Notice On Information Collection for the CDCR Public Website
The California Department of Corrections & Rehabilitation (CDCR) is committed to promoting and protecting the privacy rights of individuals as described in Article 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal laws. We communicate the purpose for which the information will be used, at or prior to the time of collection. Any subsequent use will be consistent with the original purpose. We will not disclose your personal data without your consent, unless authorized by law. We use security technologies to protect all of your information from unauthorized viewing by either internal or external sources. Personal information refers to personally identifiable identification information, or other documentary material regardless of physical form or characteristic, received, owned, used, or produced by CDCR.
You have the right to know certain information we gather and how we use it. You may review your information and bring any inaccuracies to our attention. Our policies regarding the personal information we collect and manage are governed by law, including the Information Practices Act (Civil Code Section 1798 – 1798.78).
CDCR uses online forms to capture data and information you choose to provide. The data and information collected is forwarded as emails to CDCR to assist in a wide variety of services and may include personal or confidential information you choose to provide.
Information we collect using cookies
Each time you visit our website, we automatically record the following information:
|Date||Date of visit.|
|Time||Time of visit.|
|Client IP Address||Your Internet Protocol Address (i.e., your computer’s address).|
|Server IP Address||Internet Protocol Address of our web server (i.e., our server’s address).|
|Referrer||Uniform Resource Locator (URL) of the web page that sent the requested file.|
|HTTP||Hypertext Transfer Protocol (i.e., software that runs the web).|
|HTTP Status||Codes that indicate the condition of the request, report errors, and give other necessary information (e.g., 404 Requested Page Not Found).|
|HTTP Request URL||The address of the web page or file you requested.|
|Bytes Sent||Amount of data you downloaded during your visit.|
|Bytes Received||Amount of data you uploaded during your visit.|
|User Agent||Name and version of your web browser or other software that requested information from us.|
|Protocol Version||Version of HTTP used by your web browser.|
It is the policy of CDCR to limit the collection of personal information and to safeguard the privacy of personal information that we collect or maintain. CDCR’s information management practices are governed by the requirements of the Information Practices Act (Civil Code section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, Article 5 (commencing at Section 350.02) of Title 13 of the California Code of Regulations and other applicable laws pertaining to information privacy.
CDCR follows these principles in collecting and managing personal information:
- CDCR limits the collection of personal information to what is relevant and necessary to accomplish the lawful purpose of CDCR. Personal information will not be disclosed, made available, or otherwise used for purposes other than those specified at the time of collection, except with the consent of the subject of the data, or as authorized by law.
- Personal information, as defined in the Information Practices Act, is information that identifies or describes an individual including, but not limited to, name, Social Security number, physical description, home address, home telephone number, education, financial matters and medical or employment history. CDCR only collects the personal information that is appropriate for the type of service requested such as visitation services and employment opportunities.
- CDCR does not collect home, business or e-mail addresses, or account information from persons who simply browse our website. The information CDCR automatically collects includes your domain name or IP address, the type of browser and operating system you used, date and time you visited the site, web pages you visited and any forms you downloaded or submitted. This information is collected for customer service and audit purposes. Electronically collected personal information is exempt from requests made under the Public Records Act.
- IP addresses that are collected using cookies are for aggregate statistics. CDCR does not distribute or sell IP addresses.
The Public Records Act exists to ensure that government is open and that the public has a right to have access to appropriate records and information possessed by state government. At the same time, there are exceptions in both state and federal law to the public’s right to access public records. These exceptions serve various needs including maintaining the privacy of individuals. In the event of a conflict between this policy and the Public Records Act, the Information Practices Act or other law governing the disclosure of records, the applicable law will control.
Protecting your privacy
CDCR has security measures in place to protect against loss, unauthorized access, use, modification or disclosure of the information under its control. We use security technologies to protect all of your information on our entire website from unauthorized viewing or corruption, by either internal or external sources. Personal information is stored in secure locations. Our staff are trained on procedures for the management and release of personal information, and access to personal information is limited to those staff whose work requires it.
There are things you can do to protect your privacy. Be sure to update your browser and operating system regularly. For more information on how you can protect your privacy, visit the Privacy Enforcement and Protection page on the Office of the Attorney General website.
Any information we acquire, including information collected on our website, may be released if requested as stated in the Information Practices Act of 1977 (see Civil Code Section 1798).
Electronically collected personal information is exempt from disclosure when requested under the California Public Records Act (see Government Code Section 6250).
Information Practices Act
Civil Code Sections 1798-1798.78
|Title 1.8||Personal Data|
|Chapter 1||Information Practices Act of 1977|
|Article 1||General Provisions and Legislative Findings||1798-1798.1|
|Article 5||Agency Requirements||1798.14-1798.23|
|Article 6||Conditions of Disclosure||1798.24-1798.24b|
|Article 7||Accounting of Disclosures||1798.25-1798.29|
|Article 8||Access to Records and Administrative Remedies||1798.30-1798.44|
|Article 9||Civil Remedies||1798.45-1798.53|
|Article 11||Miscellaneous Provisions||1798.60-1798.69|
|Article 12||Construction with Other Laws||1798.70-1798.78|
Links to other websites
California Department of Corrections & Rehabilitation
ATTN: Privacy Coordinator
PO Box 942883
Sacramento, CA 94283-0001