Privacy Policy

Introduction

The Department of Human Resources is committed to the privacy of your personal information. Our policies regarding personal information collected and managed by our department are governed by law, including the  Information Practices Act of 1977 (Civil Code section 1798 and following)..

For more information about California law that governs your privacy, visit California Law Civil Code Section 1798 and following. For additional details, please read our Conditions of Use

Information we maintain

We gather and maintain the information you voluntarily submit in electronic and/or paper format. This data may include personal and health/mental information we need to carry out our official responsibilities in human resources, including but not limited to examinations, certification, payroll, benefits, and service wide training. 

Information we collect

Cookies

When you visit our site, we send a small piece of information called a cookie to your computer. The main purpose of this cookie is to keep your visit to our site as seamless as possible and to make sure you are logged off when you have left your session idle for too long. The cookies generally contain asystem generated session id with the date and time. Cookies do NOT include any personal identifiable information (PII) and are only active when youlogin to our site and are immediately discarded from our servers upon logout or when you are automatically logged out due to inactivity.

The cookies will remain on your computer unless you delete them. You can manage your cookies by accessing your browser's preferences menu in order to prevent them from being placed on your computer or to delete them from your computer. However, you should be aware that some websites may not work properly if you choose to block the placement of cookies on your computer.

Web Server Logs

Each time you visit our website, information about your visit (see list below) is captured in a web server log file. The information collected in the web server log file is discarded every 30 days and is only used for general reporting metrics and auditing purposes.

Electronically collected personal information is not subject to disclosure under the California Public Records Act (Government Code Section 6254.20) and website visitors may request to have their information discarded without reuse or distribution. Please contact the Privacy Officer (contact information below) for such requests.

This table lists out what information is collected and the definitions of what those data are.
Information Definition
Date Date of visit.
Time Time of visit.
Client IP Address Your Internet Protocol address – Your computer’s address.
Server IP Address Internet Protocol address of our Web server – Our server’s address.
Server Port Our server port number configured for the service.
Referrer Uniform Resource Locator (URL) of the Web page that sent the requested file.
URI Stem Uniform Resource Identifier(URI) that is the target of your action.
URI Query Query, if any, that you were trying to perform.
Win 32 Status Windows status Code.
HTTP Hyper Text Transfer Protocol – Software that runs the Web.
HTTP Status Codes that indicate the condition of the request, report errors, and other necessary information (e.g., “404 Requested Page Not Found”).
HTTP Substatus Codes that further narrow down the condition of the request.
HTTP Request URL          The address of the Web page or file you requested
Method The HTTP method used in your request.
Bytes Sent Amount of data you downloaded during your visit.
Bytes Received Amount of data you uploaded during your visit.
Time Taken Length of time your transaction took, in milliseconds.
User Agent Name and version of your Web browser or other software that requested information from us.
Protocol Version Version of HTTP used by your Web browser.
Host Host header name, if any.
User Agent The browser that you are using.
Username Your username when you login.
Cookie A small text file, primarily used to keep session state for the visitor. We limit our use of cookies as stated above.

What we do with your information

When we request personal information, we specify what it will be used for and under what legal authority we’re requesting it. We will specify the purpose for the request at, or prior to, the time of collection in a privacy notice included on or with the form used to collect personal information. Any information we acquire, including information collected on our websites, depends on the limitations described in the Information Practices Act of 1977 (see Civil Code section 1798 and following).

We will not disclose, make available, or otherwise use your personal information for purposes other than those specified, except with your consent or as authorized by law or regulation. We will not distribute or sell any of your electronically or non-electronically collected personal information to any third party without your written consent, unless required by law. 

How we respond to Do Not Track Signals

We currently do not do anything with the Do Not Track (DNT) signals. Since our sites merely track your visit for session management purposes, we ignore DNT signals.

How we protect your personal information

We collect and maintain our electronic and paper files in a manner that protects against loss or unauthorized access, use, modification, or disclosure.

We use security technologies to protect all forms of your information on our entire website from unauthorized viewing or corruption, by either internal or external sources. We use Transport Layer Security (TLS)/Secure Socket Layers (SSL) encryption on all web pages to make our website more secure.

We secure your confidential information against unauthorized access, use, or theft by educating our employees on the importance of protecting your privacy and personal information, and by limiting access to employees who have a business need to use your information.

Retention of information

We keep your personal information for as long as necessary to fulfill our business needs unless we are required to keep it longer by statute or official policy.

Access to your personal information

You have the right to inspect the personal information we maintain about you and to request we correct errors. We correct your personal information when we establish more accurate or complete facts and if permitted by law.

Please contact the Privacy Officer (contact information below) to see records containing personal information about you, or request corrections to these records. Your request should include as much information as possible to assist us in identifying your records. If you are legally entitled to inspect these records, we will provide access within 30 days after receiving your request, or 60 days if the records are inactive.

We may charge you ten cents per page if you request copies.

For more information about your right to inspect records containing your personal information, refer to Civil Code Section 1798 and following.

It is a misdemeanor to request personal information from a State agency under false pretenses, resulting in a fine up to $5,000 and/or one year in prison (Civil Code Section 1798.56).

Links to other websites

Our website includes links to other websites. We provide these links as a convenience. Additionally, some applications are hosted through third parties and we use the third party data storage facilities such as the Savings Plus Program (SPP). Please read the privacy policy on any website that collects your personal information.

Notification of changes

We may revise our privacy policy. We will prominently post any revision on our website 30 days before implementations.

If you have any questions or concerns about this policy

Contact our Privacy Officer by writing to:

California Department of Human Resources

Attn: Privacy Officer

1515 S St. Suite 400N

Sacramento, CA 95811

Revision Date: 10/2015

Print version

Privacy Policy (PDF)