CMD Privacy Policy 

CMD Privacy Policy 2025

 

The California Military Department (CMD) is committed to promoting and protecting the privacy rights of individuals, as detailed in Article 1 of the California Constitution, and as required by state and federal laws, and by state policy.  This Privacy Policy has been established in accordance with State Information Management Manual (SIMM) section 5310-A, Privacy Statement and Notices Standard.

It is the CMD’s policy to limit the collection and safeguard the privacy of personal information collected or maintained by the CMD. The information management practices established by the CMD conform to the requirements set forth by the California Information Practices Act of 1977 (Civil Code section 1798 et seq.), the Public Records Act (Government Code section 7920, et seq.), Government Code sections 11015.5 and 11019.9, the State Administrative Manual (SAM) sections 5310.1 and 1600, and other applicable laws pertaining to information collection and privacy.

Personal information, as defined in the California Information Practices Act, is information that identifies or describes an individual including, but not limited to, the individual’s name or nickname, social security number, physical description, home address, home telephone number, education, financial matters, medical or employment history. An email address, domain name, or Internet Protocol (IP) address is not considered personal information; however, it is considered electronically collected personal information.

Electronically collected personal information, as defined in Government Code section 11015.5, is any information maintained by an agency that identifies or describes an individual including, but not limited to, the individual’s name, social security number, physical description, home address, home telephone number, education, financial matters, medical or employment history, password, email address, and any information that reveals any network location or identity, such as domain name and IP address. Information excluded from this definition includes information that is manually and voluntarily submitted to the CMD by an individual, or information related to individuals serving in a business capacity such as a business owner, officer or principal of that business (rather than personal capacity).

The CMD follows these principles in collecting and managing personal information:

  • The CMD collects personal information on individuals only as allowed by law. We limit the collection of personal information to what is relevant and necessary to carry out our work legally and effectively, and for the purposes intended. For example, we may need to know an individual’s email address or telephone number, among other things, to fulfill a request for assistance or respond to an inquiry.
  • The CMD does not collect home or business addresses, email addresses, or account information from individuals who simply browse the CMD website.
  • The CMD collects personal information through our website only if an individual voluntarily provides this information to the CMD. Voluntary disclosure of personal information might occur, for example, when an individual submits an embedded inquiry or registration form or responds to an online survey.
  • The CMD seeks ways to improve user experience on its website, and automatically collects and stores the following information for this purpose:
    • The domain name or IP address that corresponds to the machine used to access the CMD’s website.
    • The type of browser and operating system used.
    • The date and time the website was visited.
    • The web pages displayed or accessed on CMD’s website.
    • Any forms that you have downloaded from or uploaded to the website.
    • Cookies on your computer. These are created on your computer when using the CMD website and do not contain personal information or compromise your privacy or security. The cookie feature is used to store a randomly generated identifying temporary tag on your computer. You can refuse the cookie or delete the cookie file from your computer by using any widely available methods. However, turning your cookie option off may result in being unable to access some features of the website. Cookies created by visiting the CMD website include:
      1. Session cookies, which are temporary cookies that store information about a user’s activity during a single browsing session. Upon closing your browser, the session cookie is deleted.
      2. California Department of Technology (CDT) uses Google Analytics to help improve the CMD website. Google tracking cookies may be used to provide information to Google Analytics, and the expiration timelines of these cookies is established by CDT. Our website may use Google Analytics to track website statistics. Google tracking code used by every website or application that employs Google Analytics stores information that identifies device IP addresses, but our website is anonymizing that information and only part of the device IP addresses are being used. Consequently, no information identifying you or your device is being stored at Google via our utilization of Google Analytics implementation. You can find out more about Google Analytics anonymized IP addresses by clicking here.

Electronically collected personal information is exempt from requests submitted under the Public Records Act (PRA). This means, the information CMD automatically collects through these electronic methods cannot be requested by others under the PRA.

This information simply helps us to gather website statistics, analyze the website to understand how people are using CMD services, and allows CMD to continually improve the value of the materials available. The CMD website logs do not identify individuals by personal information, and CMD makes no attempt to link other websites with the individuals that browse the CMD website.

  • The CMD is committed to protecting personal information and informing individuals of their rights.
    • CMD adheres to Government Code section 11015.5 prohibiting all state agencies from distributing or selling any electronically collected personal information to any third party without the written consent of the individual to whom it belongs.
    • The CMD does not sell any electronically collected personal Any distribution of electronically collected personal information will be solely for the purposes for which it was provided to us.
    • Individuals have the right to have any electronically collected personal information deleted by CMD, without reuse or distribution (SAM 5310.6), by contacting the CMD Privacy Program Coordinator using the contact information provided in this statement.
    • When individuals provide personal information, the CMD will inform individuals of the direct and general purpose for which their information is being collected by way of Notice on Collection.
    • The CMD does not deviate from using or disclosing personal information for the purposes specified, unless we obtain consent from the individual by whom it was provided, or unless required by law or regulation.
    • The CMD allows individuals who provide personal information to review the information and contest its accuracy or completeness by contacting the CMD Privacy Program Coordinator using the contact information provided in this statement.
  • The CMD complies with exceptions to privacy as established by the Public Records Act.
    • The PRA is designed to promote government transparency and ensure the public has a right to access appropriate records and information possessed by state government. At the same time, there are exceptions in both state and federal law to the public’s right to access public records.
    • These exceptions serve various needs, including maintaining the privacy of individuals.
    • In the event of a conflict between this Policy and the Public Records Act, the Information Practices Act or other law governing the disclosure of records, the applicable law will control.
  • The CMD employs security safeguards and takes reasonable precautions to protect the personal information collected or maintained by the CMD against loss, unauthorized access, and illegal use or disclosure.
    • The CMD uses encryption software to protect the security of individuals’ personal information during transmission of such information through the CMD’s websites.
    • Personal information is stored by the CMD in secure locations. The CMD’s staff is trained on procedures for the management of personal information, including limitations on the release of information.
    • Access to personal information is limited to those CMD personnel whose work requires such access.
    • In accordance with SAM 1612, confidential information is destroyed according to the CMD’s records retention schedule. The CMD conducts periodic reviews to ensure that proper information management policies and procedures are understood and followed.

If you have questions or are seeking additional information regarding this Privacy Policy, would like to review your personal information maintained by CMD, or request correction of any inaccuracies, please contact the Privacy Program Coordinator at:

California Military Department
ATTN: Privacy Program Coordinator
10601 Bear Hollow Drive
Rancho Cordova, CA  95670
916.854.3802
SNT.Security@cmd.ca.gov

This Privacy Policy, effective May 7, 2021, was last reviewed and revised on July 2, 2025, and reflects current CMD business practices effective July 11, 2025.

This Privacy Policy is subject to change without notice, and changes will be prominently posted. It is your responsibility to review this page periodically to stay informed, as any updates are binding once posted.