Skip to main content
California Department of Education Logo

Management Bulletin 11-20

Early Learning and Care Division

Subject: Centralized Eligibility List Data: Security and Confidentiality Requirements

Number: 11-20

Date: June 2011

Expires: Until Rescinded

Authority: California Education Code, Section 8227; California Code of Regulations, Title 5, Section 18117; and California Civil Code, Section 1798.80–1798.84

Attention: All County Centralized Eligibility List Administrators and All Executive Officers and Program Directors of All Child Care and Development Programs

Purpose

The purpose of Management Bulletin (MB) 11-20 is to provide Centralized Eligibility List (CEL) Administrators and child care and development contractors with requirements for data security and confidentiality.

Background

In May 2011, the California Department of Education (CDE), Early Learning and Care Division (ELCD) posted direction to CEL administrators on the actions that had to be taken due to the elimination of state funding for the CEL. This required CEL Administrators to:

  • Contact the assigned Field Services Consultant to request prior written approval for disposition of equipment and complete an equipment inventory form to document each piece of equipment costing $500 or more that was purchased, in whole or in part, with CEL contract funds
  • Retain all program operating records for a minimum of five years in accordance with Education Code (EC), Section 33421, and California Code of Regulations, Title 5 (5 CCR), Section 18067

The ELCD posted direction on the actions that must be taken by direct service contractors currently participating in the CEL.

Policy

5 CCR, Section 18117 requires contractors to ensure that the use or disclosure of all information pertaining to the child and his/her family is restricted to purposes directly connected with the administration of the subsidized child care program.

California Civil Code, Section 1798.80–1798.84 requires that personally identifiable student level data no longer needed, or relevant, is destroyed. All reasonable steps must be taken to dispose, or arrange for the disposal, of records containing personal information when the records are no longer to be retained by:

  • Shredding,
  • Erasing, or
  • Modifying the personal information in those records to make it unreadable or undecipherable through any means

Directive

A. Directives for CEL Administrators Regarding Disposition of Equipment Containing Confidential, Sensitive or Personally Identifiable Data

Before transferring or disposing of equipment, CEL administrators must remove all confidential, sensitive or personal information from all equipment/media including computers, storage components, and removable storage equipment. This would include using a disk wipe utility or physical device (such as degausser) to fully erase confidential data prior to the disposal, or transfer of any equipment containing a hard drive, removable media, or any media with data storage capabilities.

B. Directives for CEL Administrators Regarding Storage of Program Data During Retention Period

CEL Administrators must ensure that all program operating records, including hard copies of CEL applications, that must be retained for a minimum of five years in accordance with EC, Section 33421 and 5 CCR, Section 18067 are stored in safe secure manner.

During the five year retention period, all program operating records with confidential information in paper form should be kept in a locked location, and all program operating records with confidential information in electronic form should only be accessible by authorized users. Preferably, any confidential information in electronic form should also be encrypted.  

C. Directives for CEL Administrators Regarding Destruction of Program Data Following Retention Period

CEL Administrators must destroy all program operating records, including hard copies of CEL applications after the five year retention period if no litigation, claim, or audit was started before the expiration of the five-year period.

If there was any litigation, claim or audit started before the expiration of the five-year period, the records shall be retained until all litigation, claims or audit findings involving the records have been resolved and final action taken in accordance with EC, Section 33421 and 5 CCR, Section 18067. After that the records should be confidentially destroyed.

D. Directives for Child Care and Development Direct Services Contractors

Any ELCD direct services contractor with hard copies of CEL applications must retain these records as stated in directive B above. After the required retention period, these records must be destroyed pursuant to directive C above.

For questions regarding:

  • Information security, please contact Mark Lourenco, Information Security Officer, Information Security and Privacy Office, Technology Services Division, by phone at 916-322-8334 or by e-mail at mlourenco@cde.ca.gov
  • Audits, please contact Verdette Parker, Senior Management Auditor, External Audits Office, Audits and Investigations Division, by phone at by e-mail at vparker@cde.ca.gov

This Management Bulletin is mandatory only to the extent that it cites a specific statutory and/or regulatory requirement. Any portion of this Management Bulletin that is not supported by a specific statutory and/or regulatory requirement is not prescriptive pursuant to California Education Code Section 33308.5.

Questions:   Early Learning and Care Division | 916-322-6233
Last Reviewed: Friday, January 24, 2025
Trending in Early Education
Recently Posted in Early Education
  • Continued Funding Application FAQs (added 13-Aug-2025)
    Answers to Frequently Asked Questions (FAQs) relating to the Continued Funding Application (CFA).
  • Data Reporting - Child Gender (added 07-Aug-2025)
    The Child Gender information field indicates whether the child receiving subsidized child care services through an agency’s contract with the Early Education Division (EED) is female, male, and non-binary.
  • Is this Provider License-Exempt? (added 06-Aug-2025)
    The ‘Is this Provider License-Exempt?’ field indicates whether the provider is license-exempt or if they hold an active license number.
  • Head-of-Household Zip Code (added 06-Aug-2025)
    The HoH Zip Code information field indicates the zip code of the residence of the HoH for the family receiving subsidized childcare services through an agency’s contract with the EED.
  • Child’s Eligibility (added 05-Aug-2025)
    801A data field “Child’s Eligibility” indicates the criteria in which a child is eligible for California State Preschool Program (CSPP) services, as specified in California Education Code (EC) Section 8208(d)(4).

  • Is Child Receiving Extended Learning and Care? (added 05-Aug-2025)
    The “Is Child Receiving Extended Learning and Care?” field applies to children in Transitional Kindergarten (TK) or Kindergarten (K) who also attend part-day California State Preschool Program (CSPP) during non-instructional hours.
  • Is Child Enrolled in a CDSS Program? (added 05-Aug-2025)
    The “Is Child Enrolled in a California Department of Social Services (CDSS) Program?” field shows if a child is also in a CDSS program while enrolled in California State Preschool Program (CSPP) with the California Department of Education (CDE).
  • Is Child Enrolled in a Head Start Program? (added 05-Aug-2025)
    The ‘Is Child Enrolled in a Head Start Program?’ field indicates whether the child is also enrolled in a Head Start program, in addition to being enrolled in California State Preschool Program (CSPP) with the California Department of Education (CDE).
  • Provider Address 1 (added 05-Aug-2025)
    New 801A data field “Provider Address 1” indicates the address where the provider offers California State Preschool Program (CSPP) services.
  • Provider Address 2 (added 05-Aug-2025)
    801A data field “Provider Address 2” indicates the secondary components of the address where the provider offers California State Preschool Program (CSPP) services.