Government, State Agencies, and Privacy in California
How is a state agency defined under the law?
Under Cal. Govt. Code § 11019.9, a state agency is defined as “every state office, officer, department, division, bureau, board, and commission or other state body or agency, except those agencies provided for in Article IV (except Section 20 thereof) or Article VI of the California Constitution”, while a public agency is defined as “any state or local agency.” Alternatively, the law defines public records “any writing containing information relating to the conduct of the public’s business prepared, owned, used, or retained by any state or local agency regardless of physical form or characteristics. “Public records” in the custody of, or maintained by, the Governor’s office means any writing prepared on or after January 6, 1975.”
What are the duties of state agencies under the law?
Cal. Govt. Code § 11019.9 mandates that state departments and agencies within California take the following steps and measures necessary to maintain the confidentiality and security of personally identifiable information pertaining to residents within the state. These steps and measures include:
- State agencies are only authorized to collect personal information through lawful means.
- When collecting personal information, state agencies are required to provide individuals with details regarding the purpose for the collection of said collection. Furthermore, the use of information for any purpose other than the purpose that was specific at the time of collection is strictly prohibited.
- State agencies are only permitted to disclose the personal information of California residents in accordance with the provided consent of a resident.
- Personal data must be relevant and limited in relation to the purpose for which it was collected.
State agencies are responsible for making their data protection policies and measures available to the general public. More specifically, such information must be conspicuously posted on a state agency’s website.
What data elements are protected under the law?
Under Cal. Govt. Code § 11019.9, the data elements concerning citizens within the state that are legally protected from unauthorized disclosure include but are not limited to:
- Real names or aliases.
- Postal addresses.
- Drivers licenses.
- Passport information.
- Personal signatures.
- IP addresses.
- Search history.
- Browsing history.
- Biometric data.
- Financial information.
- Medical information.
- Demographic information.
- Educational information
Privacy compliance and redaction
When looking to fulfill a public record request in order to maintain compliance with legislation such as Cal. Govt. Code § 11019.9, departments and agencies within the state will inevitably be faced with a dilemma. While they must comply with such requests, on one hand, they must also maintain the integrity and confidentiality of said information on the other. To combat this issue, state agencies can look to automatic redaction software programs. Using these programs, state agencies can redact specific categories of personal information, such as driver’s licenses, biometric data, and credit and debit card numbers, in an effort to guarantee that such information does not fall into the hands of cybercriminals or other bad actors within society.
Within the past 10 years, the state of California has passed a wide range of data privacy legislation. Whether it be in the form of the landmark California Privacy Rights and Enforcement Act of 2020 (CCPA) or the California Online Privacy Protection Act (CalOPPA), few states within the U.S. have gone to such great lengths to protect the privacy and personal information of their respective residents. To this point, Cal. Govt. Code § 11019.9 protects the privacy of California residents in regard to the accessing of public records and information, providing them with the ability to view such records without having their privacy infringed upon.