The URL can be used to link to this page

2016-21 Terry L.Rhodes A SAFER Executive Director FLORIDA 2900 Apalachee Parkway HIGHWAY SAFETY AND MOTOR VEHICLES Tallahassee,Florida 32399-0500 www flhsmv gov ANNUAL AFFIRMATION STATEMENT In accordance with Section VI., Part C, of the Memorandum of Understanding between Department of Highway Safety and Motor Vehicles and Clermont Police Department(Requestmg Agency)hereby Affirms that the requesting agency has evaluated and have adequate controls m place to protect the personal data from unauthorized access, distribution, use and modification or disclosure and is m full compliance as required m the contractual agreement HSMV-0292-15 (contract number) e, i Ivey Signature Charles Broadway Prmted Name Chief Title 3 - co Date Clermont Police Department NAME OF AGENCY • Service • Integrity • Courtesy • Professionalism • Innovation • Excellence An Equal Opportunity Employer A 5AFE4 FLORIDA MEMORANDUM OF UNDERSTANDING FOR LAW ENFORCEMENT AGENCY ACCESS TO !WNW SAi E'V 410 W ipR VEKM DRIVER AND VEHICLE INFORMATION DATABASE SYSTEM (DAVID) Contract Number HSMV- This Memorandum of Understanding (MOU) is made and entered into by and between Clermont Police Department , hereinafter referred to as the Requesting Party, and the Florida Department of Highway Safety and Motor Vehicles, hereinafter referred to as the Providing Agency, collectively referred to as the Parties I. Purpose The Providing Agency is a government entity whose primary duties include issuance of motor vehicle and driver licenses, registration and titling of motor vehicles, and enforcement of all laws governing traffic, travel, and public safety upon Florida's public highways In carrying out its statutorily mandated duties and responsibilities, the Providing Agency collects and maintains personal information that identifies individuals This information is stored in the Department's Driver and Vehicle Information Database system, commonly referred to as "DAVID " Based upon the nature of this information, the Providing Agency is subject to the disclosure prohibitions contained in 18 U S C §2721, the Driver's Privacy Protection Act (hereinafter "DPPA"), Section 119 0712(2), Florida Statutes, and other statutory provisions The Requesting Party is a law enforcement agency operating under the laws and authority of the state of Florida As a law enforcement agency, the Requesting Party may receive personal information from DAVID under the government agency exception provided in DPPA as indicated in Attachment I The Requesting Party utilizes DAVID information for the purposes of carrying out its statutorily mandated law enforcement and prosecutorial functions This MOU is entered into for the purpose of establishing the conditions and limitations under which the Providing Agency agrees to provide electronic access to DAVID information to the Requesting Party Use of the data by Requesting Party shall only be for a lawful purpose II. Definitions For the purposes of this Agreement, the below-listed terms shall have the following meanings A DAVID — The Providing Agency's Driver and Vehicle Information Database system that accesses and transmits dnver and vehicle information B Driver License Information — Driver license and identification card data collected and maintained by the Providing Agency This information includes personal information as defined below C Emergency Contact Information (ECI)—Information contained in a motor vehicle record listing individuals to be contacted in the event of an emergency Emergency contact information may be released to law enforcement agencies through the DAVID system for purposes of contacting those listed in the event of an emergency, as noted in Section 119 0712 (2)(c), Florida Statutes Page 1 of 9 DAVID(LEA)Data Exchange MOU(Rev 11/03/2015) D Driver Privacy Protection Act (DPPA) —The Federal Act (see, 18 United States Code § 2721, et seq ) that prohibits release and use of personal information except as otherwise specifically permitted within the Act E Law Enforcement Agency — Any state, county or city law enforcement agency, and state attorney offices operating under the laws and authority of the state of Flonda F Insurance Record — Insurance information, such as Insurance Company name, policy type, policy status, insurance creation and expiration date provided to the Requesting Party, pursuant to Section 324 242(2), Flonda Statutes G Parties-The Providing Agency and the Requesting Party H Personal Information — As descnbed in Chapter 119, Florida Statutes, and information found in the motor vehicle record which includes, but is not limited to, the subject's driver identification number, name, address, telephone number, social secunty number, medical or disability information, and emergency contact information I Point-of-Contact (POC) -A person(s) appointed by the Requesting Party as the administrator of the DAVID program in their agency J Providing Agency -The Florida Department of Highway Safety and Motor Vehicles The Providing Agency is responsible for granting access to DAVID information to the Requesting Party K Quarterly Quality Control Review Report — Report completed each quarter by the POC to monitor compliance with this agreement The following must be included in the Quarterly Quality Control Review Report 1 A comparison of the DAVID users by agency report with the agency user list, 2 A listing of any new or inactivated users since the last quarterly quality control review, and 3 Documentation venfying that usage has been internally monitored to ensure proper, authorized use and dissemination L Requesting Party - Any law enforcement agency that is expressly authonzed by Section 119 0712(2), Florida Statutes, and DPPA to receive personal information contained in a motor vehicle record maintained by the Providing Agency M Vehicle Information — Title and registration data collected and maintained by the Providing Agency for vehicles III. Legal Authority The Providing Agency maintains computer databases containing information pertaining to driver's licenses and vehicles pursuant to Chapters 317, 319, 320, 322, 328, and Section 324 242(2) Flonda Statutes The dnver license and motor vehicle data contained in the Providing Agency's databases is defined as public record pursuant to Chapter 119, Florida Statutes, and as such, is subject to public disclosure unless otherwise exempted by law As the custodian of the state's driver and vehicle records, the Providing Agency is required to provide access to records permitted to be disclosed by law, and may do so by remote electronic means, pursuant to Sections 119 0712(2), 320 05, 321 23, 322 20, and 324 242(2), Florida Statutes, and applicable rules Page 2 of 9 DAVID(LEA)Data Exchange MOU(Rev 11/03/2015) Under this MOU, the Requesting Party will be provided, via remote electronic means, information pertaining to driver licenses and vehicles, including personal information authorized to be released pursuant to Section 119 0712(2), Florida Statutes and DPPA By executing this MOU, the Requesting Party agrees to maintain the confidential and exempt status of any and all information provided by the Providing Agency pursuant to this agreement and to ensure that any person or entity accessing or utilizing said information shall do so in compliance with Section 119 0712(2), Florida Statutes and DPPA In addition, the Requesting Party agrees that insurance policy information shall be utilized pursuant to Section 324 242(2), Florida Statutes This MOU is governed by the laws of the state of Florida and jurisdiction of any dispute arising from this MOU shall be in Leon County, Florida IV. Statement of Work. A The Providing Agency agrees to 1 Allow the Requesting Party to electronically access DAVID as authonzed under this agreement 2 Provide electronic access pursuant to established roles and times, which shall be uninterrupted except for periods of scheduled maintenance or due to a disruption beyond the Providing Agency's control, or in the event of breach of this MOU by the Requesting Party Scheduled maintenance will normally occur Sunday mornings between the hours of 6 00 A M and 10 00 A M 3 Provide an agency contact person for assistance with the implementation and administration of this MOU B The Requesting Party agrees to 1 Utilize information obtained pursuant to this MOU, including Emergency Contact Information (ECI), only as authonzed by law and for the purposes prescribed by law and as further described in this MOU In the case of ECI, such information shall only be used for the purposes of notifying a person's registered emergency contact in the event of a senous injury, death, or other incapacitation ECI shall not be released or utilized for any other purpose, including developing leads or for cnminal investigative purposes 2 Retain information obtained from the Providing Agency only if necessary for law enforcement purposes If retained, information shall be safeguarded in compliance with Section V Safeguarding Information, subsection C 3 Ensure that its employees and agents comply with Section V Safeguarding Information 4 Refrain from assigning, sub-contracting, or otherwise transferring its rights, duties, or obligations under this MOU, without the prior written consent of the Providing Agency 5 Not share, provide, or release any DAVID information to any other law enforcement, governmental agency, person, or entity not a party or otherwise subject to the terms and conditions of this MOU 6 Protect and maintain the confidentiality and security of the data received from the Providing Agency in accordance with this MOU and applicable state and federal law Page 3 of 9 DAVID(LEA)Data Exchange MOU(Rev 11/03/2015) 7 Defend, hold harmless and indemnify the Providing Agency and its employees or agents from any and all claims, actions, damages, or losses which may be brought or alleged against its employees or agents for the Requesting Party's negligent, improper, or unauthonzed access, use, or dissemination of information provided by the Providing Agency, to the extent allowed by law 8 Immediately inactivate user access/permissions following termination or the determination of negligent, improper, or unauthorized use or dissemination of information Update user access/permissions upon reassignment of users within five (5) business work days 9 Complete and maintain Quarterly Quality Control Review Reports as defined in Section II — Definitions—J, and utilizing the form attached as Attachment II 10 Update any changes to the name of the Requesting Party, its Agency head, its POC, address, telephone number and/or e-mail address in the DAVID system within ten calendar days of occurrence The i Requesting Party is hereby put on notice that failure to timely update this information may adversely affect the time frames for receipt of information from the Providing Agency 11 Immediately comply with any restriction, limitation, or condition enacted by the Flonda Legislature following the date of signature of this MOU, affecting any of the provisions herein stated The Requesting Party 'understands and agrees-that it is obligated to comply with the applicable provisions of law regarding the subject matter of this Agreement at all times that it is receiving, accessing, or utilizing DAVID information 12 Cooperate with the,Providing Agency in Field Audits conducted pursuant to Section VI B , below 13 Timely submit the reports and statements required in Section VI Compliance and Control Measures, below V Safeguarding Information The Parties shall access, disseminate, use and maintain all information received under this Agreement in a manner that ensures its confidentiality and proper utilization in accordance with Chapter 119, Flonda Statutes, and DPPA Information obtained under this Agreement shall only be disclosed to persons to whom disclosure is authonzed under Florida law and federal law Any person who willfully hand knowingly violates any of the provisions of this section is guilty of a misdemeanor of the first degree punishable as provided in Sections 119 10 and 775 083, Florida Statutes In addition, any person who willfully'and knowingly discloses any information in violation of DPPA may be subject to criminal sanctions and civil liability The Parties mutually agree to the following A Information exchanged will not be used for any purposes not specifically authonzed by this MOU Unauthorized use includes, but is not limited to, queries not related to a legitimate business purpose, personal use, or the dissemination, shanng, copying, or passing of this information to unauthorized persons Page 4 of 9 DAVID(LEA)Data Exchange MOU(Rev 11/03/2015) B The Requesting Party shall not indemnify and shall not be liable to the Providing Agency for any driver license or motor vehicle information lost, damaged, or destroyed as a result of the electronic exchange of data pursuant to this MOU, except as otherwise provided in Section 768 28, Flonda Statutes C Any and all DAVID-related information provided to the Requesting Party as a result of this MOU, particularly data from the DAVID system, will be stored in a place physically secure from access by unauthorized persons D The Requesting Party shall comply with Rule 71A-1 005, Florida Administrative Code, and with Providing Agency's security policies, and employ adequate security measures to protect Providing Agency's information, applications, data, resources, and services The applicable Providing Agency secunty policies shall be made available to Requesting Party E When pnnted information from DAVID has met record retention, it shall be destroyed by cross-cut shredding or incineration in accordance with Flonda law F The Requesting Party shall maintain a list of all persons authorized within the agency to access DAVID information The list will not be provided to the Providing Agency, but shall be subject to viewing during any field audit conducted by the Providing Agency or in the event of a violation under Section VI , D, of this MOU for the purposes of ascertaining whether the person or persons involved have been removed from the list or have otherwise had their DAVID access modified or limited G Access to DAVID-related information, particularly data from the DAVID System, will be protected in such a way that unauthonzed persons cannot view, retrieve, or print the information H Under this MOU agreement, access to DAVID system shall be provided to users who are direct employees of the Requesting Party and shall not be provided to any non-employee or contractors of the Requesting Party I By signing this MOU, the Parties, through their signatories, affirm and agree to maintain the confidentiality of the information exchanged through this Agreement VI Compliance and Control Measures A Quarterly Quality Control Review Report — Must be completed, utilizing Attachment II, Quarterly Quality Control Review Report, within 10 days after the end of each quarter and maintained for two years B Field Audits — Field audits shall be conducted by the Providing Agency in order to ensure that MOU requirements concerning internal controls are being met Field audits shall be conducted on-site by Providing Agency employees, who shall be designated as "Field Liaisons" for the purposes of this MOU Field Liaisons shall be geographically located throughout the state The Requesting Party shall cooperate with the Field Liaisons in conducting field audits by granting access to systems and records related to this MOU and assigning appropriate personnel to respond to information requests Audits shall be conducted a minimum of once, every two years Field Liaisons shall contact the POC in order to schedule the audit At the completion of the audit, the Field Liaison will complete a report and provide a copy to the Requesting Party within ninety (90) days of the audit date Should the audit report Page 5 of 9 DAVID(LEA)Data Exchange MOU(Rev 11/03/2015) conclude that deficiencies or issues exist in regard to the Requesting Party's internal controls, or access to or use of DAVID information, Providing Agency reserves the right to take, based upon the nature of the deficiencies/issues found, any or all of the following actions audit more frequently than once, every two years, and/or suspend or terminate Requesting Party's access to DAVID information until such time as Requesting Party submits proof satisfactory to the Providing Agency that the deficiencies/issues have been corrected Internal Control Attestation — This MOU is contingent upon the Requesting Party having appropriate internal controls in place at all times that data is being provided/received pursuant to this MOU to ensure that the data is protected from unauthorized access, distribution, use, modification, or disclosure The Requesting Party must submit an Attestation statement no later than 45 days after receipt of the audit report referenced in subsection B , above The Attestation shall indicate that the internal controls over personal data have been reviewed and evaluated in light of the audit findings and are adequate to protect the personal data from unauthorized access, distribution, use, modification, or disclosure The Attestation shall also certify that any and all deficiencies/issues found during the audit have been corrected and measures enacted to prevent recurrence The Providing Agency may extend the time for submission of the Attestation upon written request by the Requesting Party The Attestation must have an original signature of the Chief, Sheriff, or State Attorney, or person designated by Letter of Delegation to execute contracts/agreements on their behalf, may be sent via U S Mail, facsimile transmission, or e-mailed to the Providing Agency's Bureau of Records at the following address Department of Highway Safety and Motor Vehicles Bureau of Records 2900 Apalachee Parkway, MS 89 Tallahassee, Florida 32399-0500 Fax (850) 617-5168 E-mail DataListinoUnit(aflhsmv cloy C Annual Certification Statement - The Requesting Party shall submit to the Providing Agency an annual statement indicating that the Requesting Party has evaluated and certifies that it has adequate controls in place to protect the personal data from unauthorized access, distribution, use, modification, or disclosure, and is in full compliance with the requirements of this MOU The Requesting Party shall submit this statement annually, within 45 days after the anniversary date of this MOU (NOTE Dunng any year in which a Field Audit is conducted, submission of the Internal Control Attestation may satisfy the requirement to submit an Annual Certification Statement) Failure to timely submit the certification statement may result in an immediate field audit and, based upon the findings of the audit, suspension or termination of Requesting Party's access to DAVID information as indicated in subsection B , above In addition, pnor to expiration of this MOU, if the Requesting Party intends to enter into a new MOU, a certification statement attesting that appropriate controls remained in place during the final year of the MOU and are currently in place shall be required to be submitted to the Providing Agency pnor to issuance of a new MOU D Misuse of Personal Information —The Requesting Party must notify the Providing Agency in writing of any incident where determination is made that personal information has been compromised as a result of unauthorized access, distribution, use, modification, or disclosure, by any means, within 30 days of such determination The statement must be provided on the Requesting Party's letterhead and include each of the following a brief summary of the incident, the outcome of the review, the date of the occurrence(s), the number of records compromised, the name or names of personnel responsible, whether disciplinary action or termination was rendered, and whether or not the owners of the compromised records were notified The Page 6 of 9 DAVID(LEA)Data Exchange MOU(Rev 11/03/2015) statement shall also indicate the steps taken, or to be taken, by the Requesting Agency to ensure that misuse of DAVID data does not continue This statement shall be mailed to the Bureau Chief of Records at the address indicated in Section VI C , above (NOTE If an incident involving breach of personal information did occur and Requesting Party did not notify the owner(s) of the compromised records, the Requesting Party must indicate why notice was not provided, for example"Notice not statutorily required ") In addition, the Requesting Party shall comply with the applicable provisions of Section 501 171, Florida Statutes, regarding data security and secunty breaches, and shall stnctly comply with the provisions regarding notice provided therein VII. Agreement Term This MOU shall take effect upon the date of last signature by the Parties and shall remain in effect for six (6) years from this date unless sooner terminated or cancelled in accordance with Section IX, Termination Once executed, this MOU supersedes all previous agreements between the parties regarding the same subject matter VIII. Amendments This MOU incorporates all negotiations, interpretations, and understandings between the Parties regarding the same subject matter, and serves as the full and final expression of their agreement This MOU may be amended by written agreement executed by and between both Parties Any change, alteration, deletion, or addition to the terms set forth in this MOU, including to any of its attachments, must be by written agreement executed by the Parties in the same manner as this MOU was initially executed If there are any conflicts in the amendments to this MOU, the last-executed amendment shall prevail All provisions not in conflict with the amendment(s) shall remain in effect and are to be performed as specified in this MOU IX. Termination A This MOU may be unilaterally terminated for cause by either party upon finding that the terms and conditions contained herein have been breached by the other party Written notice of termination shall be provided to the breaching party, however, prior-written notice is not required and notice may be provided upon cessation of work under the agreement by the non-breaching party B In addition, this MOU is subject to unilateral termination by the Providing Agency without notice to the Requesting Party for failure of the Requesting Party to comply with any of the requirements of this MOU, or with any applicable state or federal laws, rules, or regulations, including Section 119 0712(2), Flonda Statutes C This MOU may also be cancelled by either party, without penalty, upon 30 days' advanced written notice to the other party All obligations of either party under the MOU will remain in full force and effect dunng the thirty(30) day notice period X Notices Any notices required to be provided under this MOU may be sent via U S Mail, facsimile transmission, or e-mail to the following individuals Page 7 of 9 DAVID(LEA)Data Exchange MOU(Rev 11/03/2015) For the Providing Agency Chief, Bureau of Records 2900 Apalachee Parkway Tallahassee, Florida 32399 Fax (850) 617-5168 E-mail DataListinQUnitaflhsmv qov For the Requesting Party Agency Point-of-Contact listed on the signature page XI. Additional Database Access/Subsequent MOU's The Parties understand and acknowledge that this MOU entitles the Requesting Party to specific information included within the scope of this agreement Should the Requesting Party wish to obtain access to other personal information not provided hereunder, the Requesting Party will be required to execute a subsequent MOU with the Providing Agency specific to the additional information requested All MOU's granting access to personal information will contain the same clauses as are contained herein regarding audits, report submission, and the submission of Certification and Attestation statements The Providing Agency is mindful of the costs that would be incurred if the Requesting Party was required to undergo multiple,audits and to submit separate certifications, attestations, and reports for each executed MOU Accordingly, should the Requesting Party execute any subsequent MOU with the Providing Agency for access to personal information while the instant MOU remains in effect, the Requesting Party may submit a wntten request, subject to Providing Agency approval, to submit one of each of the following covenng all executed MOU's Quarterly Quality Control Review Report, Certification, and Attestation, and/or to have conducted one comprehensive audit addressing internal controls for all executed MOU's The Providing Agency shall have the sole discretion to approve or deny such request in whole or in part or to subsequently rescind an approved request based upon the Requesting Party's compliance with this MOU and/or any negative audit findings REMAINDER OF THIS PAGE INTENTIONALLY LEFT BLANK Page 8 of 9 DAVID(LEA)Data Exchange MOU(Rev 11/03/2015) , • IN WITNESS HEREOF, the Parties hereto, have executed this Agreement by their duly authorized officials on the date(s) indicated below REQUESTING PARTY: PROVIDING AGENCY: Clermont Police Department Florida Department of Highway Safety and Motor Vehicles Agency Name 2900 Apalachee Parkway 865 W. Montrose Street Tallahassee, Flonda 32399 Street Address Suite Clermont \ FL 34711 City State Yip Code BY —: / BY r Signature of Authorized Official Signature of Authorized Official Charles Broadway Lisa M Bassett Printed/Typed Name Printed/Typed Name Chief Chief, Bureau of Purchasing and Contracts Title Title 3 9 - k- .9_ctc, Date Date cbroadway@clermontfl org Official Agency Email Address (352) 394-5588 Phone Number Agency Point-of-Contact Steven Strickland Printed/Typed Name sstrickland@clermontfl org Official Agency Email Address (352) 394-5588 /(352) 394-1644 Phone Number Fax Number Page 9 of 9 DAVID(LEA)Data Exchange MOU(Rev 11/03/2015) i • ATTACHMENT 1 FLORIDA DEPARTMENT OF HIGHWAY SAFETY AND MOTOR VEHICLES Request For Exempt Personal Information In A Motor Vehicle/Driver License Record The Driver's Privacy Protection Act, 18 United States Code sections 2721-2725("DPPA")make personal mformation contained m motor vehicle or driver license records confidential and exempt from disclosure Personal information m a motor vehicle record includes,but is not limited to,an mdividual's social security number,driver license or identification number,name,address,telephone number,medical or disability mformation,and emergency contact information Personal information does not include information related to vehicular crash data(such as occurrence of a crash,speed,vehicle identity,alcohol use,location,and cause of crash),driving violations,and driver status Personal information from these records may only be released to mdividuals or organizations that qualify under one of the exceptions provided m DPPA, which are listed on the back of this form A request for information may be made m letter form(on company/agency letterhead,if appropriate)stating the nature of the request,the exception under which the request is made,the use of the information,and a statement that the information will not be used or redisclosed except as provided in DPPA,or by completing the information below I am a representative of an organization requesting personal information for one or more records as described below I declare that my organization is qualified to obtain personal information under exception number 2 as listed on the reverse side of this form I understand that I may not use or redisclose this personal information except as provided in DPPA and that any use or redisclosure in violation of these statutes may subject me to cnmmal sanctions and civil liability The information will be used as follows(attached additional page,if necessary) Law Enforcement Purposes Obtaining personal information under false pretenses is a state and federal crime Under penalties of peijury,I declare that I have read the foregoing Request For Exempt Personal Information in A Motor Vehicle/Dnver License Record and that the facts stated in it are true DRIVER PRIVACY PROTECTION ACT EXEMPTIONS Pursuant to section 119 0712(2), F S,personal information m motor vehicle and driver license records can be released for the following purposes,as outlmed m 18 United States Code,section 2721 1 Personal information referred to m subsection(a)shall be disclosed for use m connection with matters of motor vehicle or driver safety and theft,motor vehicle emissions,motor vehicle product alterations,recalls,or advisones, performance momtormg of motor vehicles and dealers by motor vehicle manufacturers,and removal of non-owner records from the ongmal owner records of motor vehicle manufacturers to cavy out the purposes of titles I and IV of the Anti Car Theft Act of 1992,the Automobile Information Disclosure Act(15 U S C 1231 et seq),the Clean Air Act(42 U S C 7401 et seq),and chapters 301,305,and 321-331 of title 49,and,subject to subsection 2 For use by any government agency,mcludmg any court or law enforcement agency,in carrying out its functions,or any private person or entity acting on behalf of a Federal,State,or local agency m carrymg out its functions 3 For use in connection with matters of motor vehicle or driver safety and theft,motor vehicle emissions,motor vehicle product alterations,recalls,or advisories,performance monitoring of motor vehicles,motor vehicle parts and dealers,motor vehicle market research activities,including survey research,and removal of non-owner records from the original owner records of motor vehicle manufacturers 4 For use in the normal course of business by a legitimate business or its agents,employees,or contractors,but only- (a) to venfy the accuracy of personal information submitted by the individual to the business or its agents, employees,or contractors,and (b) if such information as so submitted is not correct or is no longer correct,to obtain the correct information,but only for the purposes of preventing fraud by,pursuing legal remedies against,or recovering on a debt or security interest against,the individual 5 For use in connection with any civil,criminal,administrative,or arbitral proceeding in any Federal, State,or local court or agency or before any self-regulatory body,including the service of process,investigation in anticipation of litigation,and the execution or enforcement of judgments and orders,or pursuant to an order of a Federal,State,or local court 6 For use in research activities,and for use in producing statistical reports,so long as the personal information is not published,redisclosed,or used to contact individuals 7 For use by any insurer or insurance support organization,or by a self-insured entity,or its agents, employees,or contractors,in connection with claims investigation activities,antifraud activities,rating or underwriting 8 For use in providmg notice to the owners of towed or impounded vehicles 9 For use by any licensed pnvate investigative agency or licensed security service for any purpose permitted under this subsection 10 For use by an employer or its agent or insurer to obtain or verify mformation relating to a holder of a commercial driver's license that is required under chapter 313 of title 49 11 For use in connection with the operation of private toll transportation facilities 12 For any other use in response to requests for mdividual motor vehicle records if the State has obtained the express consent of the person to whom such personal information pertains 13 For bulk distribution for surveys,marketing or solicitations if the State has obtained the express consent of the person to whom such personal information pertains 14 For use by any requester,if the requester demonstrates it has obtained the written consent of the individual to whom the information pertains 15 For any other use specifically authorized under the law of the State that holds the record,if such use is related to the operation of a motor vehicle or public safety HSMV No.:0725-16 AMENDMENT NO. 1 TO THE MEMORANDUM OF UNDERSTANDING BETWEEN THE FLORIDA DEPARTMENT OF HIGHWAY SAFETY AND MOTOR VEHICLES AND CLERMONT POLICE DEPARTMENT THIS AMENDMENT NO. 1, is made to the MEMORANDUM OF UNDERSTANDING (MOU) between the FLORIDA DEPARTMENT OF HIGHWAY SAFETY AND MOTOR VEHICLES,hereinafter referred to as"Providing Agency" or"Department,"and CLERMONT POLICE DEPARTMENT, hereinafter referred to as"Requesting Party,"collectively referred to as "the Parties," executed on or about 3/31/2016. WHEREAS, the MOU was executed for the purpose of establishing the conditions and limitations under which the Providing Agency agrees to provide electronic access to DAVID information to the Requesting Party;and WHEREAS, as required in the MOU, access to and use of DAVID information shall be in accordance with Chapter 119, Florida Statutes, and the Driver's Privacy Protection Act (DPPA), and may only be disclosed to persons to whom disclosure is authorized under Florida law and federal law; and WHEREAS, in order to ensure that this MOU complies with the requirements of Federal law, the Parties wish to add additional language addressing access to and disclosure of data that mayinclude the deceased d date of an individual;and WHEREAS, changes to the MOU are required to be made in writing, in accordance with section VIII. Amendments; and WHEREAS, this Amendment is required to add the additional compliance requirements to the MOU. NOW THEREFORE, in consideration of the mutual benefits to be derived here from,the Parties hereto do hereby amend the MOU as follows: Added language is shown herein as underlined. Existing language that was already underlined is shown herein with a double-underline. II. The third paragraph of section III. or' , is hereby amended as follows: Under this MOU,the Requesting Party will be provided,via remote electronic means,information pertaining to driver licenses and vehicles, including personal information authorized to be released pursuant to Section 119.0712(2), Florida Statutes and DPPA. By executing this MOU, Requesting Party agrees to maintain the confidential and exempt status of any, and all information provided by the Providing Agency pursuant to this agreement and to ensure that any person or entity accessing or utilizing said information shall do so in compliance with Section 119.0712(2), Florida Statutes and DPPA. In Page 1 of 4 DAVID MOU Amendment Adding DMF Data Compliance(New 11/2018) HSMV No.:0725-16 addition, the Requesting Party agrees that insurance policy information shall be utilized pursuant to Section 324.242(2), Florida Statutes. Furthermore, the deceased date of an individual shall only be provided to a Requesting Party that meets the qualifications of 15 CFR §1110.102. Disclosure of the deceased date of an individual,which is not in compliance with 15 CFR§1110.102, is punishable under 15 CFR§1110.200. Additionally, because the Social Security Administration does not guarantee the accuracy of the Death Master File,the Requesting Party is reminded that adverse action should not be taken against any individual without further investigation to verify the death information listed (A notice from the Social Security Administration addressing the foregoing is attached hereto and incorporated herein by reference). III. Section IV.Statement of Work,subsection B., is hereby amended by adding item 14. 14. Access and utilize the deceased date of an individual,or other information from the NTIS Limited Access Death Master File, as defined in 15 CFR§1110.2, in conformity with the following requirements: (a) Pursuant to 15 CFR §1110.102, the Requesting Party certifies that its access to DMF information is appropriate because the Requesting Party: (i) has a legitimate fraud prevention interest, or a legitimate business purpose pursuant to a law, governmental rule, regulation, or fiduciary duty; (ii) has systems, facilities, and procedures in place to safeguard such information, and experience in maintaining the confidentiality, security, and appropriate use of such information, pursuant to requirements reasonably similar to the requirements of section 6103(p)(4) of the Internal Revenue Code of 1986; and (iii) agrees to satisfy such similar requirements. Ib) Pursuant to 15 CFR §1110.102, the Requesting Party certifies that it will not: (i) disclose DMF information to any person other than a person who meets the requirements of subsection IV. B. 14 (a), above; (ii) disclose DMF information to any person who uses the information for any purpose other than a legitimate fraud prevention interest or a legitimate business purpose pursuant to a law,governmental rule, regulation, or fiduciary duty; (iii)disclose DMF information to any person who further discloses the information to any person other than a person who meets the requirements of subsection IV. B. 14 (a), above:or(iv) use DMF information for any purpose other than a legitimate fraud prevention interest or a legitimate business purpose pursuant to a law,governmental rule, regulation or fiduciary duty. IV. The second paragraph of section V. Safeeuardin Inform on, is hereby amended as follows: Any person who willfully and knowingly violates any of the provisions of this section is guilty of a misdemeanor of the first degree punishable as provided in Sections 119.10 and 775.083, Florida Statutes. In addition,any person who willfully and knowingly discloses any information in violation of DPPA may be subject to criminal sanctions and civil liability. Furthermore, failure to comply with 15.CFR §1110.102 pertaining to the deceased date of an individual may result in penalties of$1,000 for each disclosure or use, up to a maximum of$250.000 in penalties per calendar year, pursuant to 15 CFR§1110.200. Page 2 of 4 DAVID MOU Amendment Adding DMF Data Compliance(New 11/2018) HSMV No.:0725-16 V. Item D., under that part of section V. Safegyrdipg Information, that begins with "The Parties mutually agree to the following:", is hereby amended as follows: D. The Requesting Party shall comply with Rule 74-2, Florida Administrative Code, and with Providing Agency's security policies, and employ adequate security measures to protect Providing Agency's information, applications, data, resources, and services. The applicable Providing Agency security policies shall be made available to Requesting Party. Additionally, with respect to the deceased date of an individual, the Requesting Party shall have systems, facilities, and procedures in place to safeguard such information, and experience in maintaining the confidentiality, security, and appropriate use of such information, pursuant to requirements reasonably similar to the requirements of section 6103(0)(4)of the Internal Revenue Code of 1986 and agrees to satisfy such similar requirements. VI. Section XIII.Certification Information, is hereby added to the MOU as follows: Pursuant to IV.B.14(a) above, the Requesting Party certifies that access to DMF information is appropriate based on the following specific purpose(please describe the legitimate purpose): \\ 11.^!S OA WON`V �J� V5V_..1 TJ `haw. Oar �uti� �✓r�Jv. Please indicate whether the Requesting Party desires to re-disclose the deceased date of any individual to any other person or entity. YesNoX If the Requesting Party desires to re-disclose the deceased date of any individual to any other person or entity,the Requesting Party agrees that it will not re-disclose the data received from the Providing Agency. but ratherwill contact NTIS at https://classic.ntis.gov/products/ssa-dmf/#to become a Certified Person, as defined by 15 CFR §1110.2. A Requesting Party who is a Certified Person may only disclose the deceased date of an individual pursuant to the Requesting Party's obligations under 15 CFR §1110.102." VII. All other terms and conditions of the original MOU not herein revised shall be and remain the same in full force and effect. REMAINDER OF THIS PAGE INTENTIONALLY LEFT BLANK Page 3 of 4 DAVID MOU Amendment Adding DMF Data Compliance(New 11/2018) • HSMV No.:0725-16 IN WITNESS WHEREOF, the undersigned have caused this AMENDMENT to be executed by their authorized officials as of the last date indicated below. For:Clermont Police De.- ment Sign. re CAN\ifs c. 1 a\ c e Title la-/s7 11 Il Date For: Florida Department of Highway Safety and Motor Vehicles: Signature of Authorized Official Printed/Typed Name Title Date Page 4 of 4 DAVID MOU Amendment Adding DMF Data Compliance(New 11/2018)