CASPIR - California’s System for Pesticide Incident Reporting
The California System for Pesticide Incident Reporting makes it easy for agricultural fieldworkers and the general public in California to submit a pesticide-related incident to the correct agency that is responsible to handle it. While the user is able to anonymously submit an incident report, without any personally identifiable information being transmitted, it is up to the user which information (e.g. name, phone number, email address) he/she is comfortable of sharing.
This is a list of categories of Personally Identifiable Information (PII) that an app could potentially collect:
|Unique device identifier||No|
|Geo-location (GPS, WiFi, user-entered)||User Choice (assist in finding incident location)|
|Mobile phone number||User Choice (manually entered)|
|Email address||User Choice (manually entered)|
|User’s name||User Choice (manually entered)|
|Text messages or email||No|
|Financial and payment information||No|
|Health and medical information||No|
|Photos or videos||User Choice|
|Web browsing history||No|
|Apps downloaded or used||No|
Is the data type necessary for your app’s basic functionality (that is, within the reasonably expected context of the app’s functions as described to users)?
The app does not transmit any PII without the knowledge of the user and beyond the extend of what the user actually voluntary enters into the complaint entry form.
Furthermore, the app is fully functional without transmitting or volunteering data with an incident. It will, however, make the investigation so much harder to perform by the County Agricultural Commissioner or the Agency the incident will be handled.
Is the data type necessary for business reasons (such as billing)?
The user is able to stay anonymous and able to choose which data he/she is comfortable of sharing. Any detail shared with the incident is not shared with a third party and stays within the California County Agricultural Commissioner’s office which the incident got assigned to. With an email or phone number, the investigator can contact the user to get more information about the incident. A picture would be valuable to document the incident even further.
How will you use the data?
The data shared within an incident will only be used to help investigate the incident. The investigation will be performed by the County Agricultural Commissioner staff and the information of the incident is not shared with a third party.
Will it be necessary to store data off the device, on your servers?
The incident data will be stored initially on the CASPIR (California’s System for Pesticide Incident Reporting) server where they will be relayed to the County Agricultural Commissioner’s system. Once the county starts an investigation, the incident data will be transferred to the investigation. The counties have various data retention policies and outside the CASPIR system.
How long will you need to store the data on your servers?
Incidents that have been closed are deleted within 30 days upon closing date.
Will you share the data with third parties (such as ad networks, analytics companies, service providers)? If so, with whom will you share it?
No, none of the incident data will be shared outside California Agencies:
- DPR (Department of Pesticide Regulation): incident, where the jurisdiction cannot be determined automatically, will be handled by DPR staff. If DPR staff can find which county is responsible for handling the investigation, the incident is forwarded to that county for further investigation.
- County Agricultural Commissioner: county staff is performing the investigation and enforcing any kind of violations determined by the investigation.
- CalEPA: non-pesticide related incidents might be forwarded to CalEPA for their investigation.
- Cal/OSHA: other related incidents might be forwarded to the Department of Industrial Relations at Cal/OSHA for their investigation.
How will third parties use the data?
None of the incincident data will be shared with third parties.
Who in your organization will have access to user data?
Only CASPIR System Administrators will have access to submitted incidents via a password protected web application.
Is your app directed to or likely to be used by children under the age of 13?
No, the app is directed to agricultural fieldworkers who are working in the state of California.
What parts of the mobile device do you have permissions to access? Can you provide users with the ability to modify permissions?
The app will access these data categories:
- Location: while a location is useful for an investigation, the user can enter the location of an incident without permitting the app to use the device’s location. The location of the device will not be stored and transmitted within a report.
- Camera: The user is able to take a picture or video to include in the report.
- Photo Album: The user is able to select a picture or video from the photo album in the report.
The user can choose to not grant the app permission to access any of the items listed above. All the other incident fields are text entries (name, phone number, email address) and the user can choose how much or little he/she wants to share to support an investigation.