Privacy Policy & Notice On Information Collection


The California Department of Corrections & Rehabilitation (CDCR) is committed to promoting and protecting the privacy rights of individuals as described in Article 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal laws. We communicate the purpose for which the information will be used, at or prior to the time of collection. Any subsequent use will be consistent with the original purpose. We will not disclose your personal data without your consent, unless authorized by law. We use security technologies to protect all of your information from unauthorized viewing by either internal or external sources. Personal information refers to personally identifiable identification information, or other documentary material regardless of physical form or characteristic, received, owned, used, or produced by CDCR.

You have the right to know what types of information we gather and how we use it. You may review your information and bring any inaccuracies to our attention. Our policies regarding the personal information we collect and manage are governed by law, including the Information Practices Act (Civil Code Section 1798 – 1798.78).


CDCR may place and subsequently retrieve cookies that identify you and your computer to our website. Cookies do not contain personal or confidential information about you and will only be used to monitor activity on our website. We aggregate statistics from users who have these cookies. You can refuse the cookie or delete the cookie file from your computer by using any of the widely available methods.

Information we collect

Each time you visit our website, we automatically record the following information:

Information Definition
Date Date of visit
Time Time of visit
Client IP Address Your Internet Protocol Address (i.e., your computer's address)
Server IP Address Internet Protocol Address of our web server (i.e., our server's address)
Referrer Uniform Resource Locator (URL) of the web page that sent the requested file
HTTP Hypertext Transfer Protocol (i.e., software that runs the web)
HTTP Status Codes that indicate the condition of the request, report errors, and give other necessary information (e.g., 404 Requested Page Not Found)
HTTP Request URL The address of the web page or file you requested
Bytes Sent Amount of data you downloaded during your visit
Bytes Received Amount of data you uploaded during your visit
User Agent Name and version of your web browser or other software that requested information from us
Protocol Version Version of HTTP used by your web browser
Cookie A small text file, primarily used to customize webpages for the visitor We limit our use of cookies as stated above

It is the policy of CDCR to limit the collection of personal information and to safeguard the privacy of personal information that we collect or maintain. CDCR’s information management practices are governed by the requirements of the Information Practices Act (Civil Code section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, Article 5 (commencing at Section 350.02) of Title 13 of the California Code of Regulations and other applicable laws pertaining to information privacy.

CDCR follows these principles in collecting and managing personal information:

CDCR limits the collection of personal information to what is relevant and necessary to accomplish the lawful purpose of CDCR. Personal information will not be disclosed, made available, or otherwise used for purposes other than those specified at the time of collection, except with the consent of the subject of the data, or as authorized by law. 

Personal information, as defined in the Information Practices Act, is information that identifies or describes an individual including, but not limited to, name, Social Security number, physical description, home address, home telephone number, education, financial matters and medical or employment history. CDCR only collects the personal information that is appropriate for the type of service requested such as visitation services and employment opportunities.

CDCR does not collect home, business or e-mail addresses, or account information from persons who simply browse our website. The information CDCR automatically collects includes your domain name or IP address, the type of browser and operating system you used, date and time you visited the site, web pages you visited and any forms you downloaded or submitted. This information is collected for customer service and audit purposes. Electronically collected information is exempt from requests made under the Public Records Act.

The Public Records Act exists to ensure that government is open and that the public has a right to have access to appropriate records and information possessed by state government. At the same time, there are exceptions in both state and federal law to the public's right to access public records. These exceptions serve various needs including maintaining the privacy of individuals. In the event of a conflict between this policy and the Public Records Act, the Information Practices Act or other law governing the disclosure of records, the applicable law will control.

Protecting your privacy

CDCR has security measures in place to protect against loss, unauthorized access, use, modification or disclosure of the information under its control. We use security technologies to protect all of your information on our entire website from unauthorized viewing or corruption, by either internal or external sources. Personal information is stored in secure locations. Our staff are trained on procedures for the management and release of personal information, and access to personal information is limited to those staff whose work requires it.
There are things you can do to protect your privacy. Be sure to update your browser and operating system regularly. For more information on how you can protect your privacy, visit the Privacy Enforcement and Protection page on the Office of the Attorney General website.

Any information we acquire, including information collected on our website, may be released if requested as stated in the Information Practices Act of 1977 (see Civil Code Section 1798).

Electronically collected personal information is exempt from disclosure when requested under the California Public Records Act (see Government Code Section 6250).

Information Practices Act – Civil Code Sections 1798-1798.78

Title 1.8 Personal Data
Chapter 1 Information Practices Act of 1977
Article 1 General Provisions and Legislative Findings 1798-1798.1
Article 2 Definitions 1798.3
Article 5 Agency Requirements 1798.14-1798.23
Article 6 Conditions of Disclosure 1798.24-1798.24b
Article 7 Accounting of Disclosures 1798.25-1798.29
Article 8 Access to Records and Administrative Remedies 1798.30-1798.44
Article 9 Civil Remedies 1798.45-1798.53
Article 10 Penalties 1798.55-1798.57
Article 11 Miscellaneous Provisions 1798.60-1798.69
Article 12 Construction with Other Laws 1798.70-1798.78

Links to other websites

Our website includes links to other websites. We provide these links as a convenience. Please read the privacy policy of any website that collects your personal information. These websites and their privacy policies are not under our control.

This policy is effective June 1, 2015. Please note that our Privacy Policy reflects CDCR’s current business practices and changes will be reflected on the website. 

CDCR will provide additional information on our privacy policy if requested. If you have further questions, comments, or complaints about CDCR's privacy policy or policy compliance, you may contact us at:

California Department of Corrections & Rehabilitation
ATTN: Privacy Coordinator
PO Box 942883
Sacramento, CA 94283-0001