|
Pursuant to Government Code
section 11019.9, all departments and agencies
of the State of California shall enact and maintain
a permanent privacy policy, in adherence with
the Information Practices Act of 1977 (Civil
Code section 1798 et seq.), that includes, but
is not necessarily limited to, the following
principles:
(a) Personally identifiable
information may only be obtained through lawful
means.
(b) The purposes
for which personally identifiable data are collected
shall be specified at or prior to the time of
collection, and any subsequent use of the data
shall be limited to and consistent with the
fulfillment of those purposes previously specified.
(c) Personal data
may not be disclosed, made available, or otherwise
used for a purpose other than those specified,
except with the consent of the subject of the
data, or as required by law or regulation.
(d) Personal data
collected shall be relevant to the purpose for
which it is needed.
(e) The general
means by which personal data is protected against
loss, unauthorized access, use, modification,
or disclosure shall be posted, unless the disclosure
of those general means would compromise legitimate
agency objectives or law enforcement purposes.
Each department
shall implement this privacy policy by:
-
Designating
which position within the department or
agency is responsible for the implementation
of and adherence to this privacy policy;
-
Prominently
posting the policy physically in its offices
and on its internet website, if any;
-
Distributing
the policy to each of its employees and
contractors who have access to personal
data;
-
Complying with
the Information Practices Act (Civil Code
Section 1798 et seq.); the Public Records
Act (Government Code Section 6250 et seq.);
Government Code Section 11015.5, and all
other laws pertaining to information privacy;
-
Using appropriate
means to successfully implement and adhere
to this privacy policy.
|
