CalPERS is committed to promoting and protecting the privacy rights of individuals, as enumerated in Article 1, Section 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal laws.
CalPERS policy limits the collection, use, and disclosure of personal information maintained by CalPERS, and applies safeguards to ensure its protection. CalPERS information management practices encompass the requirements of the Information Practices Act (Civil Code Section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, Assembly Bill 928, and other applicable laws pertaining to information confidentiality.
CalPERS follows these privacy principles when collecting, managing, and protecting your personal information:
We only obtain personal information through lawful means.
CalPERS collects personal information pursuant to Government Code (Section 20000, et seq.) and uses it for administration of the CalPERS Board’s duties under the Public Employees’ Retirement Law, the Social Security Act, and the Public Employees’ Medical and Hospital Care Act, as the case requires. Personal information is collected directly from you, your employer, or through our website, if the information was provided voluntarily. Any personal information CalPERS collects is essential to accomplish specified business purposes and is only retained for as long as necessary to fulfill those specified purposes. Failure to supply the information results in CalPERS inability to perform its business functions.
Personal information, as defined in the Information Practices Act, is information that identifies or describes an individual including name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history.
We do not collect addresses (home, business, or email) or account information from individuals browsing the CalPERS website.
CalPERS collects personal information about individuals through our website only if the individual provides such information to us voluntarily through our online services. The information that CalPERS website automatically collects includes the:
- Date and time when our website is visited
- Domain name or Internet Protocol address of the machine used to access our website
- Forms or publications that are uploaded
- Type of browser and operating system used
- Web page displayed when our website is left
- Web pages or services displayed
View the Privacy Notice.
We may use electronic “cookies,” in some areas of the CalPERS website, to improve the overall usability of the site.
CalPERS uses electronic cookies to collect and temporarily store various types of information. The cookies allow the programs to operate correctly and know where to return the business transaction results. Cookies created on your computer, from using our website, do not contain personal information and do not compromise confidentiality. CalPERS does not retain the information you enter and, once you leave the specific program, your information is deleted from our website database.
You can refuse the cookie or delete the cookie file from your computer by using any of the widely available methods. However, if you turn your cookies option off, some of our online services may not be accessible.
We specify the purpose for which personal information is collected at or before the time of collection.
Any subsequent use is limited to the fulfillment of purposes consistent with the previously specified purpose.
We use personal information only for the specified purposes, or purposes consistent with those purposes, unless we have gained consent from the individual, or unless required by law or regulation.
The Public Records Act ensures that government is open and that the public has a right to access appropriate records and information possessed by state government. However, at the same time, exceptions in both state and federal law limit the public's right to access public records. These exceptions serve various needs, including maintaining the privacy of individuals. In the event of a conflict between this policy and the Public Records Act, the Information Practices Act, or any other law governing the disclosure of records, the applicable law will control.
We inform those who provide personal information about their opportunity to review that information.
CalPERS allows individuals who provide personal information to review their information and contest its accuracy or completeness.
We use information security safeguards.
CalPERS uses information security safeguards to protect the personal information we collect and maintain against loss, unauthorized access, and illegal use or disclosure. Security measures are integrated into the design, implementation, and day-to-day operations of the entire CalPERS business environment. CalPERS protects the integrity of all communications and computing infrastructure by implementing password authentication, monitoring, auditing, and encryption of browser communications. Staff are trained on procedures for the management of personal information, including limitations on the release of information. Access to personal information is limited to staff whose work requires such access. Confidential information is destroyed according to the CalPERS records retention schedule and periodic reviews are done to ensure that proper information management policies and procedures are understood and followed.
CalPERS encourages all individuals to use appropriate safeguards to secure their personal computers and the information on those computers as well.
Knowledge Based Authentication
When completing a transaction in my|CalPERS, you may be asked to answer a set of security questions unique to you. This is known as knowledge-based authentication, or KBA, and it's one of the measures we use to keep your account secure.
We've partnered with LexisNexis Risk Solutions to provide KBA services. Security questions are developed using intelligent algorithms and billions of consumer records.
If you would like to order copies of the information that LexisNexis maintains and uses to create consumer reports about you, visit Access Your Full File Disclosure. If you have received your file, and find it contains incorrect or incomplete information, you have the right to file a dispute. Learn How to Dispute Information.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, a federal law, gives you rights over your protected health information (PHI) and sets rules and limits on who can look at and receive your PHI. HIPAA allows the disclosure of PHI needed for patient care and other important purposes. The Security Rule, a federal law that protects health information in electronic form, requires CalPERS to ensure that electronic protected health information is secure. We will only use and disclose such information as stated in the CalPERS Notice of Privacy Practices (PDF).
For More Information
Information Security and Privacy Officer
400 Q Street
Sacramento, CA 95811