Dept. of Industrial Relations logo

Data Collection and Use Statement

Also Referred to as DIR’s Privacy Policy
Effective October 15, 2014 and Subject to Revision

 

Who is the California Department of Industrial Relations?

The Department of Industrial Relations is the umbrella entity for the following divisions:

In addition to those divisions, there are several boards and commissions that deal with issues related to employment and the workplace, including the Workers’ Compensation Appeals Board (“WCAB”); the Occupational Safety and Health Appeals Board (“OSHAB”); the Occupational Safety and Health Standards Board (“OSHSB”); the Industrial  Welfare Commission (“IWC”); and the Commission on Health and Safety and Workers’ Compensation (“CHSWC”). Also, the department’s Office of Policy, Research and Legislation resides within the Director’s Office.

 

The Department Collects Information

Each division within the department collects, uses and shares different types of information in order to perform its public mandate. A division may use personal, confidential, and/or proprietary information:

  • As defined by California’s Information Practices Act or “IPA” (codified at Civil Code Section 1789 et seq.), personal information is information maintained by an agency that describes an individual. It includes an individual’s name, address, date of birth, Social Security number, wages, and health information. The type of personal information used and collected by the Department of Industrial Relations varies by division. For example, the Division of Apprenticeship Standards collects an individual’s name, and his or her apprenticeship certification status. Notices posted on each division’s webpage, and on the forms used to collect personal information provide the authority for such collection, and indicate how the division will use the information. While the IPA requires a public agency to maintain the confidentiality of an individual’s personal information, it also sets forth the circumstances under which an agency may share or disclose personal information. Those circumstances include when the sharing is required by another law, or the disclosure is compelled by a court order. Note that, as allowed by the IPA and other laws, the department may share the personal information it collects about individuals with other government agencies for general law enforcement purposes.
  • Some of the information collected and maintained as a record by the department must be made available to the public under California’s Public Records Act or “PRA” (codified at Government Code Section 6250 et seq.). In general, the Public Records Act requires agencies to disclose a record unless it comes within an exception to that requirement. For example, information collected and maintained by the department that federal or state law designates “confidential” is exempt from disclosure. The Public Records Act outlines categories of confidential information, and provides a list of specific records and types of information exempt from disclosure.
  • Proprietary information is information owned by a private party. Proprietary information may describe or identify a unique business process or method. An example of proprietary information used by the department is the elevator design specifications required by the Division of Occupational Safety and Health when it reviews an elevator operating permit.
  • Two of the department’s divisions, Workers’ Compensation (“DWC”) and Occupational Safety and Health (“DOSH”), collect, use and maintain information that includes personal health information. For example, claims administrators file reports of injured workers with DWC, and DOSH inspectors report on workers’ injuries when they investigate industrial accidents. DWC and DOSH protect the confidentiality of the personal health information they collect and use as required by laws that include the Information Practices Act (see above) as well as provisions of California’s Government and Labor Codes. The department and its divisions are not subject to the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).   

Whether and how a division may use, share or disclose particular information is determined by applicable laws and policies. For example, California law prohibits the Department of Industrial Relations from selling individuals’ personal information, and United States law governs how the department may use an individual’s tax information. Other laws require the department to either share or disclose certain information. For example, the department must provide information about business license applicants to California agencies that enforce the unemployment insurance laws. Also, once a matter on which the department has collected information becomes the subject of a public proceeding (such as the adjudication of a workers’ compensation claim), that information typically becomes available to the public.

 

The Department’s Policy on Data Collection and Protection (Privacy)

In addition to complying with information protection laws and regulations, the department adheres to the following practices:

  • The department does not collect personal information from users of its websites. The department does not use cookies or other electronic tools to identify users, or to track or monitor the online behavior of specific visitors to its website. The department does utilize Google Analytics, however, to capture information about the number of users to its website for purposes of understanding how people use the website, determining what pages are most and least visited, and identifying technical problems with the website. The department does not sell or share Google Analytics’ data about its website. Please refer to Google’s website, www.google.com, for information about Google Analytics and Google’s practice of collecting IP addresses (the unique address of the computer you use to visit the department’s website). You can prevent Google Analytics from capturing information about your use of the web, including your use of the department’s website, by following the instructions provided here. Last, please note that while the department maintains a server log to track information about website usage not gathered by Google Analytics, such information does not include personal information as defined under Government Code Section 11015.5 or the Information Practices Act (Civil Code Sec. 1798 et seq.). 
  • The department does not sell or share email addresses of members of the public who contact the department through public (electronic) mailboxes. When public questions or comments are part of rulemaking, however, the department is required by law to maintain records of those communications. Questions or comments that are part of the rule-making process become part of the public record, and may be reviewed by anyone upon request.
  • The department safeguards information through employee training and discipline.  All department employees must take privacy and data protection training upon hiring, and annually thereafter.  All employees must sign the department’s Electronic Information/Communication Policy, which outlines their obligations regarding use of the department’s computers and computer network.  In addition, certain employees are required to sign confidentiality statements in order to have access to, and use personal, confidential or proprietary information provided to the department by another agency or entity. The department recognizes any breach of confidentiality obligations by an employee as grounds for discipline, up to and including termination of employment.
  • The department minimizes risks to personal, confidential and proprietary information through a combination of workplace guidelines and technology. The department regularly reviews both guidelines and technological resources to ensure that it is taking reasonable and appropriate measures to provide the most protection possible for information it collects, uses, and shares.  
  • The department collects the minimum amount of personal information necessary to accomplish its mandate. The best way to protect against the misuse, or loss of personal information is to not collect it in the first place. The department reviews its data collection practices in an effort to limit the personal information it collects.

 

Learn More

The department encourages you to learn more about the laws governing the use and disclosure of personal, confidential and proprietary information. The website for the California Department of Justice’s Privacy Enforcement and Protection Unit identifies a number of resources. In the right margin of the unit’s home page, under “Legislation and Law,” you will find a link to “California and Federal Laws.” By clicking on that link, you will be taken to a descriptive list of many privacy and data protection laws. California’s Information Practices Act of 1977 and Public Records Act are two of the most significant data collection and protection laws governing public agencies, including the department and its divisions. Click on the following links for the text of those laws:

 

Your Right to Your Information

Under the Information Practices Act, you have the right to access records containing your personal information maintained by the Department of Industrial Relations, and to ask the department to correct any inaccurate information about you in those records. (Civil Code Section 1798.32.) To make an access or correction request, please write to Privacy@DIR.ca.gov, or call the department division that maintains records containing your personal information. Telephone numbers for each division may be found on the department’s website at www.dir.ca.gov.

 

Contact the Department

If you have questions, complaints or comments about the department’s collection, use and protection of personal information, please contact the department by sending an email to Privacy@DIR.ca.gov.