The Privacy and Online Monitoring Policy was approved by the Information Risk Governance Committee (IRGC) on May 1, 2017 after an extended campus comment period. The new policy has an effective date of July 1, 2018 to allow time for definition of Campus Monitoring Norms and procedures, outreach, and implementation by monitoring units.
UC Berkeley recognizes privacy as a fundamental value of the University, key to human dignity and the academic and intellectual freedoms that help further the University mission. Monitoring online activities may be essential to ensure the reliability of online services and to protect institutional information. Certain forms of monitoring may be necessary to comply with the law or to carry out other activities in support of the University’s mission. However, even monitoring undertaken for important objectives may enable precisely the sort of surveillance that runs contrary to autonomy privacy interests of the University community.
The UC Electronic Communication Policy (ECP) affirms that the University does not examine or disclose electronic communications records without the holder's consent — except under very limited circumstances and with high level approval — and also allows access for system support (IV.C.2.b) and routine security monitoring practices (V.B.).
To create a sustainable framework to define which monitoring practices are acceptable or not, the IRGC developed the Privacy and Online Monitoring Policy to formalize long-standing practices for balancing the value and drawbacks of online monitoring, and to define campus governance of network monitoring practices.
In the context of ever more sophisticated cybersecurity threats, data analytics, and other surveillance technology, this policy aims to:
- Enable innovative use of data and technology in a secure and privacy-respecting manner.
- Prevent trust-eroding standoffs over secret surveillance and privacy-invasive monitoring.
- Create a sustainable framework to manage privacy risks and articulate why certain practices are acceptable or not.
The Privacy and Online Monitoring Policy requires that units conducting online monitoring:
- Publish meaningful notice of their monitoring practices.
- Notify the Information Risk Governance Committee (IRGC) of monitoring practices that deviate from those already approved.
- Engage with the IRGC to conduct a Balancing Analysis for monitoring practices that deviate from Campus Monitoring Norms.
Privacy and Online Monitoring Policy - approved by IRGC May 1, 2017
Procedures for Privacy and Online Monitoring - under development
Campus Monitoring Norms - under development
Presentation on Policy and Balancing Analysis:
Additional online monitoring resources:
- UCB Transparency Report / UCB's bConnected Transparency Report
- UC systemwide coordinated monitoring
- UC systemwide cybersecurity intiative
- UC Privacy and Information Security Initiative: Privacy Values
- Information Security and Policy Monitoring Practices Inventory
Feedback is welcome and may be submitted to firstname.lastname@example.org.