|
Pursuant to Government Code section 11019.9, all
departments and agencies of the State of California
shall enact and maintain a permanent privacy
policy, in adherence with the Information Practices
Act of 1977 (Civil Code section 1798 et seq.), that
includes, but is not necessarily limited to, the
following principles:
- Personally identifiable information may only
be obtained through lawful means.
- The purposes for which personally
identifiable data are collected shall be
specified at or prior to the time of collection,
and any subsequent use of the data shall be
limited to and consistent with the fulfillment
of those purposes previously specified.
- Personal data may not be disclosed, made
available, or otherwise used for a purpose other
than those specified, except with the consent of
the subject of the data, or as required by law
or regulation.
- Personal data collected shall be relevant to
the purpose for which it is needed.
- The general means by which personal data is
protected against loss, unauthorized access,
use, modification, or disclosure shall be
posted, unless the disclosure of those general
means would compromise legitimate agency
objectives or law enforcement purposes.
Each department shall implement this privacy
policy by:
- Designating which position within the
department or agency is responsible for the
implementation of and adherence to this privacy
policy;
- Prominently posting the policy physically in
its offices and on its Internet website, if
any;
- Distributing the policy to each of its
employees and contractors who have access to
personal data;
- Complying with the Information Practices Act
(Civil Code Section 1798 et seq.); the Public
Records Act (Government Code Section 6250 et
seq.); Government Code Section 11015.5, and all
other laws pertaining to information
privacy;
Using appropriate means to successfully
implement and adhere to this privacy policy.
|
