Privacy & Security

What am I responsible for as a user?

As a user of campus electronic information resources, you must become knowledgeable about relevant security requirements and guidelines and protect the resources under your control, especially sensitive data (such as passwords and confidential information). You are also responsible for familiarizing yourself with and complying with all university policies, procedures, and standards relating to information security.

How private are my electronic communications?

Personnel with privileged access, such as system administrators, network administrators, and staff performing computing account administration, have special privileges over a computing network that give them access to some of your files and electronic communications. In the course of performing their duties, systems personnel might observe the contents of these files.

If a systems administrator needs to access your data, good-faith efforts will be used to obtain your consent before accessing your files. In either case, you will be notified at the earliest possible opportunity consistent with law and other university policy of the action(s) taken and the reasons for the action(s) taken. Except as provided elsewhere in this policy or by law, systems personnel are not permitted to seek out the contents or transactional information where not germane to the foregoing purposes, or disclose or otherwise use what they have observed.

The university only permits the inspection, monitoring, or disclosure of electronic communications records without the consent of the holder for the following records: when required by and consistent with the law, when there is substantial reason to believe that violations of law or university policies have taken place, when there are compelling circumstances, or under time-dependent, critical operation circumstances. Time-dependent, critical operational circumstances are circumstances in which failure to act could seriously hamper the ability of the university to function administratively or to meet its teaching obligations, but excluding circumstances pertaining to personal or professional activities, or to faculty research or matters of shared governance.

Are my electronic communications monitored?

Several campus systems do automatically monitor, collect, and analyze data that pass through the campus network for various management purposes, but this data and the activities associated with specific individuals or computers are not routinely monitored. The university does not routinely inspect, monitor, or disclose electronic communications without the holder's consent. The university respects the privacy of electronic communications in the same way that it respects the privacy of paper correspondence and telephone conversations.

The purpose of campus's monitoring and data collection is to manage the campus network activity as a whole and ensure that bandwidth is available for academic, research, and administrative uses. In the process, administrators identify anomalies in traffic, such as spikes in usage, and follow up as appropriate. University of California does not monitor its networks for the purpose of discovering illegal activity. However, it pursues a set of ongoing initiatives to ensure that copyright, particularly as it applies to digital assets, is respected within the university community.