• CSULB Home
• Students
• Faculty & Staff
• Alumni
• Parents
• Visitors & Community
• Giving to CSULB

Information Security Management and Compliance

Information Security and Privacy Program

Appendix A

Permitted Disclosures

printable version

The California Information Practices Act was enacted in 1977 to protect individual’s privacy rights in “personal information” contained in state agency records. The Act reflects the Legislature’s determination that the right to privacy is in jeopardy and that the maintenance and dissemination of private information should be subject to strict limits. The Act prohibits disclosure of personal information except in certain limited circumstances. Some of these disclosures may impose requirements not included in this document. Consultation with the University Information Security Officer is required before releasing personal information covered by the Information Practices Act.

The following disclosures are permitted under the Information Practices Act:

to the individual to whom the information pertains;

• where the individual to whom the information pertains has given voluntary written consent to disclose the information to an identified third part no more than 30 days before the third party requested it, or within the time limit agreed to by the individual in the written consent;
• to an appointed guardian or conservator of a person representing the individual provided it can be proven with reasonable certainty through CSU forms, documents or correspondence that the person is the authorized representative of the individual to whom the information pertains;
• to persons within the CSU who need the information to perform their functions;
• to another government agency when required by law;
• in response to a request for records under the California Public Records Act;
• where there is advance written assurance that the information is to be used for purposes of statistical research only and where the information will be redisclosed in a form that does not identify any individual;
• where the CSU has determined that compelling circumstances exist which affect the health or safety of the individual to whom the information pertains, and notification is transmitted to the individual at his or her last known address, and the disclosure does not conflict with other state or federal laws;
• pursuant to a subpoena, court order, or other compulsory legal process if, before disclosure, the CSU notifies the individual to whom the record pertains, and if the notification is not prohibited by law;
• pursuant to a search warrant;
• to a law enforcement or regulatory agency when required for an investigation of unlawful activity of or for licensing, certification, or regulatory purposes, unless the disclosure is otherwise prohibited by law.