The personal information collection and management policies, practices and procedures implemented by the Commission on State Mandates (Commission) are governed by law; including the California Information Practices Act (Civil Code Section 1798 et seq.)
"Personal information" is information about a natural person that identifies or describes an individual including, but not limited to, his or her name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history, readily identifiable to that specific individual.
Pursuant to Government Code Section 11019.9 and the Information Practices Act, the Commission follows these principles in collecting and managing personal information:
The Commission only gathers personal information through lawful means.
The purposes for which the Commission collects personally identifiable data shall be specified at, or prior to, the time of collection. Any subsequent use of the data shall be limited to the fulfillment of purposes not inconsistent with the purposes specified when collected.
Personal information will not be disclosed, made available, or otherwise used for purposes other than those specified at the time of collection, except with the consent of the subject of the data, or as authorized by law.
The Commission limits the collection of personal information to that information relevant and necessary to accomplish a lawful purpose of the Commission.
The Commission uses security controls to protect personal information against loss, unauthorized access, use, modification or disclosure; such as:
- Personal information is stored in secure locations.
- Staff is trained on procedures for the release of information, and access to personal information is limited to those staff whose work requires it.
- Materials containing personal information are destroyed as specified in the Commission's records retention schedule.
Personal Information Collected from Visitors to the Commission Website:
Electronically Collected Personal Information
Personal information from users of the Commission website may be electronically collected. In accordance with Government Code Section 11015.5, "electronically collected personal information" includes information maintained by an agency that identifies or describes an individual user including, but not limited to, his or her name, social security number, physical description, home address, home telephone number, education, financial matters, medical or employment history, password, electronic mail address, and information that reveals any network location or identity.
The Commission collects limited information from visitors who just browse the Commission website. Only the following "electronically collected personal information" is automatically collected: browser type, date/time, page accessed and IP address of user's device. Electronically collected personal information does not include information manually submitted by a user, even if submitted in electronic form or information on or relating to individuals who use the Commission website in a business capacity.
With limited exceptions, Government Code Section 11015.5 prohibits the Commission from distributing or selling any "electronically collected personal information" about users to any third party without the user's prior written consent. Accordingly, the Commission does not sell any "electronically collected personal information." Moreover, "electronically collected personal information" is never stored permanently and will be discarded at the request of the user. Users who wish to have their electronically collected information discarded without reuse should contact the Commission Information Security Officer, see below. "Electronically collected personal information" maintained by the Commission is subject to the limitations set forth in the Information Practices Act and is exempt from the Public Records Act's mandatory disclosure for public inspection and copying.
Other Information Collected
The Commission collects the email address of users of the website who request a subscription to the Commission's electronically available mailing lists. The Commission also maintains a record of emails received from users of the website including any personal information voluntarily submitted such as the sender's email address. The Public Records Act may require the disclosure of personal information manually submitted to the Commission through an electronic form.
Contacting the Commission:
Commission on State Mandates
Information Security Officer
980 9th Street, Suite 300
Sacramento, California 95814