Privacy policy

Effective 5/23/17

The California Department of Technology, which runs CA.gov, is committed to promoting and protecting the privacy rights of individuals, as enumerated in Article 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal laws.

It is the policy of the Department of Technology to limit the collection and safeguard the privacy of personal information collected or maintained by the Department. The Department of Technology’s information management practices conform to the requirements of the Information Practices Act (Civil Code Section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, and other applicable laws pertaining to information privacy. This Privacy Policy only applies to the CA.gov website run by the Department of Technology.

“Personal information” is information about a natural person that identifies or describes an individual, including, but not limited to, his or her name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history, readily identifiable to that specific individual. A domain name or Internet Protocol address is not considered personal information; however, it is considered “electronically collected personal information.”

According to Government Code § 11015.5, “electronically collected personal information” means any information that is maintained by an agency that identifies or describes an individual user, including, but not limited to, his or her name, social security number, physical description, home address, home telephone number, education, financial matters, medical or employment history, password, electronic mail address, and information that reveals any network location or identity, but excludes any information manually submitted to a State agency by a user, whether electronically or in written form, and information on or relating to individuals who are users, serving in a business capacity, including, but not limited to, business owners, officers, or principals of that business.

“Electronically collected personal information” that we automatically collect includes your domain name or Internet Protocol address, and statistical information about which web pages you visit. If you voluntarily participate in an activity that asks for specific information (i.e., completing a request for assistance, personalizing the content of the website, sending an e-mail, or participating in a survey) more detailed data will be collected. If you choose not to participate in these activities, your choice will in no way affect your ability to use any other feature of the website.

If any type of personal information is requested on the website or volunteered by the users, it is governed by state law, including California Civil Code section 1798 et seq., Government Code 11015.5, the California Public Records Act, and the Federal Privacy Act. This information may become a public record once it is provided and except for electronically collected information, it may be subject to public inspection and copying if not otherwise protected by federal or state law.

The Department of Technology adheres to the following principles in connection with the collection and management of personal information:

  1. The Department of Technology collects personal information on individuals only as allowed by law. The Department limits the collection of personal information to what is relevant and necessary to accomplish its lawful purpose. For example, the Department may need to know an individual’s e-mail address or telephone number in order to answer the individual’s questions or in order to provide requested assistance.
  2. The Department of Technology does not collect home, business or e-mail addresses, or account information from persons who simply browse the CA.gov website. Personal information about individuals is collected through this website only if an individual provides such information to the Department voluntarily through e-mail, registration forms, or surveys, for example. This information will be used to facilitate in responding to the person or improve the content or navigation of the website or provide survey information to users. The information collected in this manner is not subject to requests made pursuant to the Public Records Act, and site visitors may request to have their information discarded without reuse or distribution.
  3. The Department of Technology uses Google Analytics to help improve the website. Google tracking cookies may be used to provide information to Google Analytics. Our website may use Google Analytics to track website statistics. Google tracking code used by every website or application that employs Google Analytics, stores information that identifies device IP addresses, but our website is anonymizing that information and only part of device IP addresses are being used. Consequently, no information identifying you or your device is being stored at Google via our utilization of Google Analytics implementation. You can find out more about Google Analytics anonymized IP addresses by clicking here.
  4. The Department of Technology’s use of your e-mail. You may choose to provide us with personal information, as in e-mail with a comment or question. We use the information to improve our service to you or to respond to your request. Sometimes we forward your e-mail to other State employees who may be better able to help you, and this staff may be employed by a different agency within the State. Except for authorized law enforcement investigations or, as required by law, we do not share our e-mail with any other organizations. We use your e-mail to respond appropriately. This may be to respond to you, to address issues you identify, to further improve our website, or to forward the e-mail to another agency for appropriate action. Submission of an email to the Department, the Department staff and/or communication through the website does not create any attorney-client or other privileged or confidential relationship. Accordingly, do not disclose any information to the Department that you wish to remain private or confidential.
  5. The Department of Technology provides people who provide personal information with an opportunity to review that information. Individuals, who provide personal information, are allowed to review the information and contest its accuracy or completeness.
  6. The Department of Technology uses personal information only as specified and consistent with those purposes; unless the Department obtains the consent of the subject of the information, or as required or allowed by law. The Public Records Act exists to ensure that California government is open and that the public has a right to have access to appropriate records and information possessed by many state and local government agencies. At the same time, there are exceptions that recognize the public’s right to access records. These exceptions serve various needs, including maintaining the privacy of individuals. In the event of a conflict between this Policy and the Public Records Act, the Information Practices Act or other law governing the disclosure of records, the applicable law will control.
  7. How the Department of Technology collects and uses your information. We do collect personal information directly from individuals who volunteer to use some of our services. Collection of this information is required to deliver the specific services, but use of these services is voluntary.
  8. How the Department of Technology protects your information. The Department, as developer and manager of this website, has taken several steps to safeguard the integrity of its telecommunications and computing infrastructure, including but not limited to authentication, monitoring, auditing. Security measures have been integrated into the design, implementation, and day-to-day practices of the entire State operating environment as part of its continuing commitment to risk management. This information should not be construed in any way as giving business, legal, or other advice, or warranting as fail proof, the security of information provided via the Department’s supported website. The technical standards governing security are enforced by the Department of Finance.

If you do nothing during your visit to the website but browse or download information, we automatically collect and store the following information about your visit:

  1. A partial Internet Protocol address and domain name is collected, but not the e-mail address. The partial Internet Protocol address is used to direct Internet traffic to you without identifying you individually and generate statistics used in the management of this website;
  2. The type of browser and operating system you used;
  3. The city and zip code you used it from;
  4. The date and time you visited this website;
  5. The web pages or services you accessed at this website;
  6. The website you visited prior to coming to this website;
  7. The website you visit as you leave this website, and;
  8. If you downloaded a form, the form that was downloaded.

The information we automatically collect or store is used to improve the content of our web services and to help us understand how people are using our services. This information does not identify you personally and is used for gathering website statistics. The information we automatically collect and store in our logs about your visit helps us to analyze our website to continually improve the value of the materials available. Our website logs do not identify a visitor by personal information, and we make no attempt to link other websites with the individuals that browse our website. Individuals have the right to have any electronically collected personal information deleted by the Department, without reuse or distribution. Individuals may request to have their electronically collected personal information deleted via the contact form reachable from the “Contact Us” link at the top and bottom of each page.

Electronically collected personal information is exempt from requests made under the Public Records Act.

Government Code § 11015.5 prohibits all state agencies from distributing or selling any electronically collected personal information, as defined above, about users to any third party without the permission of the user. The Department does not sell any “electronically collected personal information.” Any distribution of “electronically collected personal information” will be solely for the purposes for which it was provided to us.

The Department may provide or distribute certain lists and statistical reports of regulatory information as provided by law, but no personal information is sold or distributed, and all relevant legal protections still apply to the website.

The Department will provide additional explanations of this privacy policy, if requested. If any individuals have any further questions about this privacy policy, they are encouraged to contact the Department via email, by phone at (916) 319-9223, or by mail to:

California Department of Technology
1325 J Street, Suite 1600
Sacramento, CA 95814


The CA.gov privacy policy prior to 5/23/17 was as follows:

For details regarding CA.gov Privacy Policy, please see our Conditions of Use. The text below reflects general requirements for State departments.

Pursuant to Government Code Section 11019.9, all departments and agencies of the State of California shall enact and maintain a permanent privacy policy, in adherence with the Information Practices Act of 1977 (Civil Code Section 1798 et seq.), that includes, but not necessarily limited to, the following principles:

(a) Personally identifiable information may only be obtained through lawful means.

(b) The purposes for which personally identifiable data are collected shall be specified at or prior to the time of collection, and any subsequent use of the data shall be limited to and consistent with the fulfillment of those purposes previously specified.

(c) Personal data may not be disclosed, made available, or otherwise used for a purpose other than those specified, except with the consent of the subject of the data, or as required by law or regulation.

(d) Personal data collected shall be relevant to the purpose for which it is needed.

(e) The general means by which personal data is protected against loss, unauthorized access, use, modification, or disclosure shall be posted, unless the disclosure of those general means would compromise legitimate agency objectives or law enforcement purposes.

Each department shall implement this privacy policy by:

  • Designating which position within the department or agency is responsible for the implementation of and adherence to this privacy policy;
  • Prominently posting the policy physically in its offices and on its Internet website, if any;
  • Distributing the policy to each of its employees and contractors who have access to personal data;
  • Complying with the Information Practices Act (Civil Code Section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Section 11015.5, and all other laws pertaining to information privacy, and
  • Using appropriate means to successfully implement and adhere to this privacy policy.