May 9, 2003

 

Memo:          To the Mechanical Engineering Faculty, Students and Staff

Re:               The UCOP Electronic Communication Policy

From:           Paul Wright, Chair of the Computing Sub-Committee on Internet Policy

 

Dear Colleagues:

 

     About one month ago, Karl asked me, together with Panos Papadopoulos, Michael Frenklach, Dennis Lieu, and Rene Viray to review the University’s Electronic Communication Policy and then interpret it for the Mechanical Engineering Department.

 

     As I indicated in previous emails, this sub-committee is effectively a sub-committee of the main Departmental Committee on Computing of which Panos is Chair.

 

1. First here is the Website address that covers all relevant UCOP policies.

 

http://www.ucop.edu/ucophome/policies/ec/html/ecpattachment1.htm

 

2. We would have liked to have written a re-interpretation before the end of the semester. However, anything we write independent of the UCOP policy will have to be checked by a legal council, which as you know will take several months and incur Departmental costs.

 

3. Thus, as a compromise for some working guidelines over the summer, I/we draw some essential policy “nuggets” from this long-winded website above. This will hopefully focus many of today’s “corridor conversations.”

 

 

1. On Ownership  (Section III B Parag. 3)

              University electronic communications resources, systems and services are the property of The Regents of the University of California. These include all components of the electronic communications physical infrastructure and any electronic communications address, number, account, or other identifier associated with the University or any unit or sub-unit of the University or assigned by the University to individuals, units, sub-units, or functions.

      2. On Personal Use:  (Section III D, Item 8)

              University users of a University electronic communications facility or service may use that facility or service for incidental personal purposes provided that, in addition to the foregoing constraints and conditions, such use does not: (i) directly or indirectly interfere with the University's operation of electronic communications resources; (ii) interfere with the user’s employment or other obligations to the University, or (iii) burden the University with noticeable incremental costs. When noticeable incremental costs for personal use are incurred, users shall follow campus guidelines and procedures for reimbursement to the University.

       3. On Privacy and Confidentiality including Access without Consent, and Unavoidable Inspection:

        Section IV A Introduction

                 The University does not routinely inspect, monitor, or disclose electronic communications without the holder’s (as defined in Appendix A, Definitions) consent. Nonetheless, subject to the requirements for authorization, notification, and other conditions specified in this Policy, the University may deny access to its electronic communications services and may inspect, monitor, or disclose electronic communications under very limited circumstances as described in Sections III.E, Access Restriction, and IV.B, Access Without Consent.

     University policy (see Business and Finance Bulletin RMP-8) prohibits University employees and others from "seeking out, using, or disclosing" personal information without authorization, and requires employees to take necessary precautions to protect the confidentiality of personal information encountered in the performance of their duties or otherwise. This prohibition applies to electronic communications. In this Policy the terms "inspect, monitor, or disclose" are used within the meaning of "seek, use, or disclose" as defined in RMP-8.

Section IV B Access without Consent

                 The University shall only permit the inspection, monitoring, or disclosure of electronic communications records without the consent of the holder of such records: (i) when required by and consistent with law; (ii) when there is substantiated reason (as defined in Appendix A, Definitions) to believe that violations of law or of University policies listed in Appendix C, Policies Relating to Non-Consensual Access, have taken place; (iii) when there are compelling circumstances as defined in Appendix A, Definitions; or (iv) under time-dependent, critical operational circumstances as defined in Appendix A, Definitions.

               Except in emergency circumstances as defined in Appendix A, Definitions, and pursuant to Section IV.B.2, Emergency Circumstances, such actions must be authorized in advance and in writing by the responsible campus Vice Chancellor or, for the Office of the President, the Senior Vice President, Business and Finance (see Section II.D, Responsibilities). This authority may not be further redelegated.

          Section IV C Privacy Limits vs. Unavoidable Inspection

                 During the performance of their duties, personnel who operate and support electronic communications resources periodically need to monitor transmissions or observe certain transactional information to ensure the proper functioning and security of University electronic communications resources and services. On these and other occasions, systems personnel might observe the contents of electronic communications. Except as provided elsewhere in this Policy or by law, they are not permitted to seek out the contents or transactional information where not germane to the foregoing purposes, or disclose or otherwise use what they have observed.

                 Such unavoidable inspection of electronic communications is limited to the least invasive degree of inspection required to perform such duties. This exception does not exempt systems personnel from the prohibition (see Section IV.A, Introduction) against disclosure of personal and confidential information, except insofar as such disclosure equates with good faith attempts to route an otherwise undeliverable electronic communication to its intended recipients.

                 Except as provided above, systems personnel shall not intentionally search electronic communications records or transactional information for violations of law or policy. However, as required by Business and Finance Bulletin G-29, Procedures for Investigating Misuse of University Resources, they shall report violations discovered inadvertently in the course of their duties.