An agency may disclose personal information to another person or governmental organization to the extent necessary to obtain information from the person or governmental organization as necessary for an investigation by the agency of a failure to comply with a specific state law that the agency is responsible for enforcing.
Upon written request from a law enforcement agency, information may be disclosed to any local government officer or official for the purposes of screening a prospective concessionaire. Any summary of criminal history information disclosed must be limited to information related to criminal convictions.
Information which is permitted to be disclosed under the provisions of subdivision (e), (f), or (o), of Section 1798.24 [i.e. for judicial purposes] shall be provided when requested by a district attorney.
The Information Practices Act does not alter any law or judicial provision which authorizes an individual to gain Access toy law enforcement record or authorizes discovery in criminal or civil litigation.
An agency may disclose personal information when the transfer of the information is necessary for the transferee agency to perform its constitutional or statutory duties. With respect to information transferred from or to a law enforcement or regulatory agency, a use is compatible if the use of the information requested is needed in an investigation of unlawful activity under the jurisdiction of the requesting agency or for licensing, certification, or regulatory purposes by that agency.
An agency may disclose personal information pursuant to a determination by the agency that compelling circumstances exist that affect the health or safety of an individual, if upon the disclosure notification is transmitted to the individual to whom the information pertains at his or her last known address. Disclosure shall not be made if it is in conflict with other state or federal laws.
Any agency that owns or licenses computerized data shall disclose any security breach to any California resident whose unencrypted personal information (including medical information) was acquired by an unauthorized person. Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any security breach immediately following discovery that the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.