CalPERS is committed to promoting and protecting the privacy rights of individuals, as enumerated in Article 1, Section 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal laws.
CalPERS policy limits the collection, use, and disclosure of personal information maintained by CalPERS, and applies safeguards to ensure its protection. CalPERS information management practices encompass the requirements of the Information Practices Act (Civil Code Section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, Assembly Bill 928, and other applicable laws pertaining to information confidentiality.
CalPERS follows these privacy principles when collecting, managing, and protecting your personal information:
We only obtain personal information through lawful means.
CalPERS collects personal information pursuant to Government Code (Section 20000, et seq.) and uses it for administration of the CalPERS Board’s duties under the Public Employees’ Retirement Law, the Social Security Act, and the Public Employees’ Medical and Hospital Care Act, as the case requires. Personal information is collected directly from you, your employer, or through our website, if the information was provided voluntarily. Any personal information CalPERS collects is essential to accomplish specified business purposes and is only retained for as long as necessary to fulfill those specified purposes. Failure to supply the information results in CalPERS inability to perform its business functions.
Personal information, as defined in the Information Practices Act, is information that identifies or describes an individual including name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history.
We do not collect addresses (home, business, or email) or account information from individuals browsing the CalPERS website.
CalPERS collects personal information about individuals through our website only if the individual provides such information to us voluntarily through our online services. The information that CalPERS website automatically collects includes the:
- Date and time when our website is visited
- Domain name or Internet Protocol address of the machine use to access our website
- Forms or publications that are uploaded
- Type of browser and operating system used
- Web page displayed when our website is left
- Web pages or services displayed
CalPERS will not distribute or sell any electronically collected personal information about users to any third party without obtaining the user’s written consent. In addition, electronically collected personal information is exempt from disclosure when a request is made under the Public Records Act.
We may use electronic “cookies,” in some areas of the CalPERS website, to improve the overall usability of the site.
CalPERS uses electronic cookies to collect and temporarily store various types of information. The cookies allow the programs to operate correctly and know where to return the business transaction results. Cookies created on your computer, from using our website, do not contain personal information and do not compromise confidentiality. CalPERS does not retain the information you enter and, once you leave the specific program, your information is deleted from our website database.
You can refuse the cookie or delete the cookie file from your computer by using any of the widely available methods. However, if you turn your cookies option off, some of our online services may not be accessible.
We specify the purpose for which personal information is collected prior to, or at, the time of collection, in a privacy notice included on, or with, the form used to collect personal information.
View the Privacy Notice. Any subsequent use of personal information is limited to the fulfillment of purposes consistent with the previously specified purpose.
We use personal information only for the specified purposes, or purposes consistent with those purposes, and personal information will not be disclosed, made available, or otherwise used, unless we have received consent from the individual or unless required by law or regulation.
The Public Records Act ensures that government is open, and that the public has a right to access appropriate records and information possessed by state government. However, there are exceptions in both state and federal law limiting the public's right to access public records. These exceptions serve various needs, including maintaining the privacy of individuals. In the event of a conflict between this policy and the Public Records Act, the Information Practices Act, or any other law governing the disclosure of records, the applicable law will control.
We inform those who provide personal information about their opportunity to review or delete that information.
Individuals who provide CalPERS with personal information have the right to access and review their personal information and contest its accuracy or completeness. Individuals may request corrections to any inaccuracies in their records. Individuals also have the right to have any electronically collected personal information deleted by contacting the CalPERS Information Security and Privacy Officer.
We use information security safeguards.
CalPERS uses information security safeguards to protect the personal information we collect and maintain against loss, unauthorized access, and illegal use, modification, or disclosure. Security measures are integrated into the design, implementation, and day-to-day operations of the entire CalPERS business environment. CalPERS protects the integrity of all communications and computing infrastructure by implementing password authentication, monitoring, auditing, and encryption of browser communications. Staff are trained on procedures for the management of personal information, including limitations on the release of information. Access to personal information is limited to staff whose work requires such access. Confidential information is destroyed according to the CalPERS records retention schedule and periodic reviews are done to ensure that proper information management policies and procedures are understood and followed.
CalPERS encourages all individuals to use appropriate safeguards to secure their personal computers and the information on those computers as well.
Knowledge Based Authentication
When completing a transaction in myCalPERS, you may be asked to answer a set of security questions unique to you. This is known as knowledge-based authentication, or KBA, and it's one of the measures we use to keep your account secure.
We've partnered with LexisNexis Risk Solutions to provide KBA services. Security questions are developed using intelligent algorithms and billions of consumer records.
If you would like to order copies of the information that LexisNexis maintains and uses to create consumer reports about you, visit Access Your Full File Disclosure. If you have received your file, and find it contains incorrect or incomplete information, you have the right to file a dispute. Learn How to Dispute Information.
Messaging Terms of Service
We've partnered with Twilio to provide messaging services (text, phone call, and email) in myCalPERS for two specific scenarios: account-related notifications and multifactor authentication.
For certain account-related alerts or notifications (i.e., account registration, security setting updates, address changes, etc.), Twilio will send a text to your mobile phone number on record using CalPERS’ toll-free number, 888 CalPERS (or 888-225-7377).
CalPERS may also send an email to your email address on record from firstname.lastname@example.org for account-related alerts and notifications. If you are concerned about an email or require further assistance, call us at 888 CalPERS (or 888-225-7377).
You can opt out of receiving account-related text messages at any time. Reply "STOP" to the toll-free number and we’ll send you a text message to confirm that you have been unsubscribed. If you want to rejoin, text “UNSTOP” or “START”, and we’ll start sending text messages to you again.
Multifactor authentication (MFA) is a method of identity verification using multiple factors, such as a password (something you know) and a security token or one-time verification code sent to your device (something you have). We use this method because it provides an additional layer of security and is more effective in protecting your account against unauthorized access. MFA is required each time you log in to your myCalPERS account or attempt to recover your myCalPERS account credentials.
We offer two methods for MFA:
- A one-time verification code sent to you using your preferred delivery method. You can request to have CalPERS send the verification code by text, phone call, or email.
- Security token through an authenticator application on your mobile device, such as Authy, Google Authenticator, or Microsoft Authenticator.
On your myCalPERS account, you can opt out of receiving text messages or using your authenticator app at any time. To opt out of text messages, remove your mobile phone number. To opt out of your authenticator app, disable it in your security settings. If you need assistance with text messaging, reply “HELP” or call us directly at 888 CalPERS (or 888-225-7377).
Carriers are not liable for delayed or undelivered messages. As always, message and data rates may apply for both messages sent to you from us, or to us from you. You’ll receive a single message at account login or account recovery. If you have any questions about your text plan or data plan, contact your wireless provider.
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, a federal law, gives you rights over your protected health information (PHI) and sets rules and limits on who can look at and receive your PHI. HIPAA allows the disclosure of PHI needed for patient care and other important purposes. The Security Rule, a federal law that protects health information in electronic form, requires CalPERS to ensure that electronic PHI is secure. We will only use and disclose such information as stated in CalPERS Notice of Privacy Practices (PDF).
For More Information
Information Security and Privacy Officer
400 Q Street
Sacramento, CA 95811