OTSI Privacy Policy

The California Health and Human Services Agency, Office of Technology and Solutions Integration (OTSI), is committed to promoting and protecting the privacy rights of individuals, as enumerated in Article 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal laws.

It is the policy of the OTSI to limit the collection and safeguard the privacy of Personal Information collected or maintained by the OTSI. The OTSI’s information management practices conform to the requirements of the Information Practices Act (California Civil Code Section 1798 et seq.), the California Public Records Act (Government Code Section 7920.000 et seq.), California Government Code Sections 11015.5 and 11019.9, and other applicable laws pertaining to information privacy. This Privacy Policy applies only to the OTSI.


  • "Personal Information" is information about a natural person that identifies or describes an individual, including, but not limited to, his or her name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history, readily identifiable to that specific individual. A domain name or Internet protocol (“IP”) address is not considered personal information; however, it is considered "electronically collected personal information.”
  • “Electronically collected Personal Information,” as defined in California Government Code section 11015.5, means “any information that is maintained by an agency that identifies or describes an individual user, including, but not limited to, his or her name, social security number, physical description, home address, home telephone number, education, financial matters, medical or employment history, password, electronic mail address, and information that reveals any network location or identity, but excludes any information manually submitted to a state agency by a user, whether electronically or in written form, and information on or relating to individuals who are users, serving in a business capacity, including, but not limited to, business owners, officers, or principals of that business.”

1. The OTSI collects Personal Information on individuals only as allowed by law.  The OTSI limits the collection of Personal Information to what is relevant and necessary to accomplish the lawful purposes of the OTSI.  For example, the OTSI may need to know an individual's home address, e-mail address, or telephone number, to answer the individual's questions or to provide requested assistance. 

2.  The OTSI endeavors to tell people who provide Personal Information to the OTSI the purpose for which the information is collected.  The OTSI strives to tell persons, who are asked to provide Personal Information, about the general uses the OTSI will make of that information.  This is done at the time of collection.  With each request for Personal Information, the OTSI provides information on the authority under which the request is made, the principal uses the OTSI intends to make of the information, and the possible disclosures the OTSI is obligated to make to other government agencies and to the public.

3.  The OTSI uses Personal Information only as specified and consistent with those purposes; unless the OTSI obtains the consent of the subject of the information, or as required or allowed by law.  The OTSI collects Personal Information directly from individuals who volunteer to use some of our services, including our internet/online services.  Collection of this information is required to deliver the specific services, but use of these services is voluntary. If any type of Personal Information is requested on the website or volunteered by the user, state and federal law, including the California Information Practices Act of 1977, California Government Code Section 11015.5., and the federal Privacy Act of 1974, may protect it.  However, this information may be a public record once it is provided to the OTSI, and may be subject to public inspection and copying if not otherwise protected by federal or state law.

The California Public Records Act exists to ensure that California government is open and that the public has a right to have access to appropriate records and information possessed by state and local government agencies.  At the same time, there are exceptions to the public's right to access records.  These exceptions serve various needs, including maintaining the privacy of individuals.  In the event of a conflict between this Policy and any law governing the disclosure of records (such as the California Public Records Act or the Information Practices Act), the applicable law will control.

A special note regarding electronically collected personal information:

  • The OTSI automatically collects certain electronic information from users who browse the OTSI’s internet website.  The information that the OTSI automatically collects when a user visits its website includes, but may not be limited to, the client IP address, the date and time when the website is visited, web pages displayed, and any forms that are uploaded.  The OTSI uses encrypted and unencrypted session cookies, text files stored temporarily on a visitor's computer by a web browser, to enable easy movement through the site.  The information collected in this manner is not subject to requests made pursuant to the Public Records Act, and site visitors may request to have their information deleted without reuse or distribution by contacting us at Privacy@osi.ca.gov.

  • More specifically, if nothing is done during a visit to the website but browsing or downloading information, the OTSI automatically collects and stores the following information about the visit:
    • The IP address and domain name used, but not the e-mail address.  The IP address is a numerical identifier assigned either to the visitor’s Internet service provider or directly to the visitor’s computer.  The OTSI uses the IP address to direct Internet traffic to the visitor and generate statistics used in the management of the OTSI’s website;
    • The type of browser and operating system used;
    • The date and time the OTSI’s site is visited;
    • The web pages or services accessed at the OTSI’s website;
    • The website visited prior to coming to the OTSI’s website;
    • The website visited as the visitor is leaving the OTSI’s website; and
    • If a form is downloaded, the form that was downloaded.

The information the OTSI automatically collects or stores is used to improve the content of OTSI’s web services and to help the OTSI understand how people are using the OTSI’s services.  This information does not identify a visitor personally and is used for gathering website statistics.  The information the OTSI automatically collects and stores in logs about visits to the OTSI’s website helps staff to analyze the OTSI website to continually improve the value of the materials available.  The OTSI’s website logs do not identify a visitor by Personal Information, and the OTSI makes no attempt to link other websites with the individuals that browse the OTSI’s web site.
California Government Code section 11015.5 prohibits all state agencies from distributing or selling any electronically collected Personal Information, as defined above, about users to any third party without the permission of the user.  The OTSI does not sell any "electronically collected Personal Information." Any distribution of "electronically collected Personal Information" will be solely for the purposes for which it was provided to us.

The OTSI may provide or distribute certain lists and statistical reports of regulatory information as provided by law, but no Personal Information is sold or distributed, and all relevant legal protections still apply to the state's websites.

    • The OTSI does not collect home, business or e-mail addresses, or account information from persons who simply browse the OTSI’s website.  The OTSI collects Personal Information about individuals through the OTSI’s website only if an individual provides such information to the OTSI voluntarily through e-mail, registration forms, or surveys, for example.  If an OTSI website visitor voluntarily participates in an activity that asks for specific information (i.e., completing a request for assistance, personalizing the content of the website, sending an e-mail, or participating in a survey), more detailed data will be collected.  If a visitor chooses not to participate in these activities, that choice will in no way affect the visitor’s ability to use any other feature of the website.
    • The OTSI’s use of e-mail addresses.  An OTSI website visitor may choose to provide the OTSI with Personal Information, as in an e-mail with a comment or question.  The OTSI uses the information to improve service to website visitors or to respond to their requests.  Sometimes the OTSI will forward an e-mail to other state employees who may be better able to help, and those staff may be employed by a different agency within the state.  Except for authorized law enforcement investigations or, as required by law, the OTSI does not share e-mails with any other organizations.  We use visitor e-mails to respond appropriately.  This may be to respond to the sender, to address issues identified in the e-mail, to further improve the OTSI’s website, or to forward the e-mail to another agency for appropriate action.

Submission of an e-mail to OTSI, OTSI staff and/or communication through the website does not create any attorney-client or other privileged or confidential relationship.  Accordingly, website visitors should not disclose any information to the OTSI that they wish to remain private or confidential.

    • The OTSI uses Google Analytics to help improve its website.  The OTSI uses Google Analytics to help understand how visitors interact with its website so that the site can be improved.  The OTSI allows Google to use only anonymous data of the type described above.  Website visitors can read the privacy policy for Google Analytics.  They can choose not to have their data collected by Google Analytics by downloading Google’s opt-out browser add-on.

    • The OTSI’s use of cookies.  Cookies are simple text files stored on a user’s computer by the web browser.  The main OTSI portal does not use cookies to maintain personalization; however, some OTSI applications may use them.  The OTSI makes every attempt to avoid the use of cookies.  When needed to maintain the functionality of an application, unlike the common usage of cookies, the OTSI uses cookies only during the session in which a visitor accesses our interactive applications.

Cookies created on a visitor’s computer by using the OTSI’s website do not contain "Personal Information" and do not compromise the visitor’s privacy or security.  The OTSI uses the cookie feature only to store a randomly generated identifying temporary tag on a visitor’s computer.  Visitors may accept or decline cookies. Most web browsers automatically accept cookies, but web browser settings may be modified to decline cookies. If a visitor chooses to decline cookies, he or she may not be able to access some of the features in the OTSI’s interactive applications.  If the visitor chooses to accept cookies, he or she may also later delete cookies that have been accepted. For example, in Internet Explorer 10 you can delete cookies by selecting “Tools,” “Safety,” “Delete browsing history,” “Cookies” and “Delete.” Each browser may provide a different way to delete cookies. If a visitor chooses to delete cookies, any settings and preferences controlled by those cookies will be deleted and may need to be recreated during the next access of the OTSI’s website.

4.  The OTSI uses information security safeguards.  Reasonable precautions are taken to protect the Personal Information of individuals collected or maintained against loss, unauthorized access, and illegal use or disclosure.  Secure Socket Layer (SSL) encryption software for the OTSI Security Tool protects the security of each individual’s Personal Information during transmission through the OTSI’s website.  Such Personal Information is stored by the OTSI in secure locations.  The OTSI’s staff is trained on procedures for the management of Personal Information, including limitations on the release of information.  Access to Personal Information is limited to those members of the OTSI’s staff whose work requires such access.  Confidential information is destroyed according to the OTSI’s records retention schedule.  The OTSI conducts periodic reviews to ensure that proper information management policies and procedures are understood and followed.

5.  The OTSI provides people who provide Personal Information with an opportunity to review that information.  Individuals, who provide Personal Information, are allowed to review the information and contest its accuracy or completeness.

6.  The OTSI Privacy and Risk Officer will provide additional explanations of this Privacy Policy, if requested.  If any individuals have any further questions about the OTSI’s Privacy Policy, they are encouraged to contact us at Privacy@osi.ca.gov.

Last Reviewed: 9/15/2023
Last Revision date: 9/15/23