Data Collection and Use Statement
Topics covered in this section:
Effective November 30th, 2016 and Subject to Revision
What is the California Department of Industrial Relations?
The Department Collects Information
The Department’s Policy on Data Collection and Protection (Privacy)
Your Rights to Your Personal Information
Contact the Department
The Department of Industrial Relations is the umbrella entity for the following divisions:
- Apprenticeship Standards
- Labor Standards Enforcement (California Labor Commissioner’s Office)
- Occupational Safety and Health (CalOSHA)
- Office of Self-Insurance Plans
- Workers’ Compensation, including Return to Work
In addition to those divisions, there are several boards and commissions that deal with issues related to employment and the workplace, including the Workers’ Compensation Appeals Board (“WCAB”); the Occupational Safety and Health Appeals Board (“OSHAB”); the Occupational Safety and Health Standards Board (“OSHSB”); the Industrial Welfare Commission (“IWC”); and the Commission on Health and Safety and Workers’ Compensation (“CHSWC”). Also, the department’s Office of Policy, Research and Legislation resides within the Director’s Office.
Each division within the department collects, uses and shares different types of information in order to perform its public mandate. A division may use personal, confidential, and/or proprietary information:
- As defined by California’s Information Practices Act or “IPA” (codified at Civil Code Section 1789 et seq.), personal information is information maintained by an agency that describes an individual. It includes an individual’s name, address, date of birth, Social Security number, wages, and health information. The type of personal information used and collected by the Department of Industrial Relations varies by division. For example, the Division of Apprenticeship Standards collects an individual’s name, and his or her apprenticeship certification status. Notices posted on each division’s webpage, and on the forms used to collect personal information provide the authority for such collection, and indicate how the division will use the information. While the IPA requires a public agency to maintain the confidentiality of an individual’s personal information, it also sets forth the circumstances under which an agency may share or disclose personal information. Those circumstances include when the sharing is required by another law, or the disclosure is compelled by a court order. Note that, as allowed by the IPA and other laws, the department may share the personal information it collects about individuals with other government agencies for general law enforcement purposes.
- Some of the information collected and maintained as a record by the department must be made available to the public under California’s Public Records Act or “PRA” (codified at Government Code Section 6250 et seq.). In general, the Public Records Act requires agencies to disclose a record unless it comes within an exception to that requirement. For example, information collected and maintained by the department that federal or state law designates “confidential” is exempt from disclosure. The Public Records Act outlines categories of confidential information, and provides a list of specific records and types of information exempt from disclosure.
- Proprietary information is information owned by a private party. Proprietary information may describe or identify a unique business process or method. An example of proprietary information used by the department is the elevator design specifications required by the Division of Occupational Safety and Health when it reviews an elevator operating permit.
- Two of the department’s divisions, Workers’ Compensation (“DWC”) and Occupational Safety and Health (“DOSH”), collect, use and maintain information that includes personal health information. For example, claims administrators file reports of injured workers with DWC, and DOSH inspectors report on workers’ injuries when they investigate industrial accidents. DWC and DOSH protect the confidentiality of the personal health information they collect and use as required by laws that include the Information Practices Act (see above) as well as provisions of California’s Government and Labor Codes. The department and its divisions are not subject to the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
Whether and how a division may use, share or disclose particular information is determined by applicable laws and policies. For example, California law prohibits the Department of Industrial Relations from selling individuals’ personal information, and United States law governs how the department may use an individual’s tax information. Other laws require the department to either share or disclose certain information. For example, the department must provide information about business license applicants to California agencies that enforce the unemployment insurance laws. Also, once a matter on which the department has collected information becomes the subject of a public proceeding (such as the adjudication of a workers’ compensation claim), that information typically becomes available to the public.
In addition to complying with information protection laws and regulations, the department adheres to the following practices:
- The department does not sell or share email addresses of members of the public who contact the department through public (electronic) mailboxes. When public questions or comments are part of rulemaking, however, the department is required by law to maintain records of those communications. Questions or comments that are part of the rule-making process become part of the public record, and may be reviewed by anyone upon request.
- The department safeguards information through employee training and discipline. All department employees must take privacy and data protection training upon hiring, and annually thereafter. All employees must sign the department’s Electronic Information/Communication Policy, which outlines their obligations regarding use of the department’s computers and computer network. In addition, certain employees are required to sign confidentiality statements in order to have access to, and use personal, confidential or proprietary information provided to the department by another agency or entity. The department recognizes any breach of confidentiality obligations by an employee as grounds for discipline, up to and including termination of employment.
- The department minimizes risks to personal, confidential and proprietary information through a combination of workplace guidelines and technology. The department regularly reviews both guidelines and technological resources to ensure that it is taking reasonable and appropriate measures to provide the most protection possible for information it collects, uses, and shares.
- The department collects the minimum amount of personal information necessary to accomplish its mandate. The best way to protect against the misuse, or loss of personal information is to not collect it in the first place. The department reviews its data collection practices in an effort to limit the personal information it collects.
The department encourages you to learn more about the laws governing the use and disclosure of personal, confidential and proprietary information. The website for the California Department of Justice’s Privacy Enforcement and Protection Unit identifies a number of resources. http://oag.ca.gov/privacy In the right margin of the unit’s home page, under “Legislation and Law,” you will find a link to “California and Federal Laws.” By clicking on that link, you will be taken to a descriptive list of many privacy and data protection laws. California’s Information Practices Act of 1977 and Public Records Act are two of the most significant data collection and protection laws governing public agencies, including the department and its divisions. Click on the following links for the text of those laws:
- Information Practices Act of 1977 – California Civil Code Section 1798 et seq.
- Public Records Act – Government Code Section 6250 et seq.
Under the Information Practices Act, you have the rights to inspect DIR records containing your personal information; to obtain an accounting of disclosures of your DIR record(s); and to request that the department correct any personal information about you in a DIR record. (Civ. Code, §§ 1798.25, 1798.34, 1798.35) For more information about those rights, or to make an access, accounting, or correction request, please write to Privacy@DIR.ca.gov, or call the department division that maintains records containing your personal information. Telephone numbers for each division may be found on the department’s website at www.dir.ca.gov.
If you have questions, complaints or comments about the department’s collection, use and protection of personal information, please contact the department by sending an email to Privacy@DIR.ca.gov.