4000 INFORMATION PRACTICES ACT OF 1977 (IPA)
The Information Practices Act of 1977 (IPA), Civil Code §1798 et seq. became effective July 1, 1978. In this department, the IPA applies to the records of PIT taxpayers, HRA claimants, and employees.
The Act requires state agencies to:
- Maintain only personal information that is relevant and necessary to accomplish the agency's purpose as required by law.
- Collect personal information directly from the individual who is the subject matter of the information, to the greatest extent practicable.
- Maintain the source(s) of the information, unless the source is the data subject or the individual has received a copy of the source document.
- Provide individuals with access to records pertaining to themselves, unless such records are exempt from disclosure under the IPA.
- Provide notice that includes the below items when collecting personal information directly from the individual:
- the name of the agency and division that is requesting the information; the title, business address and phone number of the agency official responsible for maintaining the information;
- the legal authority that allows the maintenance of the information;
- whether submission of information is mandatory or voluntary;
- the consequences of not providing the requested information;
- the principal purpose within the agency for which the information is to be used;
- any knowledge of foreseeable disclosures that may be made of the information;
- the individual's right of access to records containing personal information that are maintained by the agency.
- Maintain accurate, relevant, complete and timely files; and to ensure that information is not destroyed to avoid compliance with the IPA.
- Ensure that contractors, who operate or maintain records containing personal information, apply the requirements of this chapter.
- Establish rules of conduct for persons involved in the design, development, operation, disclosure, or maintenance of records containing personal confidential information.
- Establish appropriate and reasonable safeguards to ensure compliance with the provisions of the IPA and designate an employee responsible for that compliance.
- Notify residents whose personal information may have been breached in the most expedient time possible and without delay. Effective July 1, 2003 Civil Code sections 1798.29 and 1798.82 provide for disclosure to California residents of any security breach, or unauthorized acquisition of unencrypted computerized data, that compromises the security, confidentiality, or integrity of personal information. The types of data include name (first or initial and last name) plus one of the following: social security number, California drivers license number or financial account number, credit or debit card number (along with PIN or other access code).
Revenue and Taxation Code section 19570 provides that certain sections of the IPA (Civil Code sections 1798.35, 1798.36 and 1798.37, and Article 9 commencing with Civil Code section 1798.45) pertaining to amendment or correction of records shall not apply, directly or indirectly, to the determination of liability for taxes, penalties, interest, fines, forfeiture or other impositions under the tax laws.
Social Security Number Notification Requirements
When a state agency requests an individual's social security number (SSN), the Federal Privacy Act of 1974 (Public Law 93-579) requires the state agency to inform the individual of the following:
- Whether submission of the SSN is mandatory or voluntary;
- The legal authority that allows the agency to request the SSN;
- The purpose within the agency for which the SSN is to be used.
Each state agency has responsibility for the implementation of the IPA, monitoring compliance therewith, and providing guidance as needed.
Franchise Tax Board
The departmental Disclosure Officer is responsible for assuring compliance with the IPA, maintenance of related procedures, and coordinating exchanges of information with the IRS and other governmental agencies.
The IPA provides that certain files and material are exempt from access, including but not limited to the following:
- Specified information compiled for identifying individual criminal offenders and alleged offenders, for the purpose of a criminal investigation.
- Information contained in any record that could identify an individual and that is compiled at any stage of the process of enforcement of the criminal laws.
- Information maintained for the purpose of an investigation of an individual's fitness for licensure or public employment, or of a grievance or complaint, or a suspected civil offense, so long as the information is withheld only so as not to compromise the investigation, or a related investigation.
- Information relating to certain types of testing or examination that would compromise the objectivity of the process.
- Information of a medical or psychiatric nature, the disclosure of which, in the opinion of the agency, would be detrimental to the individual.
- Information relating to the settlement of claims for work-related illnesses or injuries that is maintained exclusively by the State Compensation Insurance Fund.
- Information that is required by law to be withheld from the individual to whom it pertains.
The following information will not be disclosed:
- Personal information relating to another individual, the disclosure of which would violate the person's privacy.
- Any confidential information that may be contained in a record containing personal information.
- Propriety information, such as monetary write-offs, criteria for audit selections, procedures to access and/or modify records within Franchise Tax Board computer systems, etc.
Fees for copies are as follows:
Tax Returns: $20.00 (unless a victim of a designated disaster)
Audio and visual tapes: the actual cost of the tape.
All Other Documents: 10 cents per page.