|
Pursuant to Government Code section
11019.9, all departments and agencies of the State of
California shall enact and maintain a permanent privacy
policy, in adherence with the Information Practices
Act of 1977 (Civil Code section 1798 et seq.), that
includes, but is not necessarily limited to, the following
principles:
(a) Personally identifiable
information may only be obtained through lawful means.
(b) The purposes for which personally
identifiable data are collected shall be specified at
or prior to the time of collection, and any subsequent
use of the data shall be limited to and consistent with
the fulfillment of those purposes previously specified.
(c) Personal data may not be
disclosed, made available, or otherwise used for a purpose
other than those specified, except with the consent
of the subject of the data, or as required by law or
regulation.
(d) Personal data collected
shall be relevant to the purpose for which it is needed.
(e) The general means by which
personal data is protected against loss, unauthorized
access, use, modification, or disclosure shall be posted,
unless the disclosure of those general means would compromise
legitimate agency objectives or law enforcement purposes.
Each department shall implement this
privacy policy by:
-
Designating which position within
the department or agency is responsible for the
implementation of and adherence to this privacy
policy;
-
Prominently posting the policy
physically in its offices and on its internet website,
if any;
-
Distributing the policy to each
of its employees and contractors who have access
to personal data;
-
Complying with the Information
Practices Act (Civil Code Section 1798 et seq.);
the Public Records Act (Government Code Section
6250 et seq.); Government Code Section 11015.5,
and all other laws pertaining to information privacy;
-
Using appropriate means to successfully
implement and adhere to this privacy policy.
|
