Little Hoover Commission employees, in the performance of their duties, may have occasion to receive, use, maintain, or transmit personal information about other employees or members of the public. The guidelines set forth in this policy are designed to ensure that such personal information is received, used, and maintained in accordance with applicable laws and to ensure that the privacy rights of individuals who are the subject of such information are adequately protected. This policy applies to all personal data received, used or maintained by the Commission, regardless of its source. This includes, but is not limited to, job applications and other personnel records, and information obtained from individuals via web sites, email, or other application forms that request personal data.
The following principles shall apply to the collection, use, maintenance,
and dissemination of personal data:
(a) “Personal data” is defined as information protected under the Information Practices Act of 1977 (Civil Code section 1798 et seq.). Personal data is information that identifies or describes an individual, and may include, but is not limited to, name, social security number, physical description, home address, home telephone number, marital status and dependent information, education, financial matters, and medical or employment history.
(b) Employees responsible for the collection, use, maintenance, and dissemination of personal data shall comply with the provisions of the Information Practices Act.
(c) Personal data may only be obtained through lawful means.
(d) The type of personal data requested must be relevant to the purpose(s) for which it is being collected. Employees shall not require individuals to disclose personal data that is not necessary and relevant to the lawful state function for which the employee is responsible.
(e) The purposes for which personal data is collected shall be specified at, or prior to the time of collection, and any subsequent use of the data shall be limited to and consistent with the fulfillment of those purposes previously specified.
(f) Personal data may not be disclosed, made available, or otherwise used for a purpose other than as specified, except with the consent of the subject of the data, or as permitted by law or regulation.
(g) Personal data shall be protected against loss, unauthorized access, use, modification, or disclosure by the following general means:
(i) Employees responsible for collection, use, maintenance, and/or dissemination of records containing personal data shall take all necessary precautions to assure that proper administrative, technical, and physical safeguards are established and followed in order to protect the confidentiality of records containing personal information, and to assure that such records are not disclosed to unauthorized individuals or entities. This shall include procedures to assure that any document or information released by the Commission to another’s custody (whether pursuant to a public records request, subpoena, or otherwise) is reviewed and, if necessary, that personal information is removed/redacted prior to release.
(iii) Any Commission employee with questions regarding collection, use, maintenance, and/or dissemination of personal data shall contact the Executive Director.
(h) Employees shall make every reasonable effort to see that inquiries
and requests by individuals for their personal records are responded to
quickly and without requiring the individual to repeat unnecessarily his
or her inquiry to others. Employees shall assist individuals who
seek information pertaining to them in making their inquiry sufficiently
specific and descriptive so as to facilitate locating the records requested.
Further, employees shall respond to inquiries from individuals and requests
from them to review, obtain copies of, and amend, correct, or dispute their
personal records, in a courteous and business-like manner, and in accordance
with Sections 1798.30 through 1798.44 of the Civil Code (or successor code
This policy shall be prominently posted in the Commission office and on the Commission’s web site. Copies of this policy shall be distributed to all employees and to contractors who, in the performance of their duties under contract with the Commission, have access to personal data collected by or on behalf of the State.
Formalized April 23, 2001