, this policy provides guidance for employees, volunteers, agents, etc. with access to PII and PPII.

 

Personally Identifiable Information (2 C.F.R. 200.79) is any information pertaining to an individual that can be used to distinguish or trace a person's identity. Some information that is considered PII is available in public sources such as telephone books, public websites, etc. This type of information is considered to be Public PII and includes:

1.         First and Last name

2.         Address

3.         Work telephone number

4.         Work e-mail address

5.         Home telephone number

6.         General educational credentials

7.         Photos and video

The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. Non-PII can become PII whenever additional information is made publicly available, in any medium and from any source, that, when combined with other available information, could be used to identify an individual.

 

Protected PII (2 C.F.R. 200.82) means an individual's first name or first initial and last name in combination with any one or more of types of information, including, but not limited to:

1.         Social security number

2.         Username and password

3.         Passport number

4.         Credit card number

5.         Clearances

6.         Banking information

7.         Biometrics

8.         Data and place of birth

9.         Mother's maiden name

10.       Criminal, medical and financial records

11.       Educational transcripts

12.       Photos and video including any of the above

This does not include PII that is required by law, statute, or regulation to be disclosed, such as a law enforcement or court order right to know.

 

Internal controls (2 C.F.R. 200.303)

The non-Federal entity must:

(e) Take reasonable measures to safeguard protected personally identifiable information and other information the Federal awarding agency or pass-through entity designates as sensitive or the non-Federal entity considers sensitive consistent with applicable Federal, state, local, and tribal laws regarding privacy and obligations of confidentiality.

[78 FR 78608, Dec. 26, 2013, as amended at 79 FR 75883, Dec. 19, 2014]

 

Procedures

Guidelines on how to maintain and discard PII. All electronic files that contain Protected PII will reside within a protected information system location. All physical files that contain Protected PII will reside within a locked/secured/monitored location when not being actively viewed or modified. Protected PII is not to be downloaded, without prior approval, to personal or organization owned employee workstations or mobile devices (such as laptops, personal digital assistants, mobile phones, tablets or removable media). PII will also not be sent through any form of insecure electronic communication e.g. e-mail or instant messaging systems. Significant security risks emerge when PII is transferred from a secure location to a less secure location or is disposed of improperly. When disposing of PII the physical or electronic file should be shredded, securely deleted, or disposed of by a means that renders the information unrecognizable and beyond reconstruction.

 

Incident Reporting

Mary McCrea must be informed of a real or suspected disclosure or breach of Protected PII data within 24 hours after discovery. Examples: misplacing a paper report, loss of a laptop, mobile device, or removable media containing PII, accidental email of PII, possible virus, or malware infection or a computer containing PII.

 

Audits

Periodic audits of organization owned equipment and physical locations may be performed to ensure that protected PII is stored in approved information systems or locations. The purpose of the audit is to ensure compliance with this policy and to provide information necessary to continuously improve practices.

 

Enforcement

Anyone found to be in violation of this policy may be subject to disciplinary action as deemed appropriate based on the facts and circumstances giving rise to the violation.

 

Records Disposal

Records containing personal data are to be disposed of so as to prevent inadvertent compromise of data and will use a disposal method that will render all personal data unrecognizable and beyond reconstruction.

 

In addition to the District's standard procurement and purchasing procedures, the following procedures for vendors/contractors paid with federal funds are required. When federal, state, and local requirements conflict, the most stringent requirement will be followed.

 

2 CFR Part 200, Subpart D Subsection §200.318 (c)(1)

No District employee, officer, or agent may participate in the selection, award and administration of contracts supported by a Federal award if he or she has a real or apparent conflict of interest. Such a conflict of interest would arise when the employee, officer, or agent, any member of his or her immediate family, his or her partner, or an organization which employs or is about to employ any of the parties indicated herein, has a financial or other interest in or a tangible personal benefit from a firm considered for a contract. District officers, employees, and agents may neither solicit nor accept gratuities, favors, or anything of monetary value from contractors or parties to subcontracts. However, for situations where the financial interest is not substantial or the gift is an unsolicited item of nominal value, district employees must abide by all relevant board policies. Violation of this requirement may result in disciplinary action for the District employee, officer, or agent.

 

 

2 CFR Part 200, Subpart D Subsection §200.320 (e)(1-4)

Procurement for contracts paid with federal funds may be conducted by noncompetitive (single course) proposals when one or more of the following circumstances apply: (1) the item is only available from a single course; (2) public exigency or emergency will not permit the delay resulting from competitive bids; (3) the Federal awarding agency or pass-through entity expressly authorizes noncompetitive proposals in response to a written request from the non­ Federal entity; or (4) after solicitation of a number of sources, competition is inadequate.

 

2 CFR Part 200, Subpart D Subsection §200.321

The District will take all necessary affirmative steps to assure that minority businesses, women's business enterprises, and labor surplus area firms are used when possible. Affirmative steps must include: (1) placing such businesses on solicitation lists; (2) soliciting such businesses whenever they are potential sources; (3) when economically feasible, dividing contracts into smaller tasks or quantities to allow participation from such businesses;

(4) establishing delivery schedules that encourage participation by such businesses; (5) when appropriate, utilizing the Small Business Administration and the Minority Business Development Agency of the Department of Commerce; and (6) requiring the primary contractor to follow steps (1) through (5) when subcontractors are used.

 

The district will include the following provisions in all procurement contracts or purchase orders when applicable: 2 CFR Part 200 Appendix II

 

  1. Contracts for more than the simplified acquisition threshold currently set at $150,000, which is the inflation adjusted amount determined by the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) as authorized by 41 U.S.C. 1908, must address administrative, contractual, or legal remedies in instances where contractors violate or breach contract terms, and provide for such sanctions and penalties as appropriate.

 

  1. All contracts in excess of $10,000 must address termination for cause and for convenience by the non-Federal entity including the manner by which it will be effected and the basis for settlement.

 

  1. Equal Employment Opportunity. Except as otherwise provided under 41 CFR Part 60, all contracts that meet the definition of "federally assisted construction contract" in 41 CFR Part 60-1.3 must include the equal opportunity clause provided under 41 CFR 60-1.4(b), in accordance with Executive Order 11246, "Equal Employment Opportunity" (30 FR 12319, 12935, 3 CFR Part, 1964-1965 Comp., p. 339), as amended by Executive Order 11375, "Amending Executive Order 11246 Relating to Equal Employment Opportunity," and implementing regulations at 41 CFR part 60, "Office of Federal Contract Compliance Programs, Equal Employment Opportunity, Department of Labor."

 

  1. Davis-Bacon Act, as amended (40 U.S.C. 3141-3148). When required by Federal programs legislation, all prime construction contracts in excess of $2,000 awarded by non-Federal entities must include a provision for compliance with the Davis-Bacon Act (40 U.S.C. 3141-3144, and 3146-3148) as supplemented by Department of Labor regulations (29 CFR Part 5, "Labor Standards Provisions Applicable to Contracts Covering

 

Federally Financed and Assisted Construction"). In accordance with the statute, contractors must be required to pay wages to laborers and mechanics at a rate not less than the prevailing wages specified in a wage determination made by the Secretary of Labor. In addition, contractors must be required to pay wages not less than once a week. The non-Federal entity must place a copy of the current prevailing wage determination issued by the Department of Labor in each solicitation. The decision to award a contract or subcontract must be conditioned upon the acceptance of the wage determination. The non-Federal entity must report all suspected or reported violations to the Federal awarding agency. The contracts must also include a provision for compliance with the Copeland "Anti-Kickback" Act (40 U.S.C. 3145), as supplemented by Department of Labor regulations (29 CFR Part 3, "Contractors and Subcontractors on Public Building or Public Work Financed in Whole or in Part by Loans or Grants from the United States"). The Act provides that each contractor or sub­ recipient must be prohibited from inducing, by any means, any person employed in the construction, completion, or repair of public work, to give up any part of the compensation to which he or she is otherwise entitled. The non-Federal entity must report all suspected or reported violations to the federal awarding agency.

 

  1. Contract Work Hours and Safety Standards Act (40 U.S.C. 3701-3708). Where applicable, all contracts awarded by the non-Federal entity in excess of $100,000 that involve the employment of mechanics or laborers must include a provision for compliance with 40 U.S.C. 3702 and 3704, as supplemented by Department of Labor regulations (29 CFR Part 5). Under 40 U.S.C. 3702 of the Act, each contractor must be required to compute the wages of every mechanic and laborer on the basis of a standard work week of 40 hours. Work in excess of the standard work week is permissible provided that the worker is compensated at a rate of not less than one and a half times the basic rate of pay for all hours worked in excess of 40 hours in the work week. The requirements of 40 U.S.C. 3704 are applicable to construction work and provide that no laborer or mechanic must be required to work in surroundings or under working conditions which are unsanitary, hazardous or dangerous. These requirements do not apply to the purchases of supplies or materials or articles ordinarily available on the open market, or contracts for transportation or transmission of intelligence.

 

  1. Rights to Inventions Made Under a Contract or Agreement. If the Federal award meets the definition of "funding agreement" under 37 CFR§401.2(a) and the recipient or sub-recipient wishes to enter into a contract with a small business firm or nonprofit organization regarding the substitution of parties, assignment or performance of experimental, developmental, or research work under that "funding agreement," the recipient or sub-recipient must comply with the requirements of 37 CFR Part 401, "Rights to Inventions Made by Nonprofit Organizations and Small Business Firms Under Government Grants, Contracts and Cooperative Agreements," and any implementing regulations issued by the awarding agency.

 

  1. Clean Air Act (42 U.S.C. 7401-7671q.) and the Federal Water Pollution Control Act (33 U.S.C. 1251-1387), as amended - Contracts and sub-grants of amounts in excess of $150,000 must contain a provision that requires the non-Federal award to agree to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251-1387). Violations must be reported to the Federal awarding agency and the Regional Office of the Environmental Protection Agency (EPA).

 

  1. Debarment and Suspension (Executive Orders 12549 and 12689) - A contract award (see 2 CFR 180.220) must not be made to parties listed on the government wide exclusions in the System for Award Management (SAM), in accordance with the OBM guidelines at 2 CFR 180 that implement Executive Orders 12549 (3 CFR part 1986 Comp., p. 189) and 12689 (3 CFR part 1989 Comp., p. 235), "Debarment and Suspension." SAM Exclusions contains the names of parties debarred, suspended, or otherwise excluded by agencies, as well as parties declared ineligible under statutory or regulatory authority other than Executive Order 12549.

 

  1. Byrd Anti-Lobbying Amendment (31 U.S.C. 1352) - Contractors that apply or bid for an award exceeding $100,000 must file the required certification. Each tier certifies to the tier above that it will not and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. Each tier must also disclose any lobbying with non-Federal funds that takes place in connection with obtaining any Federal award. Such disclosures are forwarded from tier-to-tier up to the non­ Federal award.

 

  1. See §200.322 Procurement of recovered materials.

 

§200.216 Prohibition on certain telecommunications and video surveillance services or equipment

 

    1. The district is prohibited from obligating or expending loan or grant funds to:
      1. Procure or obtain;
      2. Extend or renew a contract to procure or obtain; or
      3. Enter into a contract (or extend or renew a contract) to procure or obtain equipment, services, or systems that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system. As described in Public law 115-232, section 889, covered telecommunications equipment is telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities).
        1. For purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunication equipment produced

by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology

Company (or any subsidiary or affiliate of such entities).

        1. Telecommunications or video surveillance services provided by such entities or using such equipment.
        2. Telecommunications or video surveillance equipment or services produced or provided by an entity that

the Secretary of Defense, in consultation with the Director of the National Intelligence of the Director of the Federal

Bureau of Investigation, reasonably believes to be an entity owned by or controlled by, or otherwise connected to,

the government of a foreign country.

 

 

    1. In implementing the prohibition under Public Law 115-232, section 889, subsection (f), paragraph (I), heads of executive agencies administering loan, grant, or subsidy programs shall prioritize available funding and technical support to assist affected businesses, institutions and organizations as is reasonably necessary for those affected entities to transition from covered communications equipment and services, to procure replacement equipment and services, and to ensure that communications service to users and customers is sustained.
    2. See Public Law 115-232, section 889 for additional information.
    3. See also §200.471.

 

 

 

REVIEWED: 10/19/2020 – APPROVED: 11/16/2020

REVISED: 06/17/2024 – APPROVED: 07/15/2024