REPORT/RECOMMENDATION TO THE BOARD OF SUPERVISORS
OF SAN BERNARDINO COUNTY
AND RECORD OF ACTION
May 20, 2025
FROM
GILBERT RAMOS, Assistant Executive Officer, Human Services
SUBJECT
Title
Non-Financial Data Privacy and Security Agreement with the California Department of Social Services
End
RECOMMENDATION(S)
Recommendation
1. Approve non-financial Data Privacy and Security Agreement, including non-standard terms, with the California Department of Social Services ensuring the privacy and security of Personally Identifiable Information is protected and maintained at the County level, for the period of June 5, 2025 through September 1, 2028.
2. Authorize the Chair of the Board of Supervisors, the Chief Executive Officer, or the Assistant Executive Officer for Human Services to execute the non-financial Data Privacy Security Agreement and any non-substantive amendments to the Data Privacy and Security Agreement with the California Department of Social Services pertaining to the privacy and security of Personally Identifiable Information, on behalf of the County, subject to review by County Counsel.
3. Direct the Assistant Executive Officer for Human Services to transmit all future non-substantive amendments to the Data Privacy and Security Agreement to the Clerk of the Board of Supervisors within 30 days of execution.
(Presenter: Gilbert Ramos, Assistant Executive Officer, 387-3073)
Body
COUNTY AND CHIEF EXECUTIVE OFFICER GOALS & OBJECTIVES
Provide for the Safety, Health and Social Service Needs of County Residents.
FINANCIAL IMPACT
Approval of this item does not impact Discretionary General Funding (Net County Cost) as the recommended Data Privacy and Security Agreement (PSA) is non-financial.
BACKGROUND INFORMATION
Under the terms of the recommended PSA, Human Services (HS) staff will be allowed to continue accessing the security and privacy of Personally Identifiable Information (PII) contained in the Medi-Cal Eligibility Data System, the California Statewide Automated Welfare System, the Income and Eligibility Verification System, and in data received from the Social Security Administration and other sources. The purpose of this PSA is to ensure counties comply with the requirements to maintain the privacy and security of PII that the County accesses through the California Department of Social Services (CDSS).
The CDSS PSA ensures that the County and HS staff who access, use, or disclose customer PII will comply with the privacy and security requirements, and restrict access to data containing PII to only authorized employees who require the information to perform their official duties in public social services programs. The data contains PII that can be used alone, or in conjunction with any other reasonably available information, to identify a specific individual including, but not limited to, name, social security number, driver license number, identification number, date of birth, place of birth, and/or mother’s maiden name. The PII may be electronic, paper, verbal, or recorded.
The PSA contains non-standard terms that require approval by the Board of Supervisors (Board) per County Policy 11-05. The non-standard terms include the following:
1. The PSA does not adhere to the County’s insurance standards as required pursuant to County Policy 11-07.
• The County Policy requires partner agencies to carry appropriate insurance at limits and under conditions determined by the County’s Risk Management Department.
• Potential Impact: The PSA does not include County standard insurance requirements. The County has no assurance that CDSS will be financially responsible for claims that may arise under the PSA, which could result in expenses to the County that exceed the total PSA amount.
2. The PSA does not require CDSS to indemnify the County, as required by County Policies 11-05 and 11-07.
• The County standard contract indemnity provision requires the contractor to indemnify, defend, and hold County harmless from third party claims arising out of the acts, errors or omissions of any person.
• Potential Impact: CDSS is not required to defend, indemnify or hold the County harmless from any claims, including indemnification for claims arising from CDSS’s negligent or intentional acts. If the County is sued, the County may be solely liable for the costs of defense and damages, which could exceed the total PSA amount.
HS recommends approval of the PSA, including non-standard terms to ensure compliance with the requirements to maintain the privacy and security of PII that the County accesses through CDSS. This item also requests authorization for the Chair of the Board, the Chief Executive Officer, or the Assistant Executive Officer for Human Services to execute the PSA, and any amendments on behalf of the County, subject to review by County Counsel. The request for approval of delegation of authority is due to CDSS’ short turnaround time for receipt of fully executed agreements and amendments.
PROCUREMENT
N/A
REVIEW BY OTHERS
This item has been reviewed by Human Services Contracts (Patty Steven, Contracts Manager, 388-0241) on April 29, 2025; County Counsel (Adam Ebright and Daniella Hernandez, Deputies County Counsel, 387-5455) on May 12, 2025; Risk Management (Greg Ustaszewski, Staff Analyst II, 386-9008) on May 13, 2025; Finance (John Hallen, Principal Administrative Analyst, 388-0208) on May 13, 2025; and County Finance and Administration (Cheryl Adams, Deputy Executive Officer, 388-0332) on May 13, 2025.