The URL can be used to link to this page

Agenda 05/22/2012 Item #16D 85/22/2012 Item 16.D.8. EXECUTIVE SUMMARY Recommendation to authorize the Chairman to sign a Memorandum of Agreement between the Florida Department of Children and Families (DCF) and Collier County (County) for Limited County Access to the FLORIDA System in order to facilitate review of Medicaid billings. OBJECTIVE: Gain access to the DCF FLORIDA computer system in order to validate Medicaid billings. CONSIDERATIONS: The Department of Children and Family's FLORIDA system is available to verify client addresses for Medicaid billing purposes. In order for Collier County staff to access this database and use it as part of the billing validation process, the DCF requires the County to enter into a Memorandum of Agreement with respect to use of the system. FISCAL IMPACT: There is no fiscal impact associated with this agenda item, however, should County staff be denied access to this database, the payments the County makes for the Medicaid billings will most likely be substantially higher as the verification process will be restricted. LEGAL CONSIDERATIONS: This item is legally sufficient and requires a majority vote for Board action. — JBW GROWTH MANAGEMENT IMPACT: None. RECOMMENDATION: Authorize the Chair to sign a Memorandum of Agreement for County staff access to the DCF FLORIDA system. Prepared By: Kimberley Grant, Housing, Human and Veterans Services Interim Director Packet Page -1801- 5/22/2012 Item 16.D.8. COLLIER COUNTY Board of County Commissioners Item Number: 16.D.8. Item Summary: Recommendation to authorize the Chairman to sign a Memorandum of Agreement between the Florida Department of Children and Families (DCF) and Collier County (County) for Limited County Access to the FLORIDA System in order to facilitate review of Medicaid billings. Meeting Date: 5/22/2012 Prepared By Name: HutchinsonBarbetta Title: Executive Secretary,Office of Management & Budget 5/15/2012 1:04:26 PM Approved By Name: GrantKimberley Title: Interim Director, HHVS Date: 5/15/2012 1:22:03 PM Name: MuckelCynthia Title: Applications Analyst,Information Technology Date: 5/15/2012 2:10:24 PM Name: AlonsoHailey Title: Administrative Assistant,Domestic Animal Services Date: 5/15/2012 2:32:55 PM Name: CarnellSteve Title: Director - Purchasing /General Services,Purchasing Date: 5/16/2012 8:05:55 AM Name: KlatzkowJeff Title: County Attorney Date: 5/16/2012 1:38:26 PM Name: PryorCheryl Title: Management/ Budget Analyst, Senior,Office of Management & Budget Packet Page -1802- Date: 5/16/2012 1:53:43 PM Name: KlatzkowJeff Title: County Attorney Date: 5/16/2012 1:58:45 PM Name: OchsLeo Title: County Manager Date: 5/16/2012 3:25:05 PM Packet Page -1803- 5/22/2012 Item 16.D.8. �i 47:n State of Florida Department of Children and Families 5/22/2012 Item 16.D.8. Rick Scott Governor David E. Wilkins Secretary STANDARD MEMORANDUM OF AGREEMENT FOR LIMITED COUNTY ACCESS TO FLORIDA SYSTEM DATA This Memorandum of Agreement for Limited County Access to FLORIDA System data (MOU) is entered into between the Florida Department of Children and Families (the Department) and Collier County, a political subdivision of the State of Florida (the County). WHEREAS, the Department maintains certain information in its Florida Online Recipient Integrated Data Access system (FLORIDA) System regarding applicants seeking to qualify for Medicaid Services, WHEREAS, the County needs to access limited data on the FLORIDA System to confirm limited information regarding recipients of Medicaid Services within the County for payment purposes; and WHEREAS, the Department is willing to provide the County with limited access to the data in the FLORIDA System for such purposes, provided that the County complies with certain security requirements. NOW THEREFORE, IT IS AGREED AS FOLLOWS: 1. The foregoing recitations are true and incorporated into the terms of this MOU by reference 2. Conditioned on the County's compliance with the terms of "Exhibit A" to this MOU and the terms below, the Department will grant authorized County personnel limited access to the FLORIDA System to verify Medicaid recipient addresses. Authorized County personnel will be provided "view only" access to the screens shown in "Exhibit B" to this MOU (the limited FLORIDA data). The Department will have sole discretion to determine the means of access and the manner of display of the limited FLORIDA data. 3. The County hereby agrees to comply with the terms of "Exhibit A" and will access the limited FLORIDA data exclusively for purposes of verifying Medicaid recipient addresses and will not utilize nor permit any person to utilize the limited FLORIDA data for any other purpose. Any County record of the limited FLORIDA data shall be maintained and used only in accordance with the terms of this MOU. 4. The Department will provide appropriate and timely training and support to the county with regard to FLORIDA system access. 1317 Winewood Boulevard, Tallahassee, Florida 32399 -0700 Mission: Protect the Vulnerable, Promote Strong and Economically Self- Sufficient Families, and Advance Personal and Family Recovery and Resiliency Packet Page -1804- 5/22/2012 Item 16.D.8. 5. Prior to granting access to the FLORIDA System to individual users at the County level, the following must be accomplished: a. The Department must be in receipt of a signed MOU with the appropriate County entity(ies). b. The Department must be in receipt of a FLORIDA Individual Security Information Form ( "Exhibit C ") for each user requesting access to the FLORIDA System. c. The Department must be in receipt of a signed DCF CF 114 form "Security Agreement Form" (Exhibit D). This form should accompany Exhibit C. d. Individual users must have received confirmation from the FLORIDA Application Data Security Administrator that access has been granted and received a user ID and an initial password. e. Individual users have completed FLORIDA access training. f. Individuals have completed the required initial Department online security training, and have printed out their completion certificate for their local personnel file. A copy of the security- training certificate should accompany Exhibit C. This training is required annually after completion of the initial training. 6. Term and termination. This MOU shall commence the last day executed by all parties and shall continue for a period of five years, provided, however, that the confidentiality requirements regarding the limited FLORIDA data shall survive the expiration or termination of this MOU. This MOU may be terminated by either party without cause upon 30 days written notice. This MOU may be terminated by either party for cause upon no less than 24 hours written notice. The Department may administratively suspend access to the FLORIDA System at any time the Department has reason to believe that the County is not in full compliance with the provisions of this MOU. 7. To the extent permitted by law, including Section 768.28, Florida Statutes, and without waiving the limits of sovereign immunity, the County shall indemnify the Department, its officers, employees and agents from any suits, actions, damages, claims and costs of every name and description, including attorneys' fees, relating to access to or use of the limited FLORIDA data by the County, its officers, employees or agents. 8. This MOU executed and entered into in the State of Florida, shall be construed, performed and enforced in all respects in accordance with Florida law and venue shall be in Leon County, Florida. 9. There are no provisions, terms, conditions, or obligations other than those contained herein, and this MOU shall supersede all previous communications, representations, or agreements, either verbal or written between the parties. 10. If any term or provision of this MOU is legally determined unlawful or unenforceable, the remainder of the MOU shall remain in full force and effect and such term or provision shall be stricken. 11. Modifications of provisions of this MOU shall be valid only when they have been reduced to writing and duly executed by the duly authorized officials of both parties. Packet Page -1805- 5/22/2012 Item 16.D.8. 12. The parties contact coordinators for the administration of this MOU are: County contact/coordinator: Name — Ashlee Franco Title — Accounting Supervisor Organization Collier County Mailing Address (city, state, ZIP) 3339 Tamiami Trail E Suite 211 Naples FL 34112 Phone — 239 - 252 -2689 Email — ashleefrancoCcycolilerv.net Department contact/coordinator: Bruce R. Belrose Chief, Operations and Research Florida Department of Children and Families Economic Self - Sufficiency Program Office 1317 Winewood Boulevard, 3 -426 Tallahassee, FL 32399 -0700 850 - 717 -4083 Bruce oe1rr.)se(d—)dcf.state.f1.us IN WITNESS THEREOF, the parties hereto have caused this Memorandum of Agreement to be executed by their undersigned officials as duly authorized. COLLIER COUNTY BOARD OF COUNTY COMMISSIONERS Signature Date Fred W. Coyle Chairman ATTEST: DWIGHT E. BROCK, CLERK By: , Deputy Clerk Approved as to form and legal sufficiency: Jennifer B. White Assistant County Attorney FLORIDA DEPARTMENT OF CHILDREN AND FAMILIES Signature Date Ann M. Berner Director, Economic Self- Sufficiency Program Attachments: Exhibit A — Use and Security Requirements Exhibit B — FLORIDA system screen shots Exhibit C — FLORIDA Individual Security Information form Exhibit D — DCF CF114 Security Agreement Form Packet Page -1806- 5/22/2012 Item 16.D.8. EXHIBIT A - USE AND SECURITY REQUIREMENTS The County agrees to comply with the following use and security requirements: 1. That the information obtained from the Department's system pursuant to the MOU (hereinafter "the limited FLORIDA data ") is confidential in nature and protected from disclosure by State and Federal Law. 2. To restrict the transmission of the limited FLORIDA data using secure file transfer protocols to County personnel who have a verifiable need to know in the performance of their official duties for the purposes stated in Section 3 of the MOU. To maintain a listing of County personnel granted on -line access privileges to the Department's system Pursuant to this MOU and, upon request, make such information available to the Department. At a minimum, the list will include the user's first and last name, User Identification (USERID), date access was granted /changed /deleted, dates of initial security training and annual awareness training. This information will be maintained for a period of 5 years after access has been terminated or until administrative purposes have been served, whichever is longer. 4. To abide ' by IT Security Awareness training provided by the Department at httP://www.dcf.state.fl.us/admin/trainina.shtml or an equivalent security training provided to court IT security officers. Initial and annual refresher IT Security Awareness training shall be documented. 5. To comply with State of Florida network security requirements specified in Florida Administrative Code 60DD- 2.006, Network Security. 6. That the limited FLORIDA data may not be re- disclosed by the County or its personnel verbally, electronically or in any other forms except as specifically authorized by law or regulation and in compliance with 42 C.F.R., Subpart F. 7. That any the limited FLORIDA data will be used only for the purposes stated in Section 3 of the MOU and may be disclosed only for such purposes. That the limited FLORIDA data shall be stored in a place physically secure from access by unauthorized persons. 9. To safeguard access to the limited FLORIDA data in such a way that unauthorized persons cannot view, print, copy or retrieve the information by any means. 10. To instruct all personnel granted on -line access privileges to the Department's system or granted access to the limited FLORIDA data in the County's possession regarding the confidential nature of the information, the safeguards and requirements of this MOU and the provisions of Chapters 71A -1 and 71A -2, Florida Administrative Code as well as Chapters 119, 812, 815, 817, 839 or 877, Florida Statutes, or similar state and federal requirements. 11. To adhere to the confidentiality requirements stated herein, and to fully and promptly report any infraction of these requirements to the respective contacts specified in Section 10 of the MOU. 12. To promptly notify the Department of any breach of security related to the limited FLORIDA data in its possession and to be responsible for full compliance with section 817.5681, F.S., if applicable, in the event of a breach of security concerning confidential personal information in its possession received from one another, including but not limited to, providing notification to affected persons. 13. To provide any such breach notification, if applicable, to the Department for prior review and approval of the contents of the notice. 3 Packet Page -1807- 5/22/2012 Item 16.D.8. "EXHIBIT B" Limited FLORIDA Data Packet Page -1808- F- m Ul s+laavt O .4 bA p O Z z Co cn o � U � � O Co � V d O L A CIS w ti wA o ❑ � tL ono O W n a �~ vI U � o ►7 A A A z a A m V � ❑A d d � F b 3 � N L7' R: ac 2 b 0 0 � O M VJ d N z u v fn 6 N ^0 Cl O d A o N •� d H � m p � M � Packet Page -1809- W s 0 U A 0 0 C7 M 5/22/2012 Item 16.D.8. M A A 0 a a a z 0 0 d w O H Co AFi O F a x 0 F 9 iz Q IA IQ di O Q' a w p E B C aq a U O Co U r" v � O a o 7 0 Co A � r a ti m O z a � z � u 0 0 2 :' o � r G � � F O � v r� m m v a U O XI O z) z 0 w � U� m N 1 Oi I m u p O Z z Co cn o � U � � O Co � V d O L A CIS w ti wA o ❑ � tL ono O W n a �~ vI U � o ►7 A A A z a A m V � ❑A d d � F b 3 � N L7' R: ac 2 b 0 0 � O M VJ d N z u v fn 6 N ^0 Cl O d A o N •� d H � m p � M � Packet Page -1809- W s 0 U A 0 0 C7 M 5/22/2012 Item 16.D.8. M A A 0 a a a z 0 0 d w O H Co AFi O F a x 0 F 9 iz Q IA IQ di O Q' a w p E B C aq a U O Co U r" v � O a o 7 0 Co A � r a ti m 5/22/2012 Item 16.D.8. M SECURITY AGREEMENT FORM The Department of Children and Families has authorized you: Employee's or %,Omractor's Name /Organization to have access to sensitive data using computer - related media (e.g., printed reports, microfiche, system inquiry, on -line update, or any magnetic media). Computer crimes are a violation of the department's Standards of Conduct. In addition to departmental discipline, committing computer crimes may result in Federal or State felony criminal charges. I understand that a security violation may result in criminal prosecution according to the provisions of Federal and State statutes and may also result in disciplinary action against me according to the department's Standards of Conduct in the Employee Handbook. By my signature below, I acknowledge that I have received, read, understand and agree to be bound by the following: • The Computer Related Crimes Act, Chapter 815, F.S. • Sections 7213, 7213A, and 7431 of the Internal Revenue Code; which provide civil and criminal penalties for unauthorized inspection or disclosure of Federal tax data. • 6103(l)(7) of the Internal Revenue Code, which provides confidentiality and disclosure of returns and return information. • CFOP 50-2. • It is the policy of the Department of Children and Families that no contract employee shall have access to IRS tax information or FDLE information, unless approved in writing, by name and position to access specified information, as authorized by regulation and /or statute. • It is the policy of the Department of Children and Families that 1 do not disclose personal passwords. • It is the policy of the Department of Children and Families that I do not obtain information for my own or another person's personal use. • 1 will only access or view information or data for which I am authorized and have a legitimate business reason to see when performing my duties. I shall maintain the integrity of all confidential and sensitive information accessed. • "Casual viewing" of employee or client data, even data that is not confidential or otherwise exempt from disclosure as a public record, constitutes misuse of access and is not acceptable. • The Department of Children and Families will perform regular database queries to identify misuse of access. • Chapter-1 19-0712, Florida Statutes, and the Driver Privacy Protection Act (DPPA). PRIVACY ACT STATEMENT_ Disclosure of your social security number is voluntary, but must be provided in order to gain access to department systems. It is requested, however, pursuant to Section 282.318, Florida Statutes, the Security of Data and Information Technology Resources Act. The Department requests social security numbers to ensure secure access to data systems, prevent unauthorized access to confidential and sensitive information collected and stored by the Department, and provide a unique identifier in our systems. Print EmpioyeelContractor Name Signature of Employee /Contractor Date Print Supervisor Name Signature of Supervisor Date F 14. PDF 06/2010 Distribution of Copies: Original — .Personnel File /Contract File; P g Copy — Employee /Contractor Packet Page -1810- 5/22/2012 Item 16.D.8. CHAPTER 816: COMPUTER - RELATED CRIMES 815.01 Short title. The provisions of this act shall be known and may be cited as the "Florida Computer Crimes Act." (History: s. 1, ch. 78 -92.) 815.02 Legislative intent. The Legislature finds and declares that: (1) Computer - related crime is a growing problem in government as well as in the private sector. (2) Computer - related crime occurs at great cost to the public since losses for each incident of computer crime tend to be far greater than the iosses associated with each incident of other white collar crime. (3) The opportunities for computer - related crimes in financial institutions, government programs, government records, and other business enterprises through the introduction of fraudulent records into a computer system, the unauthorized use of computer facilities, the alteration or destruction of computerized information or files, and the stealing of financial instruments, data, and other assets are great. (4) While various forms of computer crime might possibly be the subject of criminal charges based on other provisions of law, it is appropriate and desirable that a supplemental and additional statute be provided which proscribes various forms of computer abuse. (History: s. 1, ch. 78 -92.) 815.03 Definitions. As used in this chapter, unless the context clearly indicates otherwise: (1) "Access" means to approach, instruct, communicate with, store data in, retrieve data from, or otherwise make use of any resources of a computer, computer system, or computer network. (2) "Computer" means an internally programmed, automatic device that performs data processing. (3) - Computer contaminant" means any set of computer instructions designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information. The term includes, but is not limited to, a group of computer instructions commonly called viruses or worms which are self - replicating or self - propagating and which are designed to contaminant other computer programs or computer data; consume computer resources; modify, destroy, record, or transmit data; or in some other fashion usurp the normal operation of the computer, computer system, or computer network. (4) "Computer network" means any system that provides communications between one or more computer systems and its input or output devices, including, but not limited to, display terminals and printers that are connected by telecommunication facilities. (5) "Computer program or computer software" means a set of instructions or statements and related data which, when executed in actual or modified form, cause a computer, computer system, or computer network to perform specked functions. (6) "Computer services" include, but are not limited to, computer time; data processing or storage functions; or other uses of a computer, computer system, or computer network. (7) "Computer system" means a device or collection of devices, including support devices, one or more of which contain computer programs, electronic instructions, or input data and output data, and which perform functions, including, but not limited to, logic, arithmetic, data storage, retrieval, communication, or control. The term does not include calculators that are not programmable and that are not capable of being used in conjunction with external files. (8) "Data" means a representation of information, knowledge, facts, concepts, computer software, computer programs, or instructions. Data may be in any form, in storage media or stored in the memory of the computer, or in transit or presented on a display device. (9) "Financial instrument" means any check, draft, money order, certificate of deposit, letter of credit, bill of exchange, credit card, or marketable security. (10) "intellectual property" means data, including programs. (11) "Property" means anything of value as defined in [Footnote 1] s. 812.011 and includes, but is not limited to, financial instruments, information, including electronically produced data and computer software and programs In either machine - readable or human- readable form, and any other tangible or intangible item of value. (History: s. 1, ch. 78 -92; s. 9, ch. 2001 -54.) ([Footnote 11 Note: Repealed by s. 16, ch. 77 -342.) 816.04 Offenses against intellectual property; public records exemption. (1) Whoever willfully, knowingly, and without authorization modifies data, programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network commits an offense against intellectual property. (2) Whoever willfully, knowingly, and without authorization destroys data, programs, or supporting documentation residing or existing internal or external to a computer, computer system, or computer network commits an offense against intellectual property. (3) (a) Data, programs, or supporting documentation which is a trade secret as defined in s. 812.081 which resides or exists internal or external to a computer, computer system, or computer network which is held by an agency as defined in chapter 119 is confidential and exempt from the provisions of s. 119.07(1) and s. 24(a), Art. I of the State Constitution. (b) Whoever willfully, knowingly, and without authorization discloses or takes data, programs, or supporting documentation which is a trade secret as defined in s. 812.081 or is confidential as provided by law residing or existing internal or external to a computer, computer system, or computer network commits an offense against intellectual property. (4) (a) Except as otherwise provided in this subsection, an offense against intellectual property is a felony of the third degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. (b) If the offense is committed for the purpose of devising or executing any scheme or artifice to defraud or to obtain any property, then the offender is guilty of a felony of the second degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. (History: s. 1, ch. 78 -92; s. 1, ch. 94 -100; s. 431, ch. 96 -406.) 815.045 Trade secret information. The Legislature finds that it is a public necessity that trade secret information as defined in S. 812.081, and as provided for in s. 815.04(3), be expressly made confidential and exempt from the public records law because it is a felony to disclose such records. Due to the legal uncertainty as to whether a public employee would be protected from a felony conviction if otherwise complying with chapter 119, and with s. 24(a), Art. I of the State Constitution, it is imperative that a public records exemption be created. The Legislature in making disclosure of trade secrets a crime has clearly established the importance attached to trade secret protection. Disclosing trade secrets in an agency's possession would negatively impact the business interests of those providing an agency such trade secrets by damaging them in the marketplace, and those entities and individuals disclosing such trade secrets would hesitate to cooperate with that agency, which would Impair the effective and efficient administration of governmental functions. Thus, the public and private harm in disclosing trade secrets significantly outweighs any public benefit derived from disclosure, and the public's ability to scrutinize and monitor agency action is not diminished by nondisclosure of trade secrets. (History: s, 2, ch. 94 -100.) (Note. Former s. 119.165) 815.06 Offenses against computer users. (1) Whoever willfully, knowingly, and without authorization: (a) Accesses or causes to be accessed any computer, computer system, or computer network; (b) Disrupts or denies or causes the denial of computer system services to an authorized user of such computer system 1 of 5 Packet Page -1811- 5/22/2012 Item 16.D.8. services, which, in whole or part, is owned by, under contract to, or operated for, on behalf of, or in conjunction with another; (c) Destroys, takes, injures, or damages equipment or supplies used or intended to be used in a computer, computer system, or computer network; (d) Destroys, injures, or damages any computer, computer system, or computer network; or (e) introduces any computer contaminant into any computer, computer system, or computer network, commits an offense against computer users. (2) (a) Except as provided in paragraphs (b) and (c), whoever violates subsection (1) commits a felony of the third degree, punishable as provided ins. 775.082, s. 775.083, ors. 775.084. (b) Whoever violates subsection (1) and: 1. Damages a computer, computer equipment, computer supplies, a computer system, or a computer network, and the monetary damage or loss incurred as a result of the violation is $5,000 or greater; 2. Commits the offense for the purpose of devising or executing any scheme or artifice to defraud or obtain property; or 3. Interrupts or impairs a governmental operation or public communication, transportation, or supply of water, gas, or other public service, commits a felony of the second degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. (c) Whoever violates subsection (1) and the violation endangers human life commits a felony of the first degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084. (3) Whoever willingly, knowingly, and without authorization modifies equipment or supplies used or intended to be used in a computer, computer system, or computer network commits a misdemeanor of the first degree, punishable as provided in s. 775.082 or s. 775.083. (4) (a) In addition to any other civil remedy available, the owner or lessee of the computer, computer system, computer network, computer program, computer equipment, computer supplies, or computer data may bring a civil action against an compensatory damages. (b) In any action brought under this subsection, the court may award reasonable attorney fees to the epre this pa for (5) Any computer, computer system, computer network, computer software, or computer data owned by a defendant which is used during the commission of any violation of this section or any computer owned by the defendant which is used as a repository for the storage of software or data obtained in violation of this section is subject to forfeiture as provided under ss. 932.701 — 932.704. (6) This section does not apply to any person who accesses his or her employer's computer system, computer network, computer program, or computer data when acting within the scope of his or her lawful employment. (7) For purposes of bringing a civil or criminal action under this section, a person who causes, by any means, the access to a computer, computer system, or computer network in one jurisdiction from another jurisdiction is deemed to have personally accessed the computer, computer system, or computer network in both jurisdictions. (History: s. 1, ch. 78 -92; s. 11, ch. 2001 -54.) 815.07 This chapter not exclusive. The provisions of this chapter shall not be construed to preclude the applicability of any other provision of the criminal law of this state which presently applies or may in the future apply to any transaction which violates this chapter, unless such provision is inconsistent with the terms of this chapter. (History. s. 1, ch. 78 -92.) SECTION 7213 — UNAUTHORIZED DISCLOSURE OF INFORMATION (a) RETURNS AND RETURN INFORMATION - (1) FEDERAL EMPLOYEES AND OTHER PERSONS — It shall be unlawful for any officer or employee of the United States or any person described in section 6103(n)(or an officer or employee of any such person),or any former officer or employee, willfully to disclose to any person, except as authorized in this title, any return or return Information [as defined in section 6103(b)]. Any violation of this paragraph shall be a felony punishable upon conviction by a fine in any amount not exceeding $5,000, or imprisonment of not more than 5 years, or both, together with the costs of prosecution, and if such offense is committed by any officer or employee of the United States, he shall, in addition to any other punishment, be dismissed from office or discharged from employment upon conviction for such offense. (2) STATE AND OTHER EMPLOYEES — It shall be unlawful for any person [not described in paragraph (1)] willfully to disclose to any arson, except as authorized in this title, any return or return information [as defined in section 6103(b)] acquired by him or another person .nder subsection (d),(i)(3)(B)(i),(1 )(6),(7),(8),(9),(10),(12),(15) or (16) or (m)(2),(4),(5),(6), or (7) of section 6103. Any violation of this paragraph shall be a felony punishable by a fine in any amount not exceeding $5,000, or imprisonment of not more than 5 years, or both, together with the cost of prosecution. (3) OTHER PERSONS — It shall be unlawful for any person to whom any return or return information [as defined in section 6103(b)) is disclosed in an manner unauthorized by this title thereafter willfully to print or publish in any manner not provided by law any such return or return information. Any violation of this paragraph shall be a felony punishable by a fine in any amount not exceeding $5,000, or imprisonment of not more than 5 years, or both, together with the cost of prosecution. (4) SOLICITATION — It shall be unlawful for any person willfully to offer any item of material value in exchange for any return or return information [as defined in 6103(b)) and to receive as a result of such solicitation any such return or return information. Any violation of this paragraph shall be a felony punishable by a fine in any amount not exceeding $5,000, or imprisonment of not more than 5 years, or both, together with the cost of prosecution. (5) SHAREHOLDERS — It shall be unlawful for any person to whom return or return information [as defined in 6103(b)) is disclosed pursuant to the provisions of 6103((e)(1)(D)(iii) willfully to disclose such return or return information in any manner not provided by law. Any violation of this paragraph shall be a felony punishable by a fine in any amount not exceeding $5,000, or imprisonment of not more than 5 years, or both, together with the cost of prosecution. SECTION 7213A — UNAUTHORIZED INSPECTION OF RETURNS OR RETURN INFORMATION (a) PROHIBITIONS — (1) FEDERAL EMPLOYEES AND OTHER PERSONS — It shall be unlawful for - (A) any officer or employee of the United States, or (B) any person described in section 6103(n) or an officer willfully to inspect, except as authorized in this title, any return or return information. (2) STATE AND OTHER EMPLOYEES It shall be unlawful for any person [not described in paragraph(I)] willfully to inspect, except as authorized by this title, any return information acquired by such person or another person under a provision of section 6103 referred to in section 7213(a)(2). (b) PENALTY — (1) iN GENERAL —Any violation of subsection (a) shall be punishable upon conviction by a fine in any amount not exceeding $1000, or imprisonment of not more than 1 year, or both, together with the costs of prosecution. (2) FEDERAL OFFICERS OR EMPLOYEES — An officer or employee of the United States who is convicted of any violation of subsection (a) shall, in addition to any other punishment, be dismissed from office or discharged from employment. (c) DEFINITIONS — For purposes of this section, the terms "inspect", "return", and "return information" have respective meanings given such terms by section 6103(b). 2of5 Packet Page -1812- 5/22/2012 Item 16.D.8. SECTION 7431 — CIVIL DAMAGES FOR UNAUTHORIZED DISCLOSURE OF RETURNS AND RETURN INFORMATION (a) IN GENERAL — (1) INSPECTION OR DISCLOSURE BY EMPLOYEE OF UNITED STATES If any officer or employee of the United States knowingly, or by reason of negligence, inspects or discloses any return or return information with respect to a taxpayer in violation of any provision of section 6103, such taxpayer may bring a civil action for damages against the United States in a district court of the United States. (2) INSPECTION OR DISCLOSURE BY A PERSON WHO IS NOT AN EMPLOYEE OF THE UNITED STATES — If any person who is not an officer or employee of the United States knowingly, or by reason of negligence, inspects or discloses any return or return information with respect to a taxpayer in violation of any provision of section 6103, such taxpayer may bring a civil action for damages against such person in a district court of the United States. (b) EXCEPTIONS — No liability shall arise under this section with respect to any inspection or disclosure - (1) which results from good faith, but erroneous, interpretation of section 6103, or (2) which is requested by the taxpayer. (c) DAMAGES — In any action brought under subsection (a), upon a finding of liability on the part of the defendant, the defendant shall be liable to the plaintiff in an amount equal to the sum of- (1) the greater of— (A) $1,000 for each act of unauthorized inspection or disclosure of a return or return information with respect to which such defendant is found liable, or (B) the sum of: (i) the actual damages sustained by the plaintiff as a result of such unauthorized inspection or disclosure, plus (ii) in the case of a willful inspection or disclosure or an inspection or disclosure which is the result of gross negligence, punitive damages, plus (2) the cost of the action. (d) PERIOD FOR BRINGING ACTION — Notwithstanding any other provision of law, an action to enforce any liability created under this section may be brought, without regard to the amount in controversy, at any time within 2 years after the date of discovery by the plaintiff of the unauthorized inspection or disclosure. SECTION 6103 — CONFIDENTIALITY AND DISCLOSURE OF RETURNS AND RETURN INFORMATION (1) DISCLOSURE OF RETURNS AND RETURN INFORMATION FOR PURPOSES OTHER THAN TAX ADMINISTRATION (7) Disclosure of return information to Federal, State, and local agencies administering certain programs under the Social Security Act, the Food Stamp Act of 1977, or title 38, United States Code, or certain housing assistance programs (A) Return information from Social Security Administration — The Commissioner of Social Security shall, upon written request, disclose return information from returns with respect to net earnings from self- employment (as defined in section 1402), wages (as defined in section 3121 (a) or 3401 (a)), and payments of retirement income, which have been disclosed to the Social Security Administration as provided by paragraph (1) or (5) of this subsection, to any Federal, State, or local agency administering a program listed in subparagraph (D). (B) Return information from Internal Revenue Service —The Secretary shall, upon written request, disclose current return information from returns with respect to unearned income from the Internal Revenue Service files to any Federal, State, or local agency administering a program listed in subparagraph (D). (C) Restriction on disclosure — The Commissioner of Social Security and the Secretary shall disclose return information under subparagraphs (A) and (B) only for purposes of, and to the extent necessary in, determining eligibility for, or the correct amount of, benefits under a program listed in subparagraph (D). (D) Programs to which rule applies — The programs to which this paragraph applies are: (i) a State program funded under part A of title IV of the Social Security Act; (ii) medical assistance provided under a State plan approved under title XIX of the Social Security Act or subsidies provided under section 186OD -14 of such Act; (iii) supplemental security income benefits provided under title XVI of the Social Security Act, and federally administered supplementary payments of the type described in section 1616(a) of such Act (including payments pursuant to an agreement entered into under section 212(a) of Public Law 93 -66); (iv) any benefits provided under a State plan approved under title 1, X, XIV, or XVI of the Social Security Act (as those titles apply to Puerto Rico, Guam, and the Virgin islands); (v) unemployment compensation provided under a State law described in section 3304 of this title; (vi) assistance provided under the Food Stamp Act of 1977; (vii) State - administered supplementary payments of the type described in section 1616(a) of the Social Security Act (including payments pursuant to an agreement entered into under section 212(a) of Public Law 93 -66); (viii) (1) any needs -based pension provided under chapter 15 of title 38, United States Code, or under any other law administered by the Secretary of Veterans Affairs; (11) parents' dependency and indemnity compensation provided under section 1315 of title 38, United States Code; (111) health -care services fumished under section 1710(a)(1)(1), 1710(a)(2), 1710(b), and 1712(a)(2)(B) of such title; and (IV) compensation paid under chapter 11 of title 38, United States Code, at the 100 percent rate based solely on unemployability and without regard to the fact that the disability or disabilities are not rated as 100 percent disabling under the rating schedule; and (ix) any housing assistance program administered by the Department of Housing and Urban Development that involves initial and periodic review of an applicant's or participant's income, except that return information may be disclosed under this clause only on written request by the Secretary of Housing and Urban Development and only for use by officers and employees of the Department of Housing and Urban Development with respect to applicants for and participants in such programs. Only return information from returns with respect to net earnings from self - employment and wages may be disclosed under this paragraph for use with respect to any program described in clause (viii)(1V). Clause (viii) shall not apply after September 30, 2D08. 3of5 Packet Page -1813- 5/22/2012 Item 16.D.8. DRIVER PRIVACY PROTECTION ACT (DPPA) Under state law, motor vehicle, driver license, and vehicular crash records are subject to public disclosure. The Driver Privacy Protection Act (DPPA) keeps your personal information private by limiting who has access to the information. ( http:// www .flhsmv.gov /ddVDPPAinfo,htmi) 119.0712 Executive branch agency- specific exemptions from inspection or copying of public records. (2) DEPARTMENT OF HIGHWAY SAFETY AND MOTOR VEHICLES, (a) Personal information contained in a motor vehicle record that identifies an individual is confidential and exempt from s. 119.07(1) and s. 24(a), Art. I of the State Constitution except as provided in this subsection. Personal information includes, but is not limited to, an individual's social security number, driver identification number or identification card number, name, address, telephone number, medical or disability information, and emergency contact information. For purposes of this subsection, personal information does not include information relating to vehicular crashes, driving violations, and driver's status. For purposes of this subsection, the term "motor vehicle record" means any record that pertains to a motor vehicle operator's permit, motor vehicle title, motor vehicle registration, or identification card issued by the Department of Highway Safety and Motor Vehicles. (b) Personal information contained in motor vehicle records made confidential and exempt by this subsection may be released by the department for any of the following uses: 1. For use in connection with matters of motor vehicle or driver safety and theft; motor vehicle emissions: motor vehicle product alterations, recalls, or advisories; performance monitoring of motor vehicles and dealers by motor vehicle manufacturers; and removal of nonowner records from the original owner records of motor vehicle manufacturers, to carry out the purposes of Titles I and IV of the Anti Car Theft Act of 1992, the Automobile Information Disclosure Act (15 U.S.C, as, 1231 et seq.), the Clean Air Act (42 U.S.C. ss. 7401 et seq.), and chapters 301, 305, and 321 -331 of Title 49, United States Code. 2. For use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a federal, state, or local agency in carrying out its functions. 3. For use in connection with matters of motor vehicle or driver safety and theft; motor vehicle emissions; motor vehicle product alterations, recalls, or advisories; performance monitoring of motor vehicles, motor vehicle parts, and dealers; motor vehicle market research activities, including survey research; and removal of nonowner records from the original owner records of motor vehicle manufacturers. 4. For use in the normal course of business by a legitimate business or its agents, employees, or contractors, but only: and a. To verify the accuracy of personal information submitted by the individual to the business or its agents, employees, or contractors; b. If such information purposes of preventing fraud by, 5. For use in connection body for: state as so submitted is not correct or is no longer correct, to obtain the correct information, but only for the pursuing legal remedies against, or recovering on a debt or security interest against, the individual, with any civil, criminal, administrative, or arbitral proceeding in any court or agency or before any self - regulatory Service of process by any certified process server, special process server, or other person authorized to serve process in this b. Investigation in anticipation of litigation by an attorney licensed to practice law in this state or the agent of the attorney; however, the information may not be used for mass commercial solicitation of clients for litigation against motor vehicle dealers. c. Investigation by any person in connection with any filed proceeding; however, the information may not be used for mass commercial solicitation of clients for litigation against motor vehicle dealers. d. Execution or enforcement of judgments and orders. e. Compliance with an order of any court. 6. For use in research activities and for use in producing statistical reports, so long as the personal information is not published, redisclosed, or used to contact individuals. 7. For use by any insurer or insurance support organization, or by a self - insured entity, or its agents, employees, or contractors, in connection with claims investigation activities, anti -fraud activities, rating, or underwriting. S. For use in providing notice to the owners of towed or impounded vehicles. 9. For use by any licensed private investigative agency or licensed security service for any purpose permitted under this subsection. Personal information obtained based on an exempt driver's record may not be provided to a client who cannot demonstrate a need based on a police report, court order, or business or personal relationship with the subject of the investigation. 10. For use by an employer or its agent or insurer to obtain or verify information relating to a holder of a commercial driver's license that is required under 49 U.S.C. ss. 31301 at seq. 11. For use in connection with the operation of private toll transportation facilities. 12. For bulk distribution for surveys, marketing, or solicitations when the department has obtained the express consent of the person to whom such personal information pertains. 13. For any use if the requesting person demonstrates that he or she has obtained the written consent of the person who is the subject of the motor vehicle record. 14. For any other use specifically authorized by state law, if such use is related to the operation of a motor vehicle or public safety. 15. For any other use if the person to whom the information pertains has given express consent in a format prescribed by the department. Such consent shall remain in effect until it is revoked by the person on a form prescribed by the department. (c) Notwithstanding paragraph (b), without the express consent of the person to whom such information applies, the following information contained in motor vehicle records may only be released as specified in this paragraph: 1. Social security numbers may be released only as provided in subparagraphs (b)2., 5., 7., and 10. 2. An individual's photograph or image may be released only as provided in s. 322.142. 3. Medical disability information may be released only as provided in ss, 322.125 and 322.126. 4. Emergency contact information may be released only to law enforcement agencies for purposes of contacting those listed in the event of an emergency. (d) The restrictions on disclosure of personal information provided by this subsection shall not in any way affect the use of organ donation information on individual driver licenses or affect the administration of organ donation initiatives in this state. (e)1. Personal information made confidential and exempt may be disclosed by the Department of Highway Safety and Motor Vehicles to an individual, firm, corporation, or similar business entity whose primary business interest is to resell or redisclose the personal information to persons who are authorized to receive such information. Prior to the department's disclosure of personal information, such individual, firm, corporation, or similar business entity must first enter into a contract with the department regarding the care, custody, and control of the personal information to ensure compliance with the federal Driver's Privacy Protection Act of 1994 and applicable state laws. 4ors Packet Page -1814- 5/22/2012 Item 16.D.8. 2. An authorized recipient of personal information contained in a motor vehicle record, ex pt a recipient under subparagraph (b)12., may contract with the Department of Highway Safety and Motor Vehicles to resell or redisclos, the information for any use permitted under this section. However, only authorized recipients of personal information pursuant to subparagraph (b) 12. under subparagraph (b)12. may resell or redisclose personal information 3. Any authorized recipient who resells or rediscloses personal information shall maintain, for a period of 5 years, records identifying each person or entity that receives the personal information and the permitted purpose for which It will be used. Such records shall be made available for inspection upon request by the department. (f) The department may adopt rules to carry out the purposes of this subsection and the federal Driver's Privacy Protection Act of 1994, 18 U.S.C. as. 2721 et seq. Rules adopted by the department may provide for the payment of applicable fees and, prior to the disclosure of personal information pursuant to this subsection, may require the meeting of conditions by the requesting person for the purposes of obtaining reasonable assurance concerning the identity of such requesting person, and, to the extent required, assurance that the use will be only as authorized or that the consent of the person who is the subject of the personal information has been obtained. Such conditions may Include, but need not be limited to, the making and filing of a written application in such form and containing such information and certification requirements as the department requires. (g) This subsection is subject to the Open Government Sunset Review Act in accordance with s. 119.15 and shall stand repealed October 2, 2012, unless reviewed and saved from repeal through reenactment by the Legislature 5of5 Packet Page -1815-