The California Cannabis Authority (“CCA”) is committed to supporting the information needs of its Member organizations and is also committed to promoting and protecting the privacy rights of individuals, as enumerated in Article 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal statutes.
It is the policy of CCA to limit the collection and safeguard the privacy of personal information collected or maintained by us. CCA’s information management practices are consistent with the Information Practices Act (Civil Code Section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, and with other applicable laws pertaining to information privacy.
Specifically, information submitted to CCA’s data platform is protected by role-based and data-based access rules, state of the art encryption, and stored redundantly in a FedRAMP Moderate certified region utilizing AWS services.
CCA follows these principles in collecting and managing personal information:
We collect personal information on individuals only as allowed by law. We limit the collection of personal information to what is relevant and necessary to accomplish a lawful purpose of CCA. For example, we may need to know someone's address, telephone number, licensee number, or other information to properly identify the person in order to support our Member organization’s legal regulatory and tax compliance functions.
We use personal information only for the specified purposes, or purposes consistent with those purposes, unless we get the consent of the subject of the information, or unless required by law or regulation. The Public Records Act exists to ensure that government is open, and that the public has a right to have access to appropriate records and information possessed by public agencies. At the same time, there are exceptions in both state and federal law to the public's right to access public records. These exceptions serve various needs including maintaining the privacy of individuals. In the event of a conflict between this Policy and the Public Records Act, the Information Practices Act or other law governing the disclosure of records, the applicable law will control.
We use information security safeguards. We take reasonable precautions to protect the personal information on individuals collected or maintained by CCA against loss, unauthorized access, and illegal use or disclosure. On our Web site, we protect the security of your personal information during transmission by using Secure Sockets Layer (SSL) software, which encrypts the information you type in. Personal information is stored in secure locations. Our staff is trained on procedures for the release of information, and access to personal information is limited to those staff whose work requires it. Confidential information is destroyed according to the CCA’s records retention schedule. CCA conducts periodic reviews of its information practices to ensure that proper information management policies and procedures are being followed.
The California Cannabis Authority
1101 K Street, Suite 101
Sacramento, CA 95814