Government Code Section 11019.9 became effective on January 1, 2001 and requires all departments and agencies of the State of California to enact and maintain a permanent privacy policy. The Sierra Nevada Conservancy sets forth the following privacy policy in compliance with Government Code Section 11019.9 and the Information Practices Act of 1977 (Civil Code Section 1798 et seq.).
Personal Information: Definition and Requirement to Obtain Lawfully
The Sierra Nevada Conservancy may collect and maintain personal information only through lawful means. All SNC employees who collect and/or maintain personal information strive to comply with the provisions of the Information Practices Act. “Personal information” includes, but is not limited to any information that identifies or describes an individual, including their name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history. Personal information also includes statements made by, or attributed to, the individual. Specifically, it includes information acquired through job applications and employee personnel files, grant applications, contracts for services from individuals, internet mailing lists, and public comments or questions via mail or electronic mail.
SNC may gather and maintain information voluntarily submitted in electronic and/or paper format. This data may include personal and health/mental information needed to carry out official responsibilities in human resources, including but not limited to examinations, certification, payroll, benefits, and service wide training. When personal information is requested, the purpose for the request at, or prior to, the time of collection will be specified in a privacy notice included on or with the form used to collect personal information. Any information acquired, including information collected on SNC’s websites, depends on the limitations described in the Information Practices Act of 1977 (see Civil Code section 1798 and following).
Restrictions on Collection and Use of Personal Information
The purposes for which the SNC may collect personal information will be specified at or prior to the time such information is collected. The personal information collected is relevant to the purpose for which it is needed. Any subsequent use of the information will be limited to and consistent with the fulfillment of those purposes previously specified.
The SNC will not disclose, use for any purpose other than as specified at the time it was collected, or make available any personal information collected, except with the written consent of the subject of the information or as otherwise permitted by law or regulation.
Website Information
When a user visits SNC’s website, they should be aware that during the data linking of their computer to SNC’s website, a “cookie” may be created. Temporary cookies may be used when necessary to complete a transaction, to process data submitted to SNC online, to facilitate an ongoing Internet interaction, or to understand trends in the use of the website. Using web browser settings, users can refuse the cookies, or delete the cookie file from their computer by using any of the widely available methods. Keep in mind that each browser has its own method for removing cookies.
When an individual visits SNC’s Website, transaction log information is collected, which includes: the domain name or Internet Protocol address, browser software used, requests submitted to SNC’s web-servers, date and time the website was accessed, and statistical information about which web pages were visited. This information is defined as electronically collected information, under Government Code § 11015.5. Under this code, an individual may have any personal information collected about them discarded without reuse or distribution, provided SNC is contacted in a timely fashion. To request that transaction log information be discarded, see the contact information below.
If an individual voluntarily participates in an activity that asks for specific information (e.g., completing a request for assistance, personalizing the content of the website, sending an e-mail, or participating in a survey), more detailed data may be collected. If a user chooses not to participate in these activities, that choice will in no way affect their ability to use any other feature of the website.
Transaction log information will be disclosed to SNC staff in order to help manage and improve the website. This information is used only for internal purposes, allowing staff to measure the number of visitors to the different sections of the website and to help improve the website for future visitors.
Protection of Personal Information
SNC strives to protect personal information against loss, unauthorized access, use, disclosure, modification, or transfer. The SNC employees responsible for the collection, use, maintenance, and/or dissemination of records containing personal information are trained to take appropriate precautions, including but not limited to authentication, monitoring, auditing, and encryption to ensure that proper administrative, technical, and physical safeguards are established and followed in order to protect the confidentiality of such information. Employees are trained to remove or redact personal information when data disclosures are necessary.
Individuals have a right to access information about themselves and may request a correction of any inaccuracies. The request should include as much information as possible to assist staff in identifying individual’s records. If requestor is legally entitled to inspect these records, access will be provided within 30 days after receiving the request, or 60 days if the records are inactive. In order to request access or correction of such information, see the contact information below.
How Personal Information is Protected
If any type of personal information is collected on SNC’s website or volunteered by the user, state law, including the Information Practices Act of 1977, Government Code Section 11015.5, and the federal Privacy Act of 1974, require that it must be protected.
Sierra Nevada Conservancy will not distribute or sell any electronically collected personal information about users to any third party. It should be noted that electronically collected personal information is exempt from requests made under the California Public Records Act.
SNC will collect and maintain electronic and paper files in a manner that protects against loss or unauthorized access, use, modification, or disclosure. Security technologies are used to protect all forms of personal information from unauthorized viewing or corruption, by either internal or external sources.
SNC secures confidential information against unauthorized access, use, or theft by educating its employees on the importance of protecting privacy and personal information, and by limiting access to employees who have a business need to use such information.
Retention of Information
Personal information is kept for as long as necessary to fulfill SNC’s business needs unless required to keep it longer by statute or official policy. When no longer required, records with personal information will be destroyed securely and confidentially.
Responsible Official and Contact Information
The Chief of Administrative Services of the Sierra Nevada Conservancy is responsible for the overall implementation and enforcement of this privacy policy. Questions, comments or complaints regarding this privacy policy or requests for personal information access, correction, or deletion should be addressed to: privacy@sierranevada.ca.gov. Requests should include as much information as possible to assist staff in identifying specific records. If requestor is legally entitled to inspect these records, staff will provide access within 30 days after receiving your request, or 60 days if the records are inactive.