Online Monitoring

The Privacy and Online Monitoring Policy was approved by the Information Risk Governance Committee (IRGC) on May 1, 2017 after an extended campus comment period. The new policy has an effective date of July 1, 2018 to allow time for definition of Campus Monitoring Norms and procedures, outreach, and implementation by monitoring units.

UC Berkeley recognizes privacy as a fundamental value of the University, key to human dignity and the academic and intellectual freedoms that help further the University mission. Monitoring online activities may be essential to ensure the reliability of online services and to protect institutional information. Certain forms of monitoring may be necessary to comply with the law or to carry out other activities in support of the University’s mission. However, even monitoring undertaken for important objectives may enable precisely the sort of surveillance that runs contrary to autonomy privacy interests of the University community.

The UC Electronic Communication Policy (ECP) affirms that the University does not examine or disclose electronic communications records without the holder's consent — except under very limited circumstances and with high level approval — and also allows access for system support (IV.C.2.b) and routine security monitoring practices (V.B.).  

To create a sustainable framework to define which monitoring practices are acceptable or not, the IRGC developed thePrivacy and Online Monitoring Policy to formalize long-standing practices for balancing the value and drawbacks of online monitoring, and to define campus governance of network monitoring practices. 

In the context of ever more sophisticated cybersecurity threats, data analytics, and other surveillance technology, this policy aims to:

  • Enable innovative use of data and technology in a secure and privacy-respecting manner.
  • Prevent trust-eroding standoffs over secret surveillance and privacy-invasive monitoring.
  • Create a sustainable framework to manage privacy risks and articulate why certain practices are acceptable or not.

The Privacy and Online Monitoring Policy requires that units conducting online monitoring:

  1. Publish meaningful notice of their monitoring practices.
  2. Notify the Information Risk Governance Committee (IRGC) of monitoring practices that deviate from those already approved.
  3. Engage with the IRGC to conduct a Balancing Analysis for monitoring practices that deviate from Campus Monitoring Norms.

Approved Policy

Privacy and Online Monitoring Policy - approved by IRGC May 1, 2017

Working Drafts

Procedures for Privacy and Online Monitoring - under development

Campus Monitoring Norms - under development

Templates:

thumbnail of monitoring practices inventory template Monitoring Practices Inventory Template

thumbnail of privacy balancing analysis template Balancing Analysis Template

Presentation on Policy and Balancing Analysis:

What Happens When Cool is Creepy presentation slides thumbnail -- split screen of teenage boy with drone and teenage girl lounging in backyard

Additional online monitoring resources:

Feedback is welcome and may be submitted to privacyoffice@berkeley.edu.