Privacy Policy Pursuant to Government Code Section 11019.9 and in adherence to the Information Practices Act of 1977 (Title 1.8 (commencing with Section 1798) of Part 4 of Division 3 of the Civil Code) the Santa Monica Mountains Conservancy (SMMC) has adopted the following privacy policy. This policy incorporates the provision of the SMMC’s Records Retention Policy adopted on September 28, 2000. This policy applies, but without limitation, to personnel records, job applications, personal information which may be required for the submission of a grant application, request for bid or request for proposal, and to personal information submitted to or requested by the SMMC in conjunction with making land acquisitions. SMMC does not compile personal information other than employment applications, employee personnel records, and mailing lists used to provide notices or otherwise to inform the public. Section 1: Definitions This policy adopts by reference all of the relevant definitions found at Government Code Section 1798.3 including but not limited to the following: (a) The term “personal information” means any information that is maintained by the SMMC that identifies or describes an individual, including, but not limited to, his name or her name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history. It includes statements made by, or attributed to, the individual. (b) The term “disclose” means to disclose, release, transfer, disseminate, or otherwise communicate all or any part of any record orally, in writing, or by electronic or any other means to any person or entity. The term “employee” means an employee of the SMMC or an employee of the Mountains Recreation and Conservation Authority (MRCA) provided access to records of the SMMC pursuant to the Reciprocal Management Agreement by and between the SMMC and MRCA. Section 2: Policy Principles The following principles shall apply to the disclosure, release, transfer, dissemination or any other communication of personal information: (a) Personally identifiable information shall only be obtained through lawful means. (b) The purposes for which personally identifiable data are collected shall be specified at or prior to the time of collection, and any subsequent use of the data shall be limited to and consistent with the fulfillment of those purposes previously specified. (c) Personal data shall not be disclosed, made available, or otherwise used for purposes other than those specified, except with the consent of the subject of the data, or as authorized by law or regulation. (d) Personal data collected must be relevant to the purpose for which it is collected. (e) Personal data shall be protected against disclosure, release, transfer, dissemination, or unauthorized disclosure by the following general means: (1) Each employee responsible for the collection, use, maintenance, and/or dissemination of public records containing personal data shall take precautions to assure that such records are to the extent allowed by law kept confidential. (2) The Executive Director shall designate one SMMC employee (Privacy Policy Coordinator) who shall be responsible for implementation of this policy. Any employee with questions regarding implementation of this policy, Government Code Section 11015.5, or Government Code Section 6250 et seq. (Public Records Act) shall consult with the Privacy Policy coordinator for guidance. If the Privacy Policy coordinator is unable to respond, the employee shall contact the Office of the State Attorney General for guidance.