APPENDIX TO RFP TERMS & CONDITIONS

1a. Massachusetts Statement of Work Template

4. POINTS OF CONTACT

4.1 Single Point of Contact

[Vendor Abbreviation] and [Agency Abbreviation] will each assign a single point of contact with respect to this SOW. It is anticipated that the contact person will not change during the Term of this Agreement. In the event that a change is necessary, the party requesting the change will provide prompt written notice to the other. In the event a change occurs because of a non-emergency, two-week written notice is required. For a change resulting from an emergency, prompt notice is required. [Vendor Abbreviation]’s contact person is [Vendor Contact Name and Title], who can be reached at [Vendor Contact Address, phone number(s), email].

[Agency Abbreviation]’s contact is [Agency Contract Name and Title] who can be reached at [Agency Contact Address, phone number(s), email].

…

11.3 TITLE AND INTELLECTUAL PROPERTY RIGHTS

11.3.4 Commonwealth Property

In conformance with the Commonwealth’s Standard Terms and Conditions, all Deliverables created under this Agreement whether made by [Vendor Abbreviation], subcontractor or both are the property of [Agency Abbreviation], except for the [Vendor Abbreviation] Property embodied in the Deliverable. [Vendor Abbreviation] irrevocably and unconditionally sells, transfers and assigns to [Agency Abbreviation] or its designee(s), the entire right, title, and interest in and to all intellectual property rights that it may now or hereafter possess in said Deliverables, except for the [Vendor Abbreviation] Property embodied in the Deliverables, and all derivative works thereof. This sale, transfer and assignment shall be effective immediately upon creation of each Deliverable and shall include all copyright, patent, trade secret, trademark and other intellectual property rights created by [Vendor Abbreviation] or [Vendor Abbreviation]’s subcontractor in connection with such work (hereinafter the "Commonwealth Property").

All copyrightable material contained within a Deliverable and created under this Agreement are works made for hire. [Vendor Abbreviation] bears the burden to prove that a work within a Deliverable was not created under this Agreement. If work is determined to not be made for hire or that designation is not sufficient to secure rights, to the fullest extent allowable and for the full term of protection otherwise accorded to [Vendor Abbreviation] under such law, [Vendor Abbreviation] shall and hereby irrevocably does, assign and transfer to [Agency Abbreviation] free from all liens and other encumbrances or restrictions, all right, title and interest [Vendor Abbreviation] may have or come to have in and to such Deliverable.

…

---

EXHIBIT A

Intellectual Property and Work Effort Agreement for Vendor’s Employees, Consultants, and Agents

Confidentiality, Assignment of Inventions and Representation of Non-Infringement Agreement; Other Representations

The undersigned hereby acknowledges that he or she is an employee or consultant to of the following vendor of the Commonwealth of Massachusetts:

Name of Vendor: ________________________ (“Vendor”)

and desires to be assigned by the Vendor to perform services for the Commonwealth, and that the Vendor desires to assign you to perform services on one or more projects for the Commonwealth, but only under the condition that you sign this Agreement and agree to be bound by all of its terms and conditions.

NOW THEREFORE, in consideration of your assignment to work for the Commonwealth, the access you have to the confidential information of the Commonwealth, and for other good and valuable consideration, the parties agree as follows:

1. Confidentiality of the Commonwealth’s Materials. You agree that both during your assignment at the Commonwealth and thereafter you will not use for your own benefit, or divulge or disclose to anyone except to persons within the Commonwealth whose positions require them to know it, any information not already lawfully available to the public concerning the Commonwealth (“Confidential Information”), including but not limited to information regarding any website of the Commonwealth, any e-commerce products or services, any web development strategy, any financial information or any information regarding users of or vendors to the Commonwealth’s websites. Confidential Information also includes, without limitation, any technical data, design, pattern, formula, computer program, source code, object code, algorithm, subroutine, manual, product specification, or plan for a new, revised or existing product or web site; any business, marketing, financial or sales information; and the present or future plans of the Commonwealth with respect to the development of its web sites and web services.

2. All Developments the Property of the Commonwealth. All confidential, proprietary or other trade secret information and all other works of authorship, trademarks, trade names, discoveries, inventions, processes, methods and improvements, conceived, developed, or otherwise made by you, alone or with others, and in any way relating to the Commonwealth or any of its web development projects, whether or not patentable or subject to copyright protection and whether or not reduced to tangible form or reduced to practice during the period of your assignment with the Commonwealth (“Developments”) shall be the sole property of the Vendor’s customer, the Commonwealth. All copyrightable material contained within a Development during the period of your assignment with the Commonwealth are works made for hire. You bear the burden to prove that a work was not made during the period of your assignment with the Commonwealth. If a work is determined to not be made for hire or that designation is not sufficient to secure rights, to the fullest extent allowable and for the full term of protection otherwise accorded to you under such law, you shall and hereby irrevocably do, assign and transfer to the Commonwealth free from all liens and other encumbrances or restrictions, all right, title and interest you may have or come to have in and to such Development. YOU HEREBY WAIVE IN FAVOR OF THE COMMONWEALTH ANY AND ALL ARTIST’S OR MORAL RIGHTS (INCLUDING, WITHOUT LIMITATION, ALL RIGHTS OF INTEGRITY AND ATTRIBUTION) YOU MAY HAVE PURSUANT TO ANY STATE OR FEDERAL LAWS OF THE UNITED STATES IN RESPECT TO ANY DELIVERABLE AND ALL SIMILAR RIGHTS UNDER THE LAWS OF ALL OTHER APPLICABLE JURISDICTIONS. You agree to disclose all Developments promptly, fully and in writing to the Commonwealth promptly after development of the same, and at any time upon request. You agree to, and hereby do assign to the Commonwealth all your right, title and interest throughout the world in and to all Developments without any obligation on the part of the Commonwealth to pay royalties or any other consideration to you in respect of such Developments. You agree to assist the Vendor’s customer the Commonwealth, (without charge, but at no cost to you) to obtain and maintain for itself such rights.

3. Return of the Commonwealth’s Materials. At the time of the termination of your assignment with the Commonwealth, you agree to return to the Commonwealth all Commonwealth materials, documents and property, in your possession or control, including without limitation, all materials relating to work done while assigned by the Vendor to projects for Commonwealth or relating to the processes and materials of the Commonwealth. You also agree to return to the Commonwealth all materials concerning past, present and future or potential products and/or services of the Commonwealth. You also agree to return to the Commonwealth all materials provided by persons doing business with the Commonwealth and all teaching materials provided by the Commonwealth.

---

2. Sample City of Boston DoIT Contract (2013)

ARTICLE 14 – PUBLIC RECORDS AND ACCESS

14.1 The Contractor shall provide full access to records related to performance and compliance to the City for seven (7) years beginning on the first day after the final payment under this Contract or such longer period necessary for the resolution of any litigation, claim, negotiation, audit or other inquiry involving this Contract. Access to view Contractor records related to any breach or allegation of fraud, waste and/or abuse may not be denied and Contractor cannot claim confidentiality or trade secret protections solely for viewing but not retaining documents. Routine Contract performance compliance reports or documents related to any alleged breach or allegation of non-compliance, fraud, waste, abuse or collusion may be provided electronically and shall be provided at Contractor’s own expense. Reasonable costs for copies of non-routine Contract related records shall not exceed the rates for public records under 950 C.M.R. 32.00.

---

3. Portland-MetroFi, Inc. Agreement (2006)

6.4 Privacy Protection. Licensee shall protect privacy of users. Licensee shall not collect any personally identifiable information beyond what is required to operate Services and will only share information for purposes necessary to operate Services, except as required by law or authorized by this Agreement. Licensee shall provide access to terms of use including privacy and data collection policies upon initial connection to the Free Services and Subscription Services. Nothing herein is intended to prohibit the Licensee use of anonymous information that is aggregated beyond the level of the account or individual user.

Personally identifiable information includes, but is not limited to, any identifiers that are linked to an individual, such as “usernames” assigned by the service, email addresses, given name, street addresses, phone numbers, other personally identifiable demographic data, and other sensitive or personal financial information, such as credit card numbers, login IDs, passwords or bank account numbers.

Common locations for personally identifiable information for which this requirement applies include but are not limited to

o RADIUS logs (user name, IP address assignment, callback telephone number, session time, etc.) o Web and FTP server logs (client IP address, files accessed, request time, query string, etc.) o Email server logs (sender/recipient addresses, message date and time, relay hostnames, etc.) o Firewall and IDS logs (IP addresses, packet payloads, date and time of connections, protocol used, etc.) o User contact information databases (mailing address, phone number, billing information, etc.)

Personally identifiable information about users and logs where such information is kept shall be kept only as long as it is operationally necessary, except as required by law.

6.4.1 Sharing of Personally Identifiable Information.

Personally identifiable information shall not be shared with third parties, except as required by law or for purposes necessary to operate Services; however sharing of personally identifiable information with Advertisers or third-party Advertisement Delivery Services shall not be considered necessary to operate Services. Before data is used for marketing by Affiliates or non-affiliates, a user will have given consent (“opt-in”). Opt-in for sharing of personally identifiable information shall not be a pre-requisite for use of the Services.

Licensee shall obtain affirmative consent again where there is a material change to information collection or use policies.

Licensee shall ensure that entities that receive personally identifiable information from Licensee shall be held to the same standards detailed in this Agreement.

6.4.2 Session Activity History and Profiles.

Licensee shall not link personally identifiable information multiple session activities or create a log of activities associated with personally identifiable information, except as required by law.

Licensee may deliver anonymous profile information to third-party Advertisement Delivery Services including broad categories of usage and general location to facilitate the delivery of an appropriate Advertisement, provided that this is disclosed in the terms and conditions to use the Services. Anonymous profiles may be based on usage history data maintained by the Licensee that will not be associated with personally identifiable information. Usage history data for profile preparation shall not be maintained for more than ninety (90) days.

---

4. San Francisco-Earthlink Agreement (2007)

10.3.l Privacy Policy Standard. The following elements shall constitute the "Privacy Policy Standard" for Fee Services. 10.3.1.1 Sharing of Protected Personal Information. EarthLink will not share Protected Personal Information with any person or entity without the voluntary, affirmative consent of the user, subject to the following exceptions:

a. EarthLink may share Protected Personal Information with EarthLink's Third Party Suppliers to deliver or promote EarthLink's services, provided that users may opt out of receiving marketing communications from EarthLink or EarthLink's Third Party Suppliers using Protected Personal Information obtained from use of any EarthLink Fee Service. b. EarthLink may share Protected Personal Information with Third Party Suppliers for purposes of processing payments, collections, and order fulfillment and service delivery. c. EarthLink may share Protected Personal Information with law enforcement in accordance with Section 10.3.1.2. d. EarthLink may share Protected Personal Information with other persons or entities in connection with civil legal proceedings in accordance with Section 10.3.1.3. e. EarthLink may share Protected Personal Information with entities that jointly promote EarthLink's service to their customers, provided that users may opt out of receiving marketing communications from such entities or EarthLink using Protected Personal Information obtained from use of any Fee Service.

---

5. NYC Wireless Proposal (2014)

1. No passive tracking of wifi, bluetooth, or other wireless signals and their identities (MAC addresses, for example) of either users of a network or passersby
2. No tracking or logging of browsing or site visit, or DNS lookup behavior of individual users, and no interjection or rewriting of HTML or other content that network users may download or upload when using the network
3. No selling or reselling of any user data, whether entered, derived, or tracked, either individualized, anonymized, or aggregated to any other entity
4. No delivery of any collected user data, whether entered, derived, or tracked, either individualized, anonymized, or aggregated to any governmental agency with except for that which is legally compelled to provide
5. No use of any collected user data, whether entered, derived, or tracked, either individualized, anonymized, or aggregated with the sole exception of providing demographic information to advertisers in direct connection with the sale of display advertisements
6. No collection, tracking and saving of individual location visits and usage of hotspots for longer than 24 hours (users of networks can't be tracked through the system for a period older than 24 hours)
7. All such clauses above apply to both PII and "meta" information about a user and their devices.
8. No blocking or redirecting any websites or other online data sources, in whole or in part, for any reason. (this is a net neutrality thing)
9. VPN and SSL should be promoted as safe ways to use public hotspots when accessing the network and on the kiosk signage
10. Ideal is to not require a sign-in at all; This way, users are able to get online quickly and easily, and there isn't any fear of people being tracked
11. No selling or reselling any product or service directly to users who use the network, whether on the Wi-Fi network or the kiosk displays, with the sole exception of 3rd party display advertisements on the kiosk displays.