Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 45 – Information Security

Revised May 20, 2013

View All Sections >

49020.3 Statutory References Concerning the Confidentiality and Security of Information within CDCR

  • SAMState Administrative Manual section 5300.3 requires the Secretary/Director of each State agency that uses, receives, or provides services to designate an Agency Information Security Officer (ISOInformation Security Officer) who shall be responsible for implementing State policies and standards regarding the confidentiality and security of information within the Department. These policies and standards shall include, but are not limited to, strict controls to prevent unauthorized access of data maintained in computer files, program documentation, data processing systems, data files, and data processing equipment located physically in the Department and to establish guidelines for the dissemination of information under the control of California State agencies is as found in the State Constitution, in statutes, and in administrative policies:

    • Article 1, Section 1, of the Constitution of the State of California defines pursuing and obtaining privacy as an inalienable right.

    • The Information Practices Act of 1977 (Civil Code [CCCorrectional Counselor], § 1798, et seq.), places specific requirements on State agencies in the collection, use, maintenance, and dissemination of information relating to individuals.

    • The California Public Records Act (Government Code [GCGovernment Code], §§ 6250-6265), provides for the inspection of public records.

    • The State Records Management Act (GCGovernment Code, §§ 14740-14770) provides for the application of management methods to create, use, maintain, retain, preserve, and dispose of State records, including the determination of records essential to the continuation of State government in the event of a major disaster. SAMState Administrative Manual, §§ 1601-1699 contains administrative policies to implement provisions of this law.

    • The California Penal Code (PCPenal Code), § 502 covers the following offenses:

      • Manipulating data, a computer system, or computer network to devise or execute a fraud.

      • Knowingly accessing and, without permission, taking copies or using any data from a computer or taking any supporting documentation, internal or external, to a computer.

      • Theft of computer services.

      • Knowingly accessing and without permission, damaging data, computer software, or applications/programs, internal or external, to a computer.

      • Disrupting or denying computer services to an authorized user.

    • The California PCPenal Code § 11142 provides that, “Any person authorized by law to receive a record or information obtained from a record who knowingly furnishes the record or information to a person who is not authorized by law to receive the record or information is guilty of a misdemeanor.”

    • The Federal Copyright Act of 1976 provides for the prosecution of persons guilty of the theft of computer programs.