INDIVIDUAL ACCESS TO PERSONAL INFORMATION - 5310.4
Policy: Each state entity shall ensure individuals are provided with information about their access rights and the procedures for exercising those rights.
Individuals Right to Access
Each state entity Privacy Program Coordinator shall publish procedures for individuals to follow in exercising their rights to access records held by the state entity which contain their personal information. Such rights include the right to inquire and be informed as to whether the state entity maintains a record about the individual and the right to request a correction of or an amendment to their personal information. Such procedures shall be made available online if the state entity has a website, and shall otherwise comply with the Privacy Individual Access Standard (SIMM 5310-B).
Personal Information in Public Records
Each state entity head shall include in the state entity’s procedures for access to public records, a provision requiring the redaction of personal information prior to allowing inspection or releasing records in response to a California Public Records Act request.
Mailing Lists
Upon written request of an individual, an information asset owner maintaining a mailing list shall remove the individual's name and contact information from such list, unless such name and contact information is exclusively used by the state entity to directly contact the individual. Information asset owners shall inform individuals, in the requisite Privacy Notice on Collection forms used to collect personal information, of their right to have their information removed from such mailing lists.
Implementation Controls: NIST SP 800-53: Personally Identifiable Information Processing and Transparency (PT), and SIMM 5310-B
Revisions
No Revisions for this item.