The California Department of Real Estate is committed to protect and serve the interests of the public in real estate transactions and provide related services to the real estate industry. The Department is also committed to promoting and protecting the privacy rights of individuals, as enumerated in Article 1 of the California Constitution, the Information Practices Act of 1977, and other state and federal statutes.
It is the policy of the Department of Real Estate to safeguard the privacy of personal information collected or maintained by the Department. The Department's information management practices are consistent with the Information Practices Act (Civil Code Section 1798 et seq.), the Public Records Act (Government Code Section 6250 et seq.), Government Code Sections 11015.5 and 11019.9, and with other applicable laws pertaining to information privacy.
You should be aware that some of the information or correspondence you provide to the DRE becomes a public record and may be subject to disclosure to anyone who asks for it under the state Public Records Act (Government Code Section 6250 et seq.); to another government agency as required by state or federal law; and/or in response to a court or administrative order, subpoena or search warrant.
The Department follows these principles in collecting and managing personal information:
- We collect information that is relevant and necessary - We limit the collection of personal and public information to what is required to accomplish the lawful purpose of the Department. For example, we need to know someone's address, telephone number, birth date, social security number, and proof of legal presence, among other things, in order to properly identify the person before issuing a real estate license. We also gather pertinent evidence as part of an investigation of a real estate transaction, as part of an applicant or license criminal background check, and obtain financial information as part of an audit of a real estate brokerage operation. Personal information, as defined in the Information Practices Act, is information that identifies or describes an individual including, name, social security number, physical description, home address, home telephone number, education, financial matters, and medical or employment history.
- We use information only for the specified purposes, or reasons consistent with those purposes, unless we get the consent of the individual, or unless required by law or regulation - The Public Records Act exists to ensure that government is open and that the public has a right to have access to appropriate records and information possessed by State government. At the same time, there are exceptions in both State and Federal law to the public's right to access public records. These exceptions serve various needs including maintaining the privacy of individuals. In the event of a conflict between this Policy and the Public Records Act, the Information Practices Act or other law governing the disclosure of records, the applicable law will control.
- We observe eCommerce security practices - We have in place physical, electronic, and procedural safeguards to protect the eLicensing users' personal information. We have successfully undergone routine audit and independent reviews of our security infrastructure. No personal information such as a social security number, birth date, user name or password is stored on the web servers. Web servers are segregated into a distinct network so that increased security measures can be employed. Privacy is handled by encryption. This level of encryption helps to ensure that information is secure when the data is transmitted. All eLicensing transactions are protected using Secure Socket Layer (SSL) technology with 128-bit encryption. SSL encrypts the individual's personal information before it leaves his/her computer, ensuring that it cannot be read by unauthorized persons. The use of 128-bit encryption is the standard for protecting financial and personal information on the web. DRE does not store any credit card information on file and only retains the authorization information provided by the secured payment processing center.
- We use information security safeguards - We take reasonable precautions to protect the personal information on individuals collected or maintained by the Department against loss, unauthorized access, and illegal use or disclosure. Personal information is stored in secure locations. Our staff is trained on procedures for the release of information, and access to personal information is limited to those staff whose work requires it. Confidential information is destroyed according to the Department's records retention schedule. The Department conducts periodic audits to ensure that proper information management policies and procedures are being followed.
California is the first state to have an agency dedicated to promoting and protecting the privacy rights of consumers. Additional information on issues of personal privacy can be obtained from the California Office of Privacy Protection.