21-127.00 WA State Auditor Interlocal Data Sharing Agreement zi - I2.
Agency DSA 21-01
INTERAGENCY DATA SHARING AGREEMENT
Between
City of Spokane Valley
And the Office of the Washington State Auditor
This Interagency Data Sharing Agreement(DSA)is entered into by and between City of Spokane Valley,
hereinafter referred to as"Agency",and the Office of the Washington State Auditor,hereinafter referred
to as"SAO",pursuant to the authority granted by chapters 39.34 RCW and 43.09 RCW.
AGENCY PROVIDING DATA:Agency
Agency Name: City of Spokane Valley
Contact Name: Chelsie Taylor
Title: Finance Director
Address: 10210 East Sprague,Spokane Valley, WA 99206
Phone: 509-720-5040
E-mail: ctaylor@spokanevalley.org
AGENCY RECEIVING DATA: SAO
Agency Name: Office of the Washington State Auditor
Contact Name: Brad White
Title: Audit Manager
Address: 316 West Boone Avenue,Suite 680, Spokane, WA 99201
Phone: (509)919-0240
E-mail: bradley.d.white@sao.wa.gov
1. PURPOSE OF THE DSA
The purpose of the DSA is to provide the requirements and authorization for the Agency to
exchange confidential information with SAO. This agreement is entered into between Agency
and SAO to ensure compliance with legal requirements and Executive Directives(Executive
Order 16-01,chapter 42.56 RCW,and OCIO policy 141.10)in the handling of information
considered confidential.
2. DEFINITIONS
"Agreement"means this Interagency Data Sharing Agreement.
"Data Transmission"refers to the methods and technologies to be used to move a copy of the data
between systems,networks and/or employee workstations.
DSA Agreement between Agency and SAO—Page 1
Agency DSA: 21-01
Agency DSA 21-01
"Data Storage"refers to the place data is in when at rest.Data can be stored on removable or
portable media devices such as a USB drive or SAO managed systems or OCIO/State approved
services.
"Data Encryption"refers to enciphering data with a NIST-approved algorithm or cryptographic
module using a NIST-approved key length.Encryption must be applied in such a way that it
renders data unusable to anyone but the authorized users,and the confidential process,encryption
key or other means to decipher the information is protected from unauthorized access.
"Personal Information"means information defined in RCW 42.56.590(10).
3. PERIOD OF AGREEMENT
This agreement shall begin on June_2021,or date of execution,whichever is later,and end on
June 24,2024, unless terminated sooner or extended as provided herein.
4. JUSTIFICATION FOR DATA SHARING
SAO is the auditor of all public accounts in Washington State. SAO's authority is broad and
includes both explicit and implicit powers to review records,including confidential records,
during the course of an audit or investigation.
5. DESCRIPTION OF DATA TO BE SHARED
The data to be shared includes information and data related to financial activity,operation and
compliance with contractual, state and federal programs, security of computer systems,
performance and accountability for agency programs as applicable to the audit(s)performed.
Specific data requests will be limited to information needed for SAO audits,investigations and
related statutory authorities as identified through auditor requests.
6. DATA TRANSMISSION
Transmission of data between Agency and SAO will use a secure method that is commensurate to
the sensitivity of the data being transmitted,as defined by OCIO 141.10.
7. DATA STORAGE AND HANDLING REQUIREMENTS
Agency will notify SAO if they are providing confidential data.All confidential data provided by
Agency will be stored with access limited to the least number of SAO staff needed to complete
the purpose of the DSA.
8. INTENDED USE OF DATA
The Office of the Washington State Auditor will utilize this data in support of their audits,
investigations,and related statutory responsibilities as described in chapter 43.09 RCW.
9. CONSTRAINTS ON USE OF DATA
The Office of the Washington State Auditor agrees to strictly limit use of information obtained
under this Agreement to the purpose of carrying out our audits,investigations and related
statutory responsibilities as described in RCW 43.09.
10. SECURITY OF DATA
DSA Agreement between Agency and SAO—Page 2
Agency DSA: 21-01
Agency DSA 21-01
SAO shall take due care and take reasonable precautions to protect Agency's data from
unauthorized physical and electronic access. SAO complies with the requirements of the OCIO
141.10 policies and standards for data security and access controls to ensure the confidentiality,
and integrity of all data shared. Agency may halt the electronic sharing of data with SAO;
however it will not limit SAO's authority as outlined in RCW 43.09.
11. NON-DISCLOSURE OF DATA
SAO staff shall not disclose,in whole or in part,the data provided by Agency to any individual or
agency,unless this Agreement specifically authorizes the disclosure. Data may be disclosed only
to persons and entities within the Agency or SAO that have the need to use the data to achieve the
stated purposes of this Agreement. In the event of a public disclosure request for the Agency's
data, SAO will notify the Agency no less than ten(10) days prior to the disclosure date.
a. SAO shall not access or use the data for any commercial or personal purpose.
b. Any exceptions to these limitations must be approved in writing by Agency.
c. The SAO shall ensure that all staff with access to the data described in this Agreement
are aware of the use and disclosure requirements of this Agreement and will advise new
staff of the provisions of this Agreement.
12. OVERSIGHT
The SAO agrees that Agency will have the right,at any time,to monitor,audit,and review
activities and methods in implementing this Agreement in order to assure compliance.
13. TERMINATION
Either party may terminate this Agreement with 30 days' written notice to the other party's
Agreement Administrator named on Page 1.However,once data is accessed by the SAO,this
Agreement is binding as to the confidentiality,use of the data,and disposition of all data received
as a result of access,unless otherwise amended by the mutual agreement of both parties.
14. DISPUTE RESOLUTION
In the event that a dispute arises under this Agreement,a Dispute Board shall determine
resolution in the following manner.Each party to this Agreement shall appoint one member to the
Dispute Board.The members so appointed shall jointly appoint an additional member to the
Dispute Board.The Dispute Board shall review facts,contract terms,and applicable statutes and
rules and make a determination of the dispute.
15. GOVERNANCE
a. The provisions of this Interagency Data Sharing Agreement are severable.If any
provision of this Agreement is held invalid by any court that invalidity shall not affect the
other provisions of this Interagency Data Sharing Agreement and the invalid provision
shall be considered modified to conform to the existing law.
b. In the event of a lawsuit involving this Interagency Data Sharing Agreement,venue shall
be proper only in Thurston County, Washington.
16. AMENDMENT/MODIFICATION
No provisions of this Agreement may be amended or modified except by written agreement
signed by the Parties.
DSA Agreement between Agency and SAO—Page 3
Agency DSA: 2 1-0 1
Agency DSA 21-01
17. SIGNATURES
The signatures below indicate agreement between the parties.
Agency Office of the Washington State Auditor
illank aiS911,1_ V/7ØZI
Signature Date Signature Date
Title: CAy /d(/�rr- Title: Audit Manager
DSA Agreement between Agency and SAO—Page 4
Agency DSA: 21-01
Agency DSA 21-01
17. SIGNATURES
The signatures below indicate agreement between the parties.
Agency Office of the Washington State Auditor
(1a0t6111,1,. t° _
00-02,1 f ,
8/11/2021
Signature Date Signature Date
Title: i Title: Audit Manager
DSA Agreement between Agency and SAO—Page 4
Agency USA: 21-01