HomeMy WebLinkAboutWashington State DOL - Contracted Plate Search (CPS) Use and Disclosure Aov:vaignEnvelope ID: ruozn4cr'oo4A-4sA4-oeFo-CoF4441AoFro
/
�N
mamxxnmno,mmomonm
[-|��U�NS|NG
CONTRACTED PLATE SEARCH
(CPS)
USE AND DISCLOSURE AGREEMENT
New Account No.
Renewal Account No.
622314
n`
Start date
Upon Execution
End date
April 3O.3O23
Financial Amount
Revenue: Dependent on Usage.
Licensee's Name
City wfYakima
uuensee'voBx
Licensee physical address
129 N 2""StYakima VVA 98901
Licensee mailing address
Licensee Agreement Manager name
Glenn Denman
Licensee Manager Phone
609'575'6268
Licensee Manager e-mail address
G|ann.dmnmmn@yokimavvm.0mv
-:Dd0aftrn6ntof1_16eM0ind;([�011)��'`r���������'���`�������������!����`�j�:����,:������`���������`�^/�������'����
onL,mmm/enm/un
Data Management Office
ooLmvisi'm
Office and Performance and /ccountabi|hy
onL Agreement Manager information
Susan Mitchell
ooLcontact address
Department cfLicensing
PDBox QO2O
O|ympia, VVAA85U7'AU2O
ooLcontuct telephone
360'902'3708
ooLcontact fax
N/4
ooLcontact e-mail
dotooemiceo@do|wo.gov
^�t`'��"�y'
'-._-_---°^.�'
Required documents
The following documents are incorporated by reference: (Attachments include terms and cnnditiona. Exhibits are information only)
1 Attachment A.Data Security Requirements
2 AuaohmentB. Subscriber Requirements
3. Exhibit A'Information Request Log
4 Exhibit o'Sample Information Request Log Requirements
5. Exhibit C'Sample Notification Letter.
DOL reserves the right to modify or update all Exhibits as deemed appropriate. Licensee is responsible to check that
they are only using the most current version ofdocuments.
The terms and conditions of this Agreement are an integration of the final, entire and exclusive understanding betweenthe
Parties, superseding all previous agreements, writings, and communications, oral or otherwise, regarding the subject matter of this
Agreement. This Agreement is effective upon execution by both Parties. The Parties signing below represent that they have read
and understand this Agreement, and have the authority to execute on behalf of their entity.
Licensee
signature Date
u°""mu""^by.
4/I/2020
��
DOL signature
ooc,mv,°^^,. Date
� 4/3/2020
;/�
L e«���Q�y��0����
d���
CITY CONTRACT wm ~^���%o-— ^
pn"�nomeu�mo»ssvoo`,o�cp
Eve|yneL|oyd' Assistant Director
AdminiohnhveServices Division
Manager
,--»a
ncxuunmx� wwrl���
"
Alex weyerhoff Interim ciry
/ Washington Department of Licensing Page I
October omoVersion CPS Data Access /gmomom
DOL/greemont/Ac:ount #:
DocuSign Envelope ID: 780294CF-DB4A-4EA4-B9F9-C3F4441ADF75
This Data Sharing Agreement (hereinafter called "Agreement") is entered into by and between the Washington State
Department of Licensing (hereinafter called "DOL"), and the individual or entity named on the first page, (hereinafter
called "Licensee"). DOL and Licensee may be individually referred to as "Party", or jointly referred to as "Parties".
BACKGROUND INFORMATION
1. PURPOSE
The purpose of this Agreement is for DOL to establish the terms and conditions upon which it will grant Licensee
with limited access and use of DOL's Contracted Plate Search (CPS) system, for purposes of accessing
Confidential Information contained in DOL's vehicle and vessel records.
2. LEGAL JUSTIFICATION
DOL is authorized to enter into this Agreement Pursuant to Revised Code Washington (RCW) Chapters 19.02;
46.12, and 42.56; Washington Administrative Code (WAC) 308-10-075 & 308-93-087; the Federal Driver Privacy
Protection Act of 1994 (DPPA).
3. DEFINITIONS
As used throughout this Agreement the following terms have the meanings set forth below:
Authorized User or User- means any individual who is authorized by the Licensee to access CPS. This
definition includes all "Administrators" or account managers who also access CPS.
Confidential Information- means information requiring protection that is more sensitive than "public" and may be
exempt from disclosure to the public or other unauthorized persons under either RCW 42.56 or other state
or federal statutes. Pursuant to this Agreement, Confidential Information includes, but is not limited to,
vehicle and vessel ownership information, and any other personal information (such as name and address)
of the vehicle and vessel owners.
Contracted Plate Search or CPS — means the record retrieval and display systems for vehicle and vessel
registration information from DOL's DRIVES system.
Data — means any and all vehicle and vessel record information provided to the Licensee by DOL pursuant to this
to this Agreement.
DRIVES — means the primary DOL database from which vehicle and vessel registration information is retrieved
and then displayed to the CPS user by way of LicenseXpress. CPS users do not have direct access to the
DRIVES database.
Inquiry — means any access to CPS that returns: a record, or no record found.
Subscriber - means the agency, firm, provider, releasing entity, organization, individual, customer, or other entity
engaged in doing business with the Licensee to obtain, or otherwise utilize or receive benefit from, the Data
received from DOL and includes the purchasing of a service or product from Licensee. A Subscriber must
be entitled to the Data with a permissible use under the state and federal disclosure and privacy laws.
Vehicle Record — means any information contained in CPS that identifies a specified vehicle (of any type or
category) or the registered ownership thereof.
Vessel Record - means any information contained in CPS that identifies a specified vessel (of any type or
category) or the registered ownership thereof. .
SPECIAL TERMS AND CONDITIONS:
4. GRANT OF ACCESS
Subject to the terms and conditions of this Agreement, DOL hereby grants Licensee with a limited non-
transferable license for access and restricted use of vehicle and vessel Data from CPS This grant of access does
not provide Licensee with any ownership rights to the Data; at all times DOL remains the sole owner of the Data.
5. TERM OF AGREEMENT
The term of this Agreement begins on the date of mutual execution by both parties, and ends on the date noted
Washington Department of Licensing
Page 2 DOL Agreement/Account #:
October 2018 Version CPS Data Access Agreement
DocuSign Envelope ID: 780294CF-DB4A-4EA4-B9F9-C3F4441ADF75
on the first page, unless terminated sooner, or extended by the Parties pursuant to an executed amendment. If
licensee wishes to extend this Agreement, Licensee must timely notify DOL and renew its application. DOL does
not send notice of expiration to the Licensee.
6. SAFEGUARDING
Data provided pursuant to this Agreement includes Confidential Information. Licensee shall protect and
safeguard all Confidential Information received under this Agreement against any unauthorized disclosure, use,
or loss as set forth in Attachment A - Data Security Requirements, and further as set forth under all state and
federal requirements enacted or revised over time, regarding Data Security, electronic data interchange, and
restricted Permissible Uses of such information.
7. PERMISSIBLE USE
Data herein includes Confidential Information, and may only be used for Permissible Uses allowed by state or
federal law, and as specifically limited and defined under subsection - 7A.
Any other use of Confidential Information is strictly prohibited. This includes the use of active records for
purposes of testing and training. For purposes of training, Licensee only may use records in connection with
actual work performed in the normal course of business.
DOL also fully complies with Executive Order 17-01, and specifically prohibits the use of Data, or the release of
Data to other authorities, for purposes of investigating, locating, or apprehending individuals for immigration
related violations.
7A. Approved Use and Disclosure
Licensee may only use and disclose Data for the following limited purposes:
For use by a government agency to carry out its functions. The requested function is the City of Yakima has
a Code Compliance division that has limited commissioned officers (limited police powers) that enforce
vehicle ordinances related to parking on front lawns, junk vehicles, and similar things that require us to
obtain information that can be gleaned from license plates or VINs for the purpose of writing civil infraction
citations.
The sale or other distribution of any vehicle or vessel owner name or address to another person not
disclosed in a request or disclosure agreement executed with the department is a gross
misdemeanor punishable by a fine not to exceed ten thousand dollars, or by imprisonment in a
county jail for up to three hundred sixty-four days, or by both such fine and imprisonment for each
violation — RCW 46.12.640.
8. ACCESS PERIOD
The Access Periodis a duration of time under the term of this Agreement when Licensee, and each of its listed
"Users," are granted access to the Data. The Access Period may be suspended due to non-compliance with this
Agreement (to include any investigation of possible non-compliance). The suspension of the Access Period
prevents Licensee, or a specified User, from further access and/or use of data. Licensee and all Users remain
obligated to follow all other terms and conditions of this agreement.
9. ACCESS TO DATA
Licensee will be granted access to the Data upon receiving the following types of inquiries:
A. In writing by email to recordsdeskdol.wa.gov ($2.00 per record fee may apply).
B. Through online Internet access to CPS=via LicenseXpress. (The online system is designed to provide
continuous 24 hour access, but cannot be guaranteed. The CPS service may be temporarily inaccessible
during periods where the system is being evaluated, updated, or repaired.)
In order to use the CPS online services, Licensee must designate an Administrator (originally designated in the
application) who is responsible for establishing and managing all of Licensee's User accounts under this
Agreement. If a User will no longer be accessing Data through Licensee's account, the Administrator must
immediately remove that User account from the system.
Each User accessing Data on behalf of the Licensee must have an individual LicenseXpress account. User
accounts are not interchangeable and cannot be shared. Each user account must be maintained with its own
user account name and password. All account transactions are recorded in DRIVES to identify the information
Washington Department of Licensing
October 2018 Version CPS Data Access Agreement
Page 3 DOL Agreement/Account #:
DocuSign Envelope ID: 780294CF-DB4A-4EA4-B9F9-C3F4441ADF75
accessed through that account.
Licensee must actively monitor each User (including the Administrator and any account Managers) to ensure
Data is accessed and used only for official job responsibilities, and the limited permissible uses as permitted in
this Agreement. Licensee must immediately revoke the access of any User who accesses or uses Data outside
of the allowed Permissible Use or otherwise violates any terms or conditions of this agreement. DOL reserves
the right to suspend or terminate the access of specific users if DOL determines that such user is not
maintaining compliance with this Agreement. Continued User non-compliance may be grounds for termination
of this entire agreement.
The use of computerized applications (such as "bots") to access, retrieve, or store Data is prohibited.
10. FEES
Licensee shall pay fees for all transactions initiated by its Users.
A. The fee for use of CPS is $0.04 (four cents), applicable to all CPS Users, for each inquiry
including inquiries that return a "no file" or "no record found".
B. There is an additional $2.00 (two dollar) fee for each inquiry that returns a vehicle or vessel record.
(Government entities are exempt from the $2.00 fee pursuant to RCW 46.12.635).
C. DOL reserves the right to increase or decrease fees without notice or when mandated by law.
11. PAYMENT AND BILLING PROCEDURES
Invoicing and payment obligations are monthly, unless otherwise agreed upon in writing.
A. Licensee, must pay invoices within thirty (30) days of the date of invoice. Payment must include the
CPS account number and a copy of the invoice. Payment is to be made to
Department of Licensing, CPS (account #)
P.O. Box 3907
Seattle, WA 98124.
B. Washington State agencies may pay invoices using a journal voucher (JV) or by making an inter-
agency payment (IAP) using the DOL Statewide Vendor Number SWV0011175-01.
C. If Licensee fails to timely pay invoices, DOL reserves the right to suspend the access period, or
release the account to a collection agency. DOL may provide advance notice of suspension or
collection, but is under no requirement to do so if Licensee has failed to pay multiple payments.
D. If monthly bill totals $4.50 (four dollars fifty cents) or less, DOL may not send a bill and may carry over
the amount due to the next month's billing. If DOL ever fails to supply a monthly invoice, that amount
is carried over to the next month; DOL's failure to provide an invoice does not waive the Licensee's
obligation to pay for services, nor the Licensee's obligation to fully pay upon the next invoice received.
If Licensee fails to receive an invoice, it is encouraged to contact DOL accounting services at 360-
902-7428 immediately.
E. DOL reserves the right to require a deposit and to charge for the reimbursement of all mailing
costs associated with this Agreement.
12. ADDITIONAL LICENSEE REQUIREMENTS
To maintain an active Access Period, Licenseeshall:
A. Maintain a current business license for the term of the Agreement and provide a copy to DOL upon
request.
B. Provide each Authorized User with his or her own individual copy of this entire Agreement, and
require each User to review and acknowledge, in writing, that he or she understands and will fully
comply with this Agreement. (Written acknowledgments are reviewed as part of an audit and must be
submitted to DOL on an annual basis [per §27], or upon request.)
C. Require each User to maintain individual (legible) Information Request Log(s)* (IRL) for every inquiry
made by that User (regardless of the return information by DOL). Licensee must maintain all IRLs for a
minimum of three (3) years. An IRL template is attached as Exhibit A.
* Licensee may use a legible IRL of their choosing, provided the IRL contains all of the data fields
set forth in Exhibit A and all data fields regarding a single inquiry fit on the same page.
Advisory Note: DOL may audit Licensee to determine whether it maintains all IRL's compared to
Licensee's activity records in DRIVES. Failure to maintain all IRL's is a material breach of this
Washington Department of Licensing Page 4 DOL Agreement/Account #:
October 2018 Version CPS Data Access Agreement
DocuSign Envelope ID: 780294CF-DB4A-4EA4-B9F9-C3F4441ADF75
agreement.
D. Licensee must notify DOL if it is an attorney or a private investigator receiving vehicle or vessel record
Data directly on-line from the CPS program. Under such circumstances, DOL will mail out notification
letters to the individuals whom are the subject -owners in the requested records —pursuant to
RCW 46.12.635(4). DOL reserves the right to invoice Licensee for the reimbursement of costs
associated with the required mailing to include, but not limited to: postage, envelopes, paper, etc.
E. If Licensee provides vehicle or vessel record Data to an attorney or private investigator, then Licensee
must, within five days, provide written notice to the subject owner of the requested records; Licensee
must further provide a copy of the notification letter to DOL's Public Disclosure unit.
13. SUBSCRIBER REQUIREMENTS
If Licensee provides Data to a Subscriber, Licensee must comply with all restrictions on Attachment B.
Subscriber Requirements.
GENERAL TERMS AND CONDITIONS
14. AMENDMENTS
This Agreement may only be amended by mutual agreement of the Parties. Such amendments are not binding
unless they are in writing and signed by personnel authorized to bind each of the Parties.
Only DOL's Director or designated delegate by writing has the expressed authority to alter, amend, modify, or
waive any clause or condition of this Agreement. Furthermore, any alteration, amendment, modification, or waiver
of any clause or condition of this Agreement is not effective or binding unless made in writing and signed by
DOL's Director or delegate.
15. ASSIGNABILITY
Licensee may not assign this Agreement, or any claim arising under this Agreement, without the prior written
consent of DOL, which consent will not be unreasonably withheld. For purposes of this paragraph, a change in a
corporate entity ownership and/or in the directorship of Licensee's entity, may be deemed by DOL as being the
equivalent of an assignment, and may be grounds for termination of this Agreement. If Licensee intends a change in
the ownership, it must provide notice to DOL.
16. AGREEMENT MANAGMENT
Licensee's Agreement manager, and DOL's Agreement manager, respectively listed on page one (1) are
responsible for all communications and notices pertaining to this Agreement. All such communications and
notices are to be made between the respective managers unless alternative personnel are established for specific
purposes. The use of email, to the most current email address on file for the other Party, is an acceptable form of
providing notice for all purposes in this Agreement.
Licensee is required to notify DOL in writing within three (3) business days of changes to: business name,
ownership, business address, phone number, email address, or Agreement manager or his/her contact
information.
17. DATA DISPOSITION CERTIFICATION
Licensee, upon the termination, expiration, or cancellation of this Agreement must dispose of all Data and must
execute a written certification concerning such disposition. Licensee, in making this certification must contact
DOL to receive DOL's Data Disposition Certification Form then in use.
18. DISPUTES
The Parties agree that time is of the essence in resolving disputes. The following are steps in the dispute
process:
When a dispute concerning a question of fact arises between DOL and Licensee and it cannot be resolved, either
Party may request a dispute hearing with DOL's Contracts Office. This is a requisite prior to seeking any court
action to resolve the dispute.
19. GOVERNANCE
Washington Department of Licensing Page 5 DOL Agreement/Account #:
October 2018 Version CPS Data Access Agreement
DocuSign Envelope ID: 780294CF-DB4A-4EA4-B9F9-C3F4441ADF75
This Agreement is to be construed and interpreted in accordance with the laws of
venue of any action brought hereunder will be in the Superior Court for Thurston
the state of Washington and the
County.
In the event of an inconsistency in this Agreement, unless otherwise provided the
by giving precedence in the following order:
A. Applicable federal and Washington State laws, and regulations;
B. Terms and conditions of this Agreement;
C. Attachment A - Data Security Requirements
D. Attachment B — Subscriber Requirements;
inconsistency shall be resolved
20. INDEMNIFICATION
To the extent allowed by law, Licensee shall defend, indemnify, protect and hold harmless DOL from and against
all claims, suits, actions and all associated costs arising from any negligent or intentional acts or omissions of
Licensee, or any Subscribers who received the Data from Licensee, during the performance of this Agreement.
This includes all matters related to the data security and permissible uses of the Data.
21. INDEPENDENT CAPACITY
The scope of this Agreement maintains each Party's independent status as a self -governed entity, and nothing herein
may be deemed as causing the Licensee, or any employee, personnel, or agent of the Licensee to be considered as
the employee, agent, or subcontractor of DOL.
22. INTEGRITY OF DATA
Vehicle and vessel Data is only presumed accurate at the moment pulled and is updated on an ongoing basis at
all times. Historical Data may be used to satisfy current business needs and/or requests for such
Data. Additionally, DOL may not be held liable for any errors which occur in compilation of Data, nor may DOL be
held liable for any delays in furnishing amended Data.
23. LICENSEE LEGAL COMPLIANCE STANDARDS
Licensee, as a Party under this Agreement with the DOL, must comply with all applicable local, state, and federal
laws, rules and regulations. Such compliance minimally includes without limitation, all applicable licensing
requirements of the state of Washington, all civil rights and non-discrimination laws, the Americans with
Disabilities Act (ADA) of 1990, and all federal and state employment laws. Failure to comply with this provision
may be grounds for termination of this Agreement regardless of affect it may have on the subject matter of this
Agreement.
24. PUBLIC REQUESTS FOR INFORMATION
If Licensee is subject to chapter 42.56 RCW, Public Records Act, or any similar Act under its own jurisdiction, then
to the extent consistent with chapter 42.56 RCW, Licensee will maintain the confidentiality of all Confidential
Information provided under this Agreement. If a request is made for Confidential Information Licensee will
withhold the information, notify DOL of the request, provide DOL with a copy of the request, and allow DOL
adequate time to review the request and obtain a court injunction if necessary.
25. PUBLICITY & MEDIA
Licensee may not engage in any publicity or media, relative to the subject matter of this Agreement, where
DOL's name is included, or may be reasonably be implied, unless Licensee first provides copy of such
publicity and media to DOL, and DOL approves and permits the same. If DOL approves any advertising and
publicity matter, DOL reserves the right to add a disclaimer and/or rescind its approval at a later date.
26. RECORDS ACCESS, INSPECTIONS, AND DPPA
Licensee, at the request of DOL, must provide, access to all records retained in connection with this Agreement.
This is to include for a period no less -than the past three (3) years, and without limitation: All IRLs, and all records
connected with providing any and all Data to a Subscriber. Such records must be made available for inspection
and review in non -redacted form regardless of any claim of privilege or confidentiality. DOL may request copies at
no additional cost to DOL.
Licensee must carry forward this condition to all Subscriber contracts, so as to allow DOL the right to access,
review, inspect, and copy similar records of the Subscriber. Licensee may not agree to any non -disclosure
agreements that directly or indirectly restrain DOL from reviewing Subscriber's documents under this section.
Washington Department of Licensing Page 6 DOL Agreement/Account #:
October 2018 Version CPS Data Access Agreement
DocuSign Envelope ID: 780294CF-DB4A-4EA4-B9F9-C3F4441ADF75
DOL's monitoring and investigating may include, the act of introducing data containing unique but false
information (commonly referred to as "salting" or "seeding") that can be used later to identify inappropriate
disclosure of Data.
27. RECORD AUDITS
In addition to the right of access above, DOL may conduct random desk audits of Licensee, and may request
licensee to provide various records, documents and other information concerning Licensee's Data Security
protocols, Permissible Uses, and any issues of compliance with this Agreement. DOL may also request Licensee
to provide DOL with copies of any internal audit results. Licensee shall comply with all audit requests. DOL also
reserves the right to conduct (either itself or by its agent) on -site audits. Cost of audits, and the providing of
documents, will be at the expense of Licensee.
Licensee will receive audit notification instructions by email. Failure to reply timely and completely to a
notification will result in the interruption of service, or DOL may terminate this agreement. At the completion of
the audit Licensee will receive notice that the audit was or was not completed satisfactorily. When an audit is
not completed satisfactorily, CPS administration will provide Licensee with a listing of the errors and a
required cure process.
In addition to DOL conducting Audits, Licensee has the continuing obligation to perform a self -assessment of its
Data Security and Permissible Use compliance. This self -assessment must be performed on an annual basis for
every one-year interval period of this Agreement — performed at the end of each period. Licensee must confirm in
writing whether it is in compliance with Data Security and Permissible Use standards as set forth in Agreement.
Licensee must also provide copies of User verifications (per §12B), for all new Users whose accounts established
in CPS during that annual period.
If Licensee's internal audit, discovers any findings of non-compliance, Licensee will make a report of such
findings(s) and submit the complete audit report to DOL. When DOL audits Licensee, it may audit against the
accuracy of Licensee's internal findings. If DOL discovers the Licensee was not accurate with its findings, DOL
may force Licensee to undergo independent third -party audits, or DOL may terminate this agreement.
28. RECORDS MAINTENANCE
Licensee shall maintain all records relating to this Agreement, including all service and account records, all
compliance records, Permissible Use documentation, investigation records related to the release and use of
Confidential Information, and all correspondence and legal records related to Subrecipients for a period of at least
three (3) years after the term of this Agreement.
If any litigation or audit is started before the expiration of the three-year period, the records must be retained until all
litigation, claims, or audit findings involving the records have been resolved including any appeals and remands.
29. SEVERABILITY
If any term or condition of this Agreement is held invalid, the remainder of the Agreement remains valid and in full
force and effect.
30. SURVIVORSHIP
The terms, conditions and warranties contained in this Agreement that concern Permissible Use of Data, Data
Security, and record retention, and Data destruction, survive the completion of the performance, cancellation or
termination of this Agreement.
31. TERMINATION
Termination of this Agreement may be made as set forth below. All termination matters may be equally applied to
a suspension of the Access Period instead of a full termination, except that any suspension lasting longer than
ninety (90) days will automatically terminate this Agreement.
A. Unilateral Termination by Licensee
Licensee may terminate this Agreement at any time and for any reason upon providing written notice to DOL.
If at the time of termination Licensee was under a corrective action plan, DOL may refuse future Agreements.
B. Administrative Terminations (Administrative terminations are without cause.)
If DOL's authority to actively engage in this Agreement is suspended or terminated, such a termination or
suspension will automatically cause a termination or suspension of this Agreement.
Washington Department of Licensing Page 7 DOL Agreement/Account #:
October 2018 Version CPS Data Access Agreement
DocuSign Envelope ID: 780294CF-DB4A-4EA4-B9F9-C3F4441ADF75
Additionally, if DOL, as a state agency, determines that the continuation of this Agreement no longer conforms
to DOL's policy, and/or is no longer in the best interests of DOL or the state of Washington, DOL may
terminate this Agreement for convenience by giving written notice to Licensee at least fifteen (15) business
days before the effective date of termination. Administrative terminations are without cause.
C. Termination for Cause
DOL may terminate this Agreement, or suspend the Access Period if Licensee or Licensee's Subrecipient
violates a term, condition, or requirement of this Agreement. DOL has sole discretion on whether Licensee or
Subrecipient's non-compliance is cause for an immediate termination or suspension, or whether Licensee or
Subrecipient should be given a cure process to correct the non-compliance.
For any determination of non-compliance, DOL must provide Licensee with a written statement identifying the
full nature of Licensee's breach and justifying DOL's reasoning for seeking immediate suspension,
termination, or a cure process. DOL may suspend the Access Period to Data during a cure process. If DOL
allows for a cure process, the Parties will work together to establish the process and timeline. The agreed -
upon cure process will be put in writing and acknowledged by both Parties. If Parties cannot mutually
determine a cure process, or if Licensee does not substantially complete the cure process within the stated
timelines, DOL then has the right to elevate the matter to a final termination.
If DOL chooses an immediate suspension or termination, DOL must be able to identify how Licensee or
Subrecipient's non-compliance has caused, or could cause, harm to the rights or interests of DOL, the state of
Washington, or any individuals of the general public. All actions made by DOL in lieu of a termination for
cause are subject to the dispute and appeal process, but DOL's determination will remain controlling during
the review.
32. NON EXCLUSION OF REMEDIES
The rights and remedies of the Parties as provided in this Agreement, are not exclusive and are in addition to any
other rights and legal remedies provided by law, including without limitation, the right to receive financial
reimbursement for any incurred damages.
33. WAIVER
A failure by either Party to exercise its rights under this Agreement shall not preclude that Party from subsequent
exercise of such rights and shall not constitute a waiver of any other rights under this Agreement unless stated to
be such in a writing signed by an authorized representative of the Party and attached to the original Agreement.
Washington Department of Licensing Page 8 DOL Agreement/Account #:
October 2018 Version CPS Data Access Agreement
DocuSign Envelope ID: 780294CF-DB4A-4EA4-B9F9-C3F4441ADF75
ATTACHMENT A - DATA SECURITY REQUIREMENTS
DATA SECURITY REQUIREMENTS
1. Data Classification
The classification of the data shared is considered:
® Category 3 — Confidential Information
2. Computer Security
Licensee shall maintain the computers that access DOL data by ensuring the operating system and
software are updated and patched regularly, such that they remain secure from known vulnerabilities.
Licensee further agrees that the computer device(s) are installed with an Anti -Virus solution and
signatures updated frequently.
3. Access Security
Access to the data will be restricted to authorized users by requiring a login using a unique user ID
and complex password or other authentication mechanism which provides equal or greater security.
Passwords must be changed on a periodic basis and the sharing of user ID and passwords is strictly
prohibited.
4. Data Storage
Licensee agrees that any and all DOL data will be stored, processed, and maintained solely on
designated DOL computing equipment and that no DOL data at any time will be processed on, or
transferred to, any portable storage medium.
5. Data Transmission
Licensee agrees that any and all electronic transmission or exchange of system and application data
with DOL and/or any other parties expressly designated by DOL shall take place via secure means
(e.g., HTTPS or SFTP).
6. Distribution of Data
Licensee shall ensure no DOL data of any kind shall be transmitted, exchanged, or otherwise passed
to other Licensees/vendors or interested parties except on a case -by -case basis as specifically
agreed to in writing by DOL. Licensee further agrees not to provide screen prints outside their
control. Any screen print must be destroyed as referenced in the Data Disposal section.
7. Data Disposal
Unless otherwise specified in the Contract, Licensee agrees that upon termination of this Agreement
it shall erase, destroy, and render unrecoverable all DOL data and certify in writing that these actions
have been completed within 30 days of the termination of this Agreement or within 7 days of the
request of an agent of DOL, whichever shall come first. At a minimum, media sanitization is to be
performed according to the standards enumerated by NIST SP 800-88 Guidelines for Media
Sanitization.
8. Security Breach Notification
Licensee agrees to comply with all applicable laws that require the notification of individuals in the
event of unauthorized release of DOL data or other event requiring notification. In the event of a
breach of any of Licensee's security obligations, or other event requiring notification under applicable
law, Licensee agrees to the following:
a) Notify DOL by telephone and e-mail of such an event within 24 hours of discovery:
DOL Help Desk, phone: (360) 902-0111; email: hlbhelp@dol.wa.gov
b) Assume responsibility for informing all such individuals in accordance with applicable state and
federal laws.
c) Indemnify, hold harmless and defend DOL and its trustees, officers, and employees from and
against any claims, damages, or other harm related to such notification event.
d) Mitigate the risk of loss and comply with any notification or other requirements imposed by law
or DOL.
Washington Department of Licensing Page 9
August 2018 Version Attachment A— Data Security Requirements
DocuSign Envelope ID: 780294CF-DB4A-4EA4-B9F9-C3F4441ADF75
Attachment B — Subscriber Requirements
1. Licensee must have a written Subscriber Agreement that requires the Subscriber to maintain an
equal or greater standard of data security as required herein. The agreement must also restrict
the Subscriber from disclosing the data to further outside entities, except as specifically allowed
herein for attorneys and private investigators.
2. Licensee must acknowledge on all IRLs, any inquiries that were performed on behalf of a
Subrecipient.
3. Subrecipient must be a qualified individual or entity who is legally eligible to receive the Data, and
must only use the Data for the Permissible Uses as allowed to the Licensee herein.
4. If Licensee is acting as a Data Broker, Licensee must maintain and provide DOL (upon request)
with a complete Subscriber Roster all Subscribers, including any their DBAs.
5. Additional Requirements For Attorney or Private Investigators
A. If the Subscriber is an attorney or a private investigator, then Licensee must provide a
notification letter, to the person, whom the vehicle or vessel information applies. The notification
letter must be sent no later than five (5) business days from the date of disclosure. Licensee must
retain a copy of the notification letters for three (3) years from the date of disclosure. Licensee must
produce copies of notification letters upon a request by the DOL.
B. If Subscriber provides information to an Attorney or Private Investigator the Subscriber then
becomes the releasing entity who must provide notification letters in the same format set forth
above. Licensee must also require the Subrecipient to provide copies of all notification letters
to the Licensee, and Licensee must provide the same to DOL upon request.
Notification letters must conform to the sample letter attached as Exhibit C, and also conform
to RCW 46.12.635(4)(a-c).
6. Licensee remains responsible to DOL for all Data provided to a Subscriber, and further remains
responsible for having all of its Subscribers comply with the Data Security, Permissible Use, and
other terms and conditions of this agreement. If a Subscriber fails to maintain full compliance with
this Agreement, Licensee must take immediate actions to correct such issues and prevent further
non-compliance. If DOL requests that a Subscriber no longer be eligible to receive Data due to
past or present non-compliance, Licensee must comply with DOL's request. If there is continued
non-compliance by multiple subcontractors, DOL, may suspend the entire Access Period herein
until such time that DOL can determine what measures, if any, the Licensee needs to take to
greater assure future compliance. If DOL determines that Licensee cannot properly assure
future compliance, DOL may terminate this Agreement.
Subscriber Agreement - means the document between the Licensee and Subscriber that the
Licensee shall provide to DOL which sets forth the terms, conditions, and use and required
security of Data by the Subscriber. The agreement must include: Subscriber's name, date of
Agreement, and Subscriber's use of Data.
Subscriber Roster - means a Microsoft Word or Excel document that the Licensee shall provide to
DOL with current, accurate, and verifiable information for each Subscriber and must include: legal
name, address, a contact name with email and telephone number, and the Subscribers
permissible use for providing them Data from DOL. Licensee shall maintain copies of the
Subscriber Roster for the term of this Agreement and for six (6) years from termination of this
Contract. All Subscribers must be identified on the Subscriber Roster, even if Data is only provided
to them once.
Washington Department of Licensing Page 10
August 2018 Version Attachment B — Subscriber Requirements
WASHINGTON STATE DEPARTMENT OF
dL LICENSING Contracted Plate Search (CPS) Application
Use this form to renew your access to the Contracted Plate Search (CPS) service. Businesses and organizations use
CPS for 24/7 access to vehicle and vessel records. Submit your completed, signed application by email or mail and allow
14 business days for processing.
Email (quickest)
dataservices@dol.wa.gov
Print and scan or upgrade to
Adobe Reader X1 or above
to fill it in and save it.
Mail
Data Management Office
Department of Licensing
PO Box 9020
Olympia, WA 98507-9020
Do not use this form for personal or individual record requests.
Use the Vehicle or Boat Record Request forms located at dotwagov/forrnsfformspdJitmI
We are committed to protecting personal information. Records and personal information are released in compliance with
the federal Driver Privacy Protection Act of 1994 (DPPA), and Washington State laws. These laws restrict redisclosure
of personal information obtained from vehicle and vessel records, and protect owners from unsolicited business contact.
Authorized recipients may only redisclose information as permitted by law. There is no guarantee your request will be
approved. See Authorities at the bottom of Page 2 of this application.
If you currently have a CPS number, enter it here 622314
Company/Agency name
City of Yakima
Contact name. Primary applicant and contract manager
Glenn Denman
(Area code) Phone number
(509) 575-6268
Website
yakimawa.gov
Contact name 2 (if applicable)
Physical address of business (number and street)
129 N 2nd St
City
Yakima
Mailing address of business (if different)
City
Provide one of
these identifiers
(Area code) Phone number
Taxpayer Identification Number (TIN)
State
WA
State
Email (required)
glenn.denman@yakimawa.gov
Email (required)
Employer Identification Number (EN)
ZIP code
908901
ZIP code
WA Unified Business Identifier (UBI)
397005272
Answer the following
Provide a detailed explanation of your primary business activity (exactly what your business or agency does and how
you will use the vehicle and vessel records).
The City of Yakima Codes Division is responsible for investigating International Property Maintenance Code
violations involving motor vehicles. Specifically, violations include dangerous conditions such as vehicles elevated on
blocks endangering children and other members of the public, as well as other nuisance violations involving vehicles
on private property. Staff must use Plate Search to determine registration and vehicle ownership.
Will you contact the owner for any purpose, provide the registration record information to an attorney or private
investigator, or to any other persons or businesses? Use this space to describe how you will contact the owner or
disclose the information or state that you will not disclose it and will not contact the owner. This is required information.
Information gleaned from Plate Search is kept strictly confidential and is redacted in the event the City of Yakima
recieves a Public Disclosure Request for such documents pursuant to RCW 42.56 Public Records Act.
RPD-224-002 A Page 1 at 3
You may not use the personal information contained in a vehicle or vessel registration record for unsolicited business
contact. Unsolicited business contact means a contact that is intended to result in, or promote, the sale of any goods or
services to a person named in the disclosed information, Disclosure of names and addresses of individual owners
—RCW 46.12.635(1)(c).
When disclosing a vehicle or vessel registration record to a private investigator or an attorney, you must provide a notice to
the owner, to whom the information applies, that the request was granted. The notice must comply with RCW 46.12.635(4)
(a)(b)(c), describing you as the disclosing entity, and must be mailed to the owner within 5 working days of disclosure.
You may not use DOU.s name, logo, addresses, telephone numbers, email addresses or the State seal in your notification
letter.You must retain a copy of the notification letters for three years from the date of disclosure, or from the date of
termination of your contract, whichever occurs first, and produce copies of the letters upon a request by the DOL. Failure
to send a notification letter is a violation of your contract and Washington State laws. Contact dataservicesOdawa6gov to
request a sample notification letter.
The sale or other distribution of any vehicle or vessel owner name or address to another person not disclosed in
your request or application is a gross misdemeanor punishable by a fine not to exceed ten thousand dollars, or by
imprisonment in a county jail for 364 days, or by both such fine and imprisonment for each violation. Disclosure violations,
penalties —RCW 46.12.640.
Knowingly making a false statement or concealing a material fact required in this application or making false
representation to obtain any personal information from an individual's motor vehicle record is also subject to federal
criminal fines under the DPPA.
CPS RECORD FEES: There is a 4-cent fee per record search, and businesses must pay an additional $2 for each record
accessed. Government entities are exempt from the $2 fee. Contract holders are invoiced monthly.
Submit the following documentation with your application:
• Washington State business — Attach a legible copy of your current business license
• Business outside Washington State — Attach a legible copy of one of the following:
• Your current business license or
• A letter signed by the owner or authorized representative indicating you are their agent. The letter must include your
Federal Employer Identification Number (EIN) or Federal Tax Identification Number (TIN)
• Non-profit organization or corporation — Attach a legible copy of one of the following:
• Your Articles of Incorporation, filed with the Secretary of State or
• Your Tax Exempt Status, (501)(c)(3), from the Internal Revenue Service
• Attorney — Attach a legible copy of your current bar card, or proof of current/active bar status in your state.
• Private investigator — Attach a legible copy of your current private investigator license.
By signing or typing your name, you are certifying under penalty of perjury under the law of Washington that the foregoing
is true and correct.
Dale and place (county) signed
Robert Harrison
x
Signature ot busness or organization representative
Authorities:
Federal Driver Privacy Protection Act of 1994 (DPPA) 18 U.S.C. §2721 through §2725
Revised Code of Washington (RCW) 42.56, RCW 46.12.630, 635, 640; RCW 88.02
Washington Administrative Code (WAC) 308-10-075, 308-93-087
RPO-224-002 (R/3/20}WA Page 2 of 3
Subscriber Roster (Data brokerskesellers applying for CPS must complete and return this section)
Each data broker or reseller must:
• Maintain a legible Subscriber Roster and complete all fields
• Record all subscribers
• Document the specific permissible use qualification for each subscriber
• Retain Subscriber Roster and notification letters sent by subscribers for the term of the Contract and for three (3) years
from the date of disclosure or termination of the contract, whichever occurs first.
Your contract and/ or CPS access may be terminated if you do not maintain a complete and legible Subscriber Roster.
In the Subscriber's permissible use box, describe the DPPA defined permissible purpose for access to personal
information contained in the records. For example, "information is used in the processing of insurance claims
investigations," A vague answer, such as, "check who owns the vehicle," is unacceptable.
Legal business name
Address, City, State, Zip code
Contact name
Does the subscriber provide information to
an attorney or private investigator? E Yes 0 No
Legal business name
Address, City, State, Zip code
Contact name
Does the subscriber provide information to
an attorney or private investigator? El Yes 0 No
Email
Subscriber's permissible use
Email
Subscriber's permissible use
(Area code) Phone number
(Area code) Phone number
Legal business name Contact name
Address, City, State, Zip code
Does the subscriber provide information to
an attorney or private investigator? 0 Yes 0 No
Email
Subscriber's permissible use
(Area code) Phone number
Legal business name
Address, City, Slate, Zip code
Contact name
Does the subscriber provide information to
an attorney or private investigator? 0 Yes No
Email
Subscriber's permissible use
(Area code) Phone number
Legal business name
Contact name
Email
(Area code) Phone number
Address, City, State, Zip code
Does the subscriber provide information to
an attorney or private investigator? 0 Yes 0 No
Subscriber's permissible use
Legal business name
Contact name
Email
(Area code) Phone number
Address, City, State, Zip code
Does the subscriber provide information to
an attorney or private investigator? 0 Yes 0 No
Subscriber's permissible use
Legal business name
Address, City, State, Zip code
Contact name
Does the subscriber provide information to
an attorney or private investigator? LI Yes 0 No
Email
Subscriber's permissible use
(Area de) Phone number
Use additional copies of this page, if needed. You may create your own Subscriber Roster as long as it contains all of
the data fields on this form.
RP0•224-002 (R/3/20)WA Pogo 3 of 3