Privacy Policy

Notice On Information Collection for the CDCR Public Website


The California Department of Corrections & Rehabilitation (CDCR) is committed to promoting and protecting the privacy rights of individuals as described in Article 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal laws. We communicate the purpose for which the information will be used, at or prior to the time of collection. Any subsequent use will be consistent with the original purpose. We will not disclose your personal data without your consent, unless authorized by law. We use security technologies to protect all of your information from unauthorized viewing by either internal or external sources. Personal information refers to personally identifiable identification information, or other documentary material regardless of physical form or characteristic, received, owned, used, or produced by CDCR.

You have the right to know certain information we gather and how we use it. You may review your information and bring any inaccuracies to our attention. Our policies regarding the personal information we collect and manage are governed by law, including the Information Practices Act (Civil Code Section 1798 – 1798.78).

Online forms

CDCR uses online forms to capture data and information you choose to provide. The data and information collected is forwarded as emails to CDCR to assist in a wide variety of services and may include personal or confidential information you choose to provide.


CDCR uses cookies that identify you and your computer to our website. Cookies are used to monitor activity on CDCR’s website for statistical purposes and aggregate these statistics to improve our site for users. Session cookies are cleared automatically when you close your browser or restart your computer. Persistent cookies are stored on your local computer as small text files, but clear automatically in one hour to two years depending on the cookie . You can manually refuse or delete cookies in your computer browser by using many available methods found online. Refer to your specific browser’s support on how to manage or delete cookies.

Information we collect using cookies

Each time you visit our website, we automatically record the following information:

DateDate of visit.
TimeTime of visit.
Client IP AddressYour Internet Protocol Address (i.e., your computer’s address).
Server IP AddressInternet Protocol Address of our web server (i.e., our server’s address).
ReferrerUniform Resource Locator (URL) of the web page that sent the requested file.
HTTPHypertext Transfer Protocol (i.e., software that runs the web).
HTTP StatusCodes that indicate the condition of the request, report errors, and give other necessary information (e.g., 404 Requested Page Not Found).
HTTP Request URLThe address of the web page or file you requested.
Bytes SentAmount of data you downloaded during your visit.
Bytes ReceivedAmount of data you uploaded during your visit.
User AgentName and version of your web browser or other software that requested information from us.
Protocol VersionVersion of HTTP used by your web browser.

It is the policy of CDCR to limit the collection of personal information and to safeguard the privacy of personal information that we collect or maintain. CDCR’s information management practices are governed by the requirements of the Information Practices Act (Civil Code section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, Article 5 (commencing at Section 350.02) of Title 13 of the California Code of Regulations and other applicable laws pertaining to information privacy.

CDCR follows these principles in collecting and managing personal information:

  1. CDCR limits the collection of personal information to what is relevant and necessary to accomplish the lawful purpose of CDCR. Personal information will not be disclosed, made available, or otherwise used for purposes other than those specified at the time of collection, except with the consent of the subject of the data, or as authorized by law.
  2. Personal information, as defined in the Information Practices Act, is information that identifies or describes an individual including, but not limited to, name, Social Security number, physical description, home address, home telephone number, education, financial matters and medical or employment history. CDCR only collects the personal information that is appropriate for the type of service requested such as visitation services and employment opportunities.
  3. CDCR does not collect home, business or e-mail addresses, or account information from persons who simply browse our website. The information CDCR automatically collects includes your domain name or IP address, the type of browser and operating system you used, date and time you visited the site, web pages you visited and any forms you downloaded or submitted. This information is collected for customer service and audit purposes. Electronically collected personal information is exempt from requests made under the Public Records Act.
  4. IP addresses that are collected using cookies are for aggregate statistics. CDCR does not distribute or sell IP addresses.

The Public Records Act exists to ensure that government is open and that the public has a right to have access to appropriate records and information possessed by state government. At the same time, there are exceptions in both state and federal law to the public’s right to access public records. These exceptions serve various needs including maintaining the privacy of individuals. In the event of a conflict between this policy and the Public Records Act, the Information Practices Act or other law governing the disclosure of records, the applicable law will control.

Protecting your privacy

CDCR has security measures in place to protect against loss, unauthorized access, use, modification or disclosure of the information under its control. We use security technologies to protect all of your information on our entire website from unauthorized viewing or corruption, by either internal or external sources. Personal information is stored in secure locations. Our staff are trained on procedures for the management and release of personal information, and access to personal information is limited to those staff whose work requires it.

There are things you can do to protect your privacy. Be sure to update your browser and operating system regularly. For more information on how you can protect your privacy, visit the Privacy Enforcement and Protection page on the Office of the Attorney General website.

Any information we acquire, including information collected on our website, may be released if requested as stated in the Information Practices Act of 1977 (see Civil Code Section 1798).

Electronically collected personal information is exempt from disclosure when requested under the California Public Records Act (see Government Code Section 6250).

Information Practices Act
Civil Code Sections 1798-1798.78

Title 1.8Personal Data
Chapter 1Information Practices Act of 1977
Article 1General Provisions and Legislative Findings1798-1798.1
Article 2Definitions1798.3
Article 5Agency Requirements1798.14-1798.23
Article 6Conditions of Disclosure1798.24-1798.24b
Article 7Accounting of Disclosures1798.25-1798.29
Article 8Access to Records and Administrative Remedies1798.30-1798.44
Article 9Civil Remedies1798.45-1798.53
Article 10Penalties1798.55-1798.57
Article 11Miscellaneous Provisions1798.60-1798.69
Article 12Construction with Other Laws1798.70-1798.78

Links to other websites

Our website includes links to other websites. We provide these links as a convenience. Please read the privacy policy of any website that collects your personal information as these websites and their privacy policies are not under our control.


CDCR will provide additional information on our privacy policy upon request. If you have further questions, comments, or complaints about CDCR’s privacy policy or policy compliance, you may contact us at:

California Department of Corrections & Rehabilitation
ATTN: Privacy Coordinator
PO Box 942883
Sacramento, CA 94283-0001

This policy is effective June 1, 2015. Please note that our Privacy Policy reflects CDCR’s current business practices and changes will be reflected on the website.