Privacy Information for State Government

Topics on this page

This page provides resources for California state government agencies on privacy practices and policies for protecting personal information.

Also see our Frequently Asked Questions regarding risk management and privacy

State Employee Privacy Training

Protecting Privacy in State Government, Basic Training for State Employees

Privacy Inventory and Data Classification

Data Classification and Privacy Inventory
These materials were provided to departmental Information Security Officers and others at workshops conducted in November 2005.

Security Breach Reporting and Notification

Security Breach Reporting and Notification Requirements for State Agencies

  • Security Incident Reporting Steps - California Information Security Office
  • SIMM 5340C Requirements to Respond to Incidents Involving a Breach of Personal Information (pdf, 1mb)
    • Appendix A – Breach Response and Notification Assessment Checklist (.doc, 230k)
    • Appendix B – Sample Breach Notice: Social Security Number Only (.doc, 33k)
    • Appendix C – Sample Breach Notice: Driver’s License or California ID Card Number Only (.doc, 30k)
    • Appendix D – Sample Breach Notice: Credit Card or Financial Account Number Only (.doc, 29k)
    • Appendix E – Sample Breach Notice: Medical Information Only (.doc, 31k)
    • Appendix F – Sample Breach Notice: Health Insurance Information Only (.doc, 32k)
    • Appendix G – Sample Breach Notice: Hybrid for SSN and Health Information (.doc, 33k)
Recommended Practices on Notice of Security Breach Involving Personal Information (California Office of Privacy Protection, Office of the Attorney General)

The California Office of Information Security (Office) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.

Last Updated: Thursday, September 18, 2014