From Consumer Wiki
|Line 21:||Line 21:|
Latest revision as of 21:04, 1 September 2010
The California Department of Consumer Affairs is committed to the free flow of information that can help consumers make good marketplace decisions. The Department is also committed to promoting and protecting the privacy rights of individuals, as enumerated in Article 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal statutes.
It is the policy of the Department of Consumer Affairs and its constituent agencies to limit the collection and safeguard the privacy of personal information collected or maintained by the Department or by any of its constituent agencies. The Department's information management practices are consistent with the Information Practices Act (Civil Code Section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, and with other applicable laws pertaining to information privacy.
The Department follows these principles in collecting and managing personal information:
- We collect personal information on individuals only as allowed by law. We limit the collection of personal information to what is relevant and necessary to accomplish a lawful purpose of the Department. For example, we need to know someone's address, telephone number and social security number, among other things, to properly identify the person before issuing a professional license. Personal information, as defined in the Information Practices Act, is information that identifies or describes an individual including, name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history.
- We tell people who provide personal information to the Department the purpose for which the information is collected. We tell persons who are asked to provide personal information about the general uses that we will make of that information. We do this at the time of collection. With each request for personal information, we provide information on the authority under which the request is made, the principal uses we make of the information and the possible disclosures we are obligated to make to other government agencies and to the public.
- We tell people who provide personal information about their opportunity to review that information. The Department allows individuals who provide personal information to review the information and contest its accuracy or completeness.
- We use personal information only for the specified purposes, or purposes consistent with those purposes, unless we get the consent of the subject of the information, or unless required by law or regulation. The Public Records Act exists to ensure that government is open and that the public has a right to have access to appropriate records and information possessed by state government. At the same time, there are exceptions in both state and federal law to the public's right to access public records. These exceptions serve various needs including maintaining the privacy of individuals. In the event of a conflict between this Policy and the Public Records Act, the Information Practices Act or other law governing the disclosure of records, the applicable law will control.
- We use information security safeguards. We take reasonable precautions to protect the personal information on individuals collected or maintained by the Department against loss, unauthorized access, and illegal use or disclosure. On our Web sites, we protect the security your personal information during transmission by using Secure Sockets Layer (SSL) software, which encrypts the information you type in. Personal information is stored in secure locations. Our staff is trained on procedures for the release of information, and access to personal information is limited to those staff whose work requires it. Confidential information is destroyed according to the Department's records retention schedule. The Department conducts periodic audits to ensure that proper information management policies and procedures are being followed.