• Personally identifiable information may only be obtained through lawful means.
• The purposes for which personally identifiable data are collected shall be specified at or prior to the time of collection, and any subsequent use of the data shall be limited to and consistent with the fulfillment of those purposes previously specified.
• Personal data may not be disclosed, made available, or otherwise used for purposes other than those specified, except with the consent of the individual, or as required by law or regulation.
• Personal data collected shall be relevant to the purpose for which it is needed.
• The general means by which personal data is protected against loss, unauthorized access, use, modification, or disclosure shall be posted, unless the disclosure of those general means would compromise legitimate agency objectives or law enforcement purposes.

Collection And Disclosure Of Personal And Confidential Information

The Information Practices Act of 1977 (Civil Code Section 1798) restricts State agencies in the collection, use, maintenance, and disclosure of personal and confidential information relating to individuals. With specific exceptions, individuals may obtain copies of personal information pertaining to him/her in State records.

Responsibilities of Department Employees

1. Employees responsible for the collection, maintenance, use, and dissemination of information about individuals that relates to his/her personal life, including his/her employment and medical history, financial transactions, marital status, and dependents, shall comply with the provisions of the Information Practices Act. 

2. Personal information shall not be requested which is not necessary and relevant to the function for which the employee is responsible. 

3. Inquiries and requests relating to personal records of individuals shall be responded to promptly. Reasonable assistance shall be given to individuals to facilitate locating specific records. 

4. Employees shall not disclose personal and confidential information relating to individuals to unauthorized persons or entities. 

5. Employees shall not seek out or use personal or confidential information relating to others for his/her own interest or advantage. Intentional violation of this rule may be cause for disciplinary action, including dismissal from State service. 

6. Employees responsible for maintenance of personal and confidential records shall take reasonable precautions to protect the confidentiality of such records to prevent unauthorized disclosure. 

Access to Personal Records

1. All individuals who are the subject of records maintained by the Department have the right to inquire and be notified as to whether or not a record pertaining to him/her is maintained by the Department. An individual requesting access to information must make such a request in writing when the disclosure cannot be made directly to the subject of the records. Access will be at a reasonable place determined by the record holder.

2. Upon proper identification, any individual who requests access to a record pertaining to himself/herself will be granted access as quickly as practical, but no later than 30 days after the request for active records or 60 days for records stored in the State Records Center. "Proper identification" may be personal recognition or photo and signature identification. 

3. In allowing an individual to see or obtain copies of information about himself/herself, any confidential information relating to another individual shall be deleted. 

4. If the Department refuses access to an individual to information pertaining to himself/herself because the information is deemed "confidential," it shall inform the individual of that fact in writing, stating the reason for refusal. 

5. If an individual requests copies of records pertaining to himself/herself, said copies will be furnished directly to the individual or to another person authorized by the individual. Copies may be sent to a location or mailed to an address given by the individual requesting them. In all cases, proper identification of the requestor is necessary to ensure privacy. The fee for copying is ten (10) cents per page. The copying fee may be waived. Payment may be cash if in person, or by check or money order if by mail. Payment will be made to the holder of the record. 

What Constitutes Confidential, Personal, and Nonpersonal Information

1. Confidential information is information withheld from the subject of the records, but shared with authorized persons and includes: 

   a. Testing or examination material and scoring keys if the disclosure would compromise the fairness of the testing or examination process. 

   b. Investigatory files maintained for the purpose of investigating a violation of law as long as the investigation is in progress. 

   c. Information containing medical, psychiatric or psychological material, if the holder of the record determines that disclosure of such information would be medically or psychologically detrimental to the individual. 

2. Personal information is information shared with the subject of the records and other authorized persons only. It includes information containing educational background, financial transactions, or employment history.

3. Nonpersonal information may be shared with anyone. It includes:

   a. Names, addresses, and telephone numbers such as agency telephone directories. This does not include home addresses or telephone numbers.

   b. Names, salary range, current salary, department, reporting unit, current classification, and appointment tenure (State employees only).

   c. Public access to materials relating to records of disciplinary actions filed or taken against employees is limited to information that becomes a matter of public record (e.g., notices filed with the State Personnel Board Hearing Office).

   d. An employee's current supervisor, and with the employee's knowledge (not necessarily consent), prospective supervisors at the point of making a hiring commitment within State service have access to those personnel records related directly to current and past performance, e.g., performance evaluations, recommendations, disciplinary actions, and attendance records. Access by prospective employers within State service will be allowed if a signed release form is provided to the Human Resources Manager, with the affected employee being notified of the disclosure. Disclosure to prospective employers outside State service will be limited to that information available to the public, unless the employee has stated in writing more information may be disclosed.

Supervisors and managers do not have access to information relative to the private life of an employee, such as marital status, dependents, salary deductions (purpose), and, with some exceptions, medical information. Persons acting on behalf of the employing department or other State agency (e.g., a person assigned to investigate a grievance or complaint) should have access to an employee's file on a "need-to-know" basis, where the employee's past or present experience, training, or performance is relative to the issue.

Amendment of Record

1. An individual may in writing request an amendment to their personal file. The request should be directed to the Assistant Chief, Administrative Services. 

2. The response shall be given within 30 days, or 60 days if the material is filed in the State Records Center. The written response shall advise that the changes requested have been made or inform the individual of the Department's refusal to make the changes and the reason therefore. If the individual protests the refusal to make the requested changes, the individual may file a statement setting forth the reasons for the individual's disagreement with the record. The individual will be advised that such statement shall become a part of the individual's record and be disclosed with any authorized disclosures of such record. 

3. The Assistant Chief, Administrative Services, will conduct a review of a refusal to amend or of a determination that information requested is confidential. 

4. The Department's Human Resources Manager has been designated as the Information Practices Act Coordinator for the Department.