There is a newer version of the California Code
2007 California Government Code Chapter 5.7. Office Of Information Security And Privacy Protection
CA Codes (gov:11549-11549.6)
GOVERNMENT CODESECTION 11549-11549.6
11549. (a) There is in state government, in the State and Consumer Services Agency, the Office of Information Security and Privacy Protection. The purpose of the office is to ensure the confidentiality, integrity, and availability of state systems and applications, and to promote and protect consumer privacy to ensure the trust of the residents of this state. (b) The office shall be under the direction of an executive officer, who shall be appointed by, and serve at the pleasure of, the Governor. The executive officer shall report to the Secretary of State and Consumer Services, and shall lead the office in carrying out its mission. (c) The duties of the office, under the direction of the executive officer, shall include, but are not limited to, all of the following: (1) Provide direction for information security and privacy to state government agencies, departments, and offices, pursuant to Section 11549.3. (2) Administer constituent programs and the Office of Privacy Protection pursuant to Section 11549.5. 11549.1. As used in this chapter, the following terms have the following meanings: (a) "Executive officer" means the executive officer of the Office of Information Security and Privacy Protection. (b) "Office" means the Office of Information Security and Privacy Protection. (c) "Program" means an information security program established pursuant to Section 11549.3. 11549.2. (a) (1) Employees assigned to the security unit of the Office of Technology Review, Oversight, and Security within the Department of Finance, and the employees of the Office of Privacy Protection within the Department of Consumer Affairs are transferred to the office, within the State and Consumer Services Agency. (2) The status, position, and rights of any employee transferred pursuant to this section shall not be affected by the transfer. 11549.3. (a) The executive officer shall establish an information security program. The program responsibilities include, but are not limited to, all of the following: (1) The creation, updating, and publishing of information security and privacy policies, standards, and procedures for state agencies in the State Administrative Manual. (2) The creation, issuance, and maintenance of policies, standards, and procedures directing state agencies to effectively manage security and risk for all of the following: (A) Information technology, which includes, but is not limited to, all electronic technology systems and services, automated information handling, system design and analysis, conversion of data, computer programming, information storage and retrieval, telecommunications, requisite system controls, simulation, electronic commerce, and all related interactions between people and machines. (B) Information that is identified as mission critical, confidential, sensitive, or personal, as defined and published by the office. (3) The creation, issuance, and maintenance of policies, standards, and procedures directing state agencies for the collection, tracking, and reporting of information regarding security and privacy incidents. (4) The creation, issuance, and maintenance of policies, standards, and procedures directing state agencies in the development, maintenance, testing, and filing of each agency's operational recovery plan. (5) Coordination of the activities of agency information security officers, for purposes of integrating statewide security initiatives and ensuring compliance with information security and privacy policies and standards. (6) Promotion and enhancement of the state agencies' risk management and privacy programs through education, awareness, collaboration, and consultation. (7) Representing the state before the federal government, other state agencies, local government entities, and private industry on issues that have statewide impact on information security and privacy. (b) (1) Every state agency, department, and office shall comply with the information security and privacy policies, standards, and procedures issued pursuant to this chapter by the Office of Information Security and Privacy Protection. (2) Every state agency, department, and office shall comply with filing requirements and incident notification by providing timely information and reports as required by policy or directives of the office. (3) The office may conduct, or require to be conducted, independent security assessments of any state agency, department, or office, the cost of which shall be funded by the state agency, department, or office being assessed. (4) The office may require an audit of information security to ensure program compliance, the cost of which shall be funded by the state agency, department, or office being audited. (5) The office shall report to the office of the State Chief Information Officer any state agency found to be noncompliant with information security program requirements. 11549.4. The office shall consult with the State Chief Information Officer, the Office of Emergency Services, the Director of General Services, the Director of Finance, and any other relevant agencies concerning policies, standards, and procedures related to information security and privacy. 11549.5. There is hereby created in the office, the Office of Privacy Protection. The purpose of the Office of Privacy Protection shall be to protect the privacy of individuals' personal information in a manner consistent with the California Constitution by identifying consumer problems in the privacy area and facilitating the development of fair information practices in adherence with the Information Practices Act of 1977 (Chapter 1 (commencing with Section 1798) of Title 1.8 of Part 4 of Division 3 of the Civil Code). (b) The Office of Privacy Protection shall inform the public of potential options for protecting the privacy of, and avoiding the misuse of, personal information. (c) The Office of Privacy Protection shall make recommendations to organizations for privacy policies and practices that promote and protect the interests of the consumers of this state. (d) The Office of Privacy Protection may promote voluntary and mutually agreed upon nonbinding arbitration and mediation of privacy-related disputes where appropriate. (e) The Office of Privacy Protection shall do all of the following: (1) Receive complaints from individuals concerning any person obtaining, compiling, maintaining, using, disclosing, or disposing of personal information in a manner that may be potentially unlawful or violate a stated privacy policy relating to that individual, and provide advice, information, and referral, where available. (2) Provide information to consumers on effective ways of handling complaints that involve violations of privacy-related laws, including identity theft and identity fraud. If appropriate local, state, or federal agencies are available to assist consumers with those complaints, the office shall refer those complaints to those agencies. (3) Develop information and educational programs and materials to foster public understanding and recognition of the purposes of this article. (4) Investigate and assist in the prosecution of identity theft and other privacy-related crimes, and, as necessary, coordinate with local, state, and federal law enforcement agencies in the investigation of similar crimes. (5) Assist and coordinate in the training of local, state, and federal law enforcement agencies regarding identity theft and other privacy-related crimes, as appropriate. (6) The authority of the Office of Privacy Protection to adopt regulations under this article shall be limited exclusively to those regulations necessary and appropriate to implement subdivisions (b), (c), (d), and (e). 11549.6. This chapter shall not apply to the State Compensation Insurance Fund, the Legislature, or the Legislative Data Center in the Legislature Counsel Bureau.
Disclaimer: These codes may not be the most recent version. California may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.