It is the policy of the California Department of Tax and Fee Administration(CDTFA) that information which can be identified with a particular person ("personally identifiable information") is only obtained through lawful means and that the collection, use, retention, disclosure, and destruction of such information is in compliance with state privacy laws.
Personally identifiable information is collected by the CDTFA for purposes of administering the tax and fee programs set forth in the Revenue and Taxation Code. Personally identifiable information regarding CDTFA employees is also collected, for purposes of personnel administration. When the CDTFA collects personally identifiable information, it provides the notice required by Civil Code section 1798.17 of the Information Practices Act which includes the purposes for which the information will be used. Any personally identifiable information that is collected must be relevant to the purpose for which it is collected.
Any subsequent use of personally identifiable information shall be limited to the fulfillment of purposes consistent with those purposes previously identified. Personally identifiable information shall not be disclosed, made available, or otherwise used for purposes other than those specified, without the consent of the subject of the information, or as authorized by law. As disclosed in the notice provided by the CDTFA in compliance with Civil Code section 1798.17, information collected by the CDTFA may be exchanged with or provided to other entities as authorized by law.
Information security awareness training is provided to all CDTFA employees. CDTFA employees and contractors are also required annually to review the pamphlet Information Security Requirements for Employees with Access to Confidential Information and to sign a Confidentiality Statement (CDTFA-4). Access to personally identifiable information is restricted to persons who have an appropriate business need for the information. Information and physical security policies and procedures are in place at the CDTFA to protect personally identifiable information from theft, unauthorized access, use, modification or disclosure. Internal review of CDTFA policies and procedures is conducted to ensure that adequate safeguards for information security are in place.
Questions regarding this policy should be directed to the California Department of Tax and Fee Administration Privacy Officer at 916-309-1862.
In compliance with Government Code section 11015.5, the California Department of Tax and Fee Administration(CDTFA) is making this Privacy Notice concerning personal information electronically collected on the CDTFA web site available to the public. The only personal information that is collected on the CDTFA web site is the IP (Internet Protocol) address of those visiting the site. The IP address is the unique Internet Protocol address of the web site visitor. The IP address will sometimes be masked by a proxy or other such equipment that connects the user to the Internet through their Internet Service Provider. Registration of a visitor's IP address in the web log of the host server is standard among all web servers. the CDTFA may use the IP address to monitor the usage of its web site.
Additionally, when a visitor accesses the CDTFA web site, a session ID is stored in a cookie on the visitor's PC. A cookie is simply a packet of information that is stored on the user's computer. The session ID stored in the cookie upon visiting the CDTFA site is randomly generated and is not being used or redistributed by the CDTFA. The session ID does not contain any information about the visitor and is merely a default functionality of the software used to create the CDTFA web site. The cookie will remain stored on the visitor's hard drive until such time as the visitor manually removes the cookie.
The CDTFA does not distribute or sell electronically collected personal information nor does the CDTFA reuse the IP address information. the CDTFA does not electronically collect any other personal information on the CDTFA web site.
Any information acquired by CDTFA is subject to the limitations set forth in the Information Practices Act of 1977 (beginning with Section 1798 of the Civil Code). Electronically collected personal information is exempt from requests made pursuant to the California Public Records Act (beginning with Section 6250 of the Government Code).