This SISE DATA USER Agreement, effective on the date of the SISE (Sensitive Information Sharing Environment) account is created and is between the All Hazards Consortium (“AHC”) and the “DATA USER” (DATA USER) of this account.
WHEREAS, AHC is a nonprofit organization focused on public/private collaboration in support of homeland security, business continuity, and disaster preparedness, response & recovery.
WHEREAS, to further its mission, AHC, in conjunction with other organizations, has developed a cloud-based exchange (the SISE, Sensitive Information Sharing Environment) to facilitate the sharing and synchronizing of certain proprietary and/or sensitive information to be used for operational purposes during periods of emergency response and recovery, and such information shall be treated as “SENSITIVE INFORMATION” hereunder.
WHEREAS, the DATA USER, in connection with its operations, desires to access information from the AHC and the SISE to be provided by pre-approved DATA PROVIDERS from governmental agencies, businesses and other organizations (the DATA PROVIDER(s)) to synchronize situational awareness and further facilitate collaboration, information sharing, decision making, and operational coordination between these governmental agencies, businesses and organizations in a no-fault, FOIA (Freedom of Information Act) free, private sector operated information sharing environment; and
WHEREAS, AHC and the SISE Data Providers are willing to disclose SENSITIVE INFORMATION to the DATA USER and provide the DATA USER with access to SENSITIVE INFORMATION, for the purposes set forth above pursuant to the restrictions, protections, and other provisions hereof.
WHEREAS, AHC and the SISE will use technology that supports the sharing of data without USER(s) taking possession of the data and to protect data from FOIA (Freedom of Information Requests) and non- operational use by non-approved SISE DATA USER(s).
NOW, THEREFORE, in consideration of the mutual covenants and promises set forth herein, the parties hereto agree as follows:
1. SENSITIVE INFORMATION may include, but not be limited to:
- datasets, geospatial data, video, tabular data, maps, spreadsheets, pictures, apps, website links, documents and/or information provided to the SISE from the DATA PROVIDER, or to which the DATA PROVIDER provides access, in oral, electronic, or written form, whether or not marked or identified as sensitive for competitive, legal, or other reasons.
- all copies of all such documents and/or information,
- all other media or content that contains such SENSITIVE INFORMATION, or other documents based upon or derived from SENSITIVE INFORMATION, prepared by the DATA PROVIDER in connection with its operations during emergency response situation
- information relating to the SISE Use Cases approved by the SISE Working Group and Committees.
- For purposes of clarity,
- “SENSITIVE INFORMATION” does not have the same meaning as the government’s data labeling for FOUO (for operational use only), classified, secret or top secret information.
- all information such as customer name, customer address, customer account number, customer id number, customer social services number, either alone or in combination, employee name, employee id number, employee address, social security number, driver’s license number, taxpayer identification number, federal or state tax identification number, employer identification number, United States passport number, green card number/USCIS#, PCII (Protected Critical Infrastructure Information, LES (Law Enforcement Sensitive), sensitive or reserved data for both internal and external communications will be categorized as too sensitive and may not be provided to the SISE based on DATA PROVIDER preference.
2. The DATA USER shall:
- hold SENSITIVE INFORMATION in strict confidence,
- not disclose SENSITIVE INFORMATION to any other person(s), organization(s), agency(s), firm(s), or corporation(s) (including, but not limited to, parents, subsidiaries, or affiliates of the DATA USER), outside of the SISE unless previously approved by the SISE DATA PROVIDER,
- not use SENSITIVE INFORMATION other than in connection with its operations during emergency response and/or recovery situations, and in accordance with the Use Case(s) set forth by the SISE Working Group,
- limit reproduction of SENSITIVE INFORMATION to the extent required for its operations during emergency response and/or recovery situations, or the SISE Use Case planning processes
- when applicable, store SENSITIVE INFORMATION, based on DATA PROVIDER permissions, in a secure location that is not accessible to any person not authorized to receive the SENSITIVE INFORMATION under the SISE provisions hereof, and
- otherwise use at least the same degree of care to avoid publication or dissemination of SENSITIVE INFORMATION to its employs (or would employs) with respect to its own SENSITIVE information which it does not (or would not) desire to have published or disseminated.
3. AHC and the Data Providers, at any time, shall have the right to request adequate assurances that the foregoing restrictions and protections concerning SENSITIVE INFORMATION are being observed and the DATA USER shall be obligated to promptly provide AHC and the Data Providers with the requested assurances.
4. Notwithstanding the provisions of paragraph 2 hereof, the DATA USER may disclose SENSITIVE INFORMATION to its directors, officers, employees, and in house contractors (collectively, “Agents”) who have a legitimate “need to know” of such SENSITIVE INFORMATION in connection with the DATA USER’s operations during emergency response and/or recovery situations, provided that each such
- is advised by the DATA USER of the SENSITIVE nature of such information; and
- is caused by the DATA USER to agree in writing to be bound by and observe the provisions of this SISE DATA USER Agreement as though the Agent were a DATA USER.
- Notwithstanding the foregoing, the DATA USER shall be responsible to AHC for any act or omission of the DATA USER’s Agents which, if committed by the DATA USER, would constitute a breach of this DATA USER Agreement; and
- data sharing or access to the information, unless otherwise defined, shall be limited screen sharing technology or access to the SISE’s cloud based, information exchange platform and the specific information product
5. The SISE will provide multiple tiers of DATA USER access security to protect SENSITIVE INFORMATION:
- Tier 1 – data supporting use cases in this tier will be accessible by SISE DATA USER(s) who are vetted and approved via the SISE identity verification process that includes the creation of a SISE DATA USER profile, agreement with SISE DATA USER AGREEMENT terms & conditions. User profiles will contain user submitted information: name, organization, address, cell phone, valid email, and other survey information relevant to the users work and areas of interest.
- Tier 2 – data supporting use cases in this level will be accessible by vetted SISE USER(s) from Tier 1 with the additional protections of a new agreement and use of a 2-factor authentication process for each login.
- Tier 3 – data supporting use cases in this level will be accessible by vetted SISE Users from Tier 1 with the additional protections to be defined by the DATA PROVIDER.
6. Notwithstanding the provisions of paragraph 2 hereof, if the DATA USER or its Agents, pursuant to applicable law or regulation or legal process, are requested or required to disclose any SENSITIVE INFORMATION, the DATA USER shall,
- provide AHC with prompt written notice of such request or requirement to enable AHC and the applicable Data Providers to consult with the DATA USER with regard to the steps that may be taken by AHC or the applicable Data Providers to reduce the extent of SENSITIVE INFORMATION that must be disclosed and/or,
- to enable AHC or the applicable DATA PROVIDERS to seek an appropriate protective order or other remedy reducing the extent of SENSITIVE INFORMATION that must be disclosed.
- In any event, the DATA USER and its Agents shall disclose only such SENSITIVE INFORMATION which they are advised by legal counsel is legally required to comply with such applicable law or regulation or legal process (as such may be affected by any protective order or other remedy obtained by AHC or the applicable Data Providers) and,
- the DATA USER and its Agents shall use reasonable efforts to ensure that all SENSITIVE INFORMATION that is so disclosed will be accorded to the appropriate treatment.
7. In some cases, the DATA PROVIDER may share digital information with the SISE DATA USER(s) via email or other digital or non-digital for Where applicable, within five (5) days after the earlier of (a) the end of the emergency response and/or recovery situation has ended (as defined by the AHC/SISE) for which the SENSITIVE INFORMATION was accessed, and (b) AHC’s written demand, the DATA USER shall:
- destroy and delete, and cause its Agents to destroy and delete, all copies of the SENSITIVE INFORMATION including all copies of all documents and of all other media that contain any SENSITIVE INFORMATION and all copies of any extracts, compilations, screen shots, studies or other documents prepared by the DATA USER, or its Agents based on or derived from SENSITIVE INFORMATION; and
- certify to AHC that the destruction and deletion by the DATA USER and its Agents required by clause (a) above has occurred by having a duly authorized officer of the DATA USER (or, if the DATA USER is not a corporation, agency, or other entity with officers, then the DATA USER shall have an authorized person of similar position and authority in the DATA USER) complete, execute and deliver to AHC (at the address for AHC pursuant to paragraph 9 hereof) a certification in the form attached hereto as Exhibit A. Compliance with this paragraph 5 shall not relieve the DATA USER from compliance with the other provisions of this DATA USER Agreement.
8. Nothing in this DATA USER Agreement shall be construed as granting or conferring any rights, by license or otherwise, expressly, implicitly, or otherwise, under any patents, copyrights or trade secrets of AHC or any of the Data Providers. Nothing in this DATA USER Agreement shall be construed as requiring the disclosure of, or the granting of access to, any SENSITIVE INFORMATION to the DATA USER, and the DATA USER’s access to SENSITIVE INFORMATION may be terminated at any time. No rights or obligations other than those expressly stated herein shall be implied from this DATA USER Agreement.
9. The DATA USER understands and agrees that neither AHC/SISE nor any of the DATA PROVIDERS are making any representations or warranties, express or implied, as to the accuracy or completeness of the SENSITIVE INFORMATION, or any portion thereof, and that AHC and the DATA PROVIDERS disclaim any and all liability from the use or reliance on the SENSITIVE INFORMATION.
10. The DATA USER and its Agents shall not be relieved of their obligations hereunder with respect to any SENSITIVE INFORMATION by reason of its availability to the public by publication or otherwise at any time and regardless of whether it was available to the public before or after it was disclosed pursuant to this DATA USER Agreement.
11. The parties acknowledge that disclosure or misuse of SENSITIVE INFORMATION in violation of this DATA USER Agreement may result in irreparable harm to AHC and the Data Providers, the amount of which may be difficult to ascertain, and which could not be adequately compensated by monetary damages, and that therefore AHC and the applicable Data Providers are entitled to specific performance and/or injunctive relief to enforce compliance with the provisions of this DATA USER Agreement.
12. All notices and other correspondence hereunder shall be in writing and shall be sent by certified mail (return receipt requested), by personal delivery, or by a nationally recognized overnight courier service, as follows:
If to the DATA USER:
- to the name and address for the DATA USER first written above
If to AHC:
- All Hazards Consortium, 47 E. South Street, Suite 201, Frederick, MD 20701
- Attn: Tom Moran, Executive Director
A parties may change the address or addressee for notices and other correspondence to it hereunder by notifying the other party by written notice given pursuant hereto.
13. The DATA USER irrevocably submits to the jurisdiction of the courts located within MARYLAND with regard to any dispute or controversy arising out of or relating to this DATA PROVIDER AGREEMEN The DATA PROVIDER agrees that service of process on it in relation to such jurisdiction may be made by certified mail, return receipt requested, addressed to the AHC at the address for the AHC pursuant to paragraph 10 hereof and that such service shall be deemed sufficient even under circumstances where, apart from this paragraph 11, there would be no jurisdictional basis for such service. The AHC agrees that service of process on it may also be affected in any manner permitted by law.
14. This DATA USER Agreement shall be interpreted, and the rights and obligations of the parties determined, in accordance with the laws of – MARYLAND without recourse to such state’s choice of law rules.
15. This DATA USER Agreement may be executed in one or more counterparts, each of which shall be deemed an original, but all of which shall together constitute one and the same instrument. Copies of this DATA USER Agreement and copies of signatures on this DATA USER Agreement, including any such copies delivered by facsimile or .pdf, shall be treated for all purposes as original
16. This DATA USER Agreement may not be amended or modified except by the AHC.
17. This DATA USER Agreement shall be binding upon, and inure to the benefit of, the permitted successors and assigns of each party; provided, however, that this DATA USER Agreement may not be assigned by a party without the prior written consent of the other party and any purported assignment without such consent shall be void.
18. This DATA USER Agreement constitutes the entire agreement between the parties with respect to the subject matter hereof and any prior or contemporaneous oral or written agreements or understandings with respect to such subject matter are merged herein.
19. This DATA USER Agreement shall be construed as to its fair meaning and not strictly for or against either party.
20. No portion of this DATA USER Agreement is binding upon a party until it is accepted by the DATA USER via:
- the online SISE User Account Creation page or,
- executed in writing via a signed written agreement on behalf of that party in the space provided below and delivered to the AHC/SISE.
- Prior to such execution and delivery, neither the submission, exchange, return, discussion, nor the negotiation of this document, whether or not this document is then designated as a “draft” document, shall have any binding effect on a party.
21. The DATA PROVIDERS are third party beneficiaries of this DATA USER Agreement and may enforce those provisions of this DATA USER Agreement in which the DATA PROVIDERS are specifically referenced.
22. The AHC does not endorse or guarantee any the 3rd party links to DATA PROVIDER websites, portals, apps, etc. The products and services offered on DATA PROVIDER sites are not products of the AHC and the AHC cannot attest to the accuracy of information provided by the linked sites. Linking to a DATA PROVIDER website does not constitute endorsement by AHC, or any of its stakeholders (e.g., officers, working group members, contactors, employees or public/private stakeholders, sponsors, e) of the sponsors of the site or the datasets, information or products presented on the site(s). Other websites which DATA USERS may link to from the AHC are not bound by AHC Security & Privacy Policies, or this DATA USER agreement.
23. As with all disasters, this information is subject to change without notice. The All Hazards Consortium, the SISE, the Multi-State Fleet Response Working Group, the utilities involved, and the states, expressly disclaim any liability whatsoever, for any usage of this information by its recipient. Recipient’s usage of this data constitutes a waiver of any claim it may have with respect to its use of the data. Please consider all information operationally confidential.