Cal 1 Card Policy

Policy Statement 

The Cal 1 Card – UC Berkeley's official photo ID card – was designed to provide a standardized and secure medium via which active members of the campus community identify their affiliation and their respective eligibility for access to applicable campus services, benefits, and facilities. Use of the Cal 1 Card, its data elements, and all associated card technologies – including all hardware and software leveraging or interfacing with said technologies – must be pre-approved by the Cal 1 Card Program, Campus Facility Services, the Office of the Registrar, and/or Berkeley People & Culture as applicable.

Scope of Policy

This policy applies to all eligible cardholder cohorts, all university departments, and any external entities authorized to conduct business using the Cal 1 Card. Cardholders must also adhere to additional applicable requirements as listed in the Cal 1 Card Terms and Conditions.

Why We Have This Policy

The purpose of this policy is to define standards governing the use of the Cal 1 Card and establish the University’s unequivocal sole purview over said standards. This policy requires all card readers / scanners and any other associated technology leveraging or interfacing with the Cal 1 Card be pre-approved by the Cal 1 Card Program Office, Campus Facilities Services (for building access), the Office of the Registrar (for student data), and/or Berkeley People & Culture (for employee / affiliate data) so as to ensure compliance with privacy, security, and other applicable campus policies.

Procedures

Data privacy and Access Requirements

The University protects personally identifiable information. With the exception of the provision of location and transactional data needed for student purchases to relevant commercial partners, no personally identifiable information will be released outside of the University, unless in response to a legal request (e.g. subpoena) in compliance with campus policy. Authorized use and management of cardholder data fall under the purview of the Office of the Registrar (for student records) and/or Berkeley People & Culture (for employee and affiliate records). 

University of California Office of the President (UCOP) Privacy of and Access to Information Responsibilities policy establishes system wide processes for safeguarding personally identifiable information in Administrative Records. Federal Family Educational Rights and Privacy Act (FERPA), various state laws, and UC Berkeley’s Policy on Disclosure of Information from Student Records govern the management and disclosure of student records.

The Minimum Security Standards for Electronic Information (MSSEI) provides baseline data protection profiles for UC Berkeley campus data.

Data Elements

The Cal 1 Card contains the following data elements:

• Legal or Lived/Preferred Name
• Student or UCPath ID Number
• Affiliation Letter Designation
• Affiliation Type
• Barcode
• Encoded Mag Stripe
• Unique manufacturer data

Card Eligibility and Possession

The Cal 1 Card system receives student data from the Student Information Systems (SIS) database and employee and affiliate data from the UCPath database.  Individuals in eligible cardholder cohorts must have an active record in at least one of the databases in order to receive a Cal 1 Card.  Eligible cardholders may only have one Cal 1 Card of the same affiliation type (e.g. Undergraduate, Graduate, Faculty, Staff, etc.) in their possession.

The Cal 1 Card is non-transferable and only the rightful cardholder may use it. Cal 1 Cards found to be in the possession of anyone other than the rightful cardholder are subject to confiscation by authorized personnel and those found with someone else’s Cal 1 Card may be subject to additional disciplinary action(s).

Lost cards that are found by anyone other than the eligible cardholder should be returned to the Cal 1 Card Office. Eligible cardholders who find or regain custody of a lost card after the issuance of a replacement card should return the inactive card to the Cal 1 Card Office. Cal 1 Card Office staff will retain custody of lost and inactive cards for future reactivation as requested/needed by the eligible cardholder for as long as the student remains registered or the employee or affiliate maintains an active appointment. Cal 1 Card Office staff will periodically purge/securely destroy lost and inactive cards after the corresponding cardholder no longer has an active status.

Unauthorized use, alteration, forgery, or duplication of a Cal 1 Card and/or the associated technology is strictly prohibited and may result in confiscation of the Cal 1 Card by authorized personnel as well as possible disciplinary action(s). Cal 1 Cards confiscated outside of the Cal 1 Card office must be returned to the Cal 1 Card office and the violation details must be reported to Cal 1 Card Office staff for further assessment and possible escalation to the Center for Student Conduct (for students), the Academic Personnel Office (for faculty), or People & Culture (for other employees/affiliates). Additional disciplinary and/or legal action(s) may be pursued at the discretion of the University.

Personnel authorized to confiscate a Cal 1 Card used in violation of the aforementioned requirements:

• Cal 1 Card Office employees
• UCPD employees
• Facilities Services employees
• Departmental managers or the supervisor of the cardholder
• Employees at any campus service provider location that uses the Cal 1 Card to verify eligibility for the provision of services or privileges (e.g. Library, Rec Sports, Cal Dining)
• Employees at any merchant location that accepts Cal 1 Card debit as a payment method (full list: https://cal1card.berkeley.edu/info-for-merchants/cal-1-card-merchants/)

 Campus departments or organizations that have internal “lost and found” locations/procedures shall deliver cards turned into their custody to the Cal 1 Card Office as soon as possible.

Card Production and Issuance

Authorized Cal 1 Card staff print all Cal 1 Cards.  Individuals in eligible cardholder cohorts obtain their cards either at the Cal 1 Card Office from Cal 1 Card Office staff or at authorized remote issuance locations by authorized departmental representatives who act as proxies for Cal 1 Card Office staff, ensuring compliance with applicable identity verification requirements.

Card Display and Use

The Cal 1 Card is the property of the University of California, Berkeley. All eligible cardholders are advised to carry their Cal 1 Card while on campus and present it as required for identity verification purposes and confirmation of access eligibility. Failure to present a Cal 1 Card may result in the inability to access campus buildings, events, services, and associated privileges. 

Departmental units making use of the Cal 1 Card for identity verification and confirmation of eligibility for access to campus spaces or services shall do so in a manner consistent with the campus Principles of Community. Campus representatives should not use Cal 1 Cards to arbitrarily monitor or restrict access to campus spaces or services in any way that perpetuates discriminatory behavior. 

If/when possible, campus representatives should avoid taking custody of a Cal 1 Card as collateral for checking out equipment, materials, or room reservations. Eligible cardholders may refuse to relinquish their Cal 1 Card for use as collateral.  

Cardholders are only required to display, provide, reveal, or present their Cal 1 Card for the following purposes:

• To access services or benefits requiring eligibility verification via the Cal 1 Card
• To gain authorized entry into and/or to remain within University areas, buildings, rooms, or other facilities subject to permanent or temporary access restrictions
• To receive, activate, or operate University vehicles, equipment, or systems subject to permanent or temporary use restrictions
• To verify University affiliation (i.e. student, employee, affiliate), access authorization, and/or eligibility for services or benefits when other methods of verification are not readily available due to malfunction, emergency conditions, unusual limitations, or other exigent circumstances

Campus departments or organizations needing to scan or read or otherwise use the technologies or data associated with the Cal 1 Card must initiate the request for pre-approval by completing and submitting the Cal 1 Card Data Access Request Form. If/when access to data is made available via API Central, the corresponding authorization requirements will take precedence.

This policy does not prohibit or restrict lawful investigations conducted by authorized law enforcement personnel. 

Mobile ID

A fully functional Mobile ID capability in lieu of a physical Cal 1 Card photo ID is a desired long-term objective.  In the near-term, very limited mobile ID capabilities may be made available via integrations allowing the digital display of Cal 1 Card artwork, the cardholder ID number, and the eligible cardholder’s Cal 1 Card photo. At their sole discretion, campus service providers may leverage this for basic identity verification purposes when an eligible cardholder has lost possession of their Cal 1 Card and has not been able to obtain a replacement card. Policies around eligibility for access or services via these basic mobile ID capabilities will also be at the sole discretion of the campus service provider. Additional Mobile ID capabilities will be implemented as part of a strategic and iterative approach developed in consultation with applicable stakeholder groups/departments.

Lived or Preferred Name

Individuals in eligible cardholder cohorts may self-select a lived or preferred name via either the Student Information Systems database (students) or the UCPath database (employees and affiliates) and must do so in compliance with applicable system requirements.  The Cal 1 Card system will receive both the legal and lived or preferred names but the Cal 1 Card photo ID will display only the lived or preferred name. 

Separation from University and Invalidation of the Cal 1 Card

The Cal 1 Card system will reflect an inactive status for employees and affiliates the day after the UCPath appointment end-date. Upon separation, the manager, supervisor, or designated departmental representative should take custody of the Cal 1 Card, generally as part of the completion of a separation checklist. Confiscated Cal 1 Cards may be securely destroyed by the department or returned to the Cal 1 Card Office for secure destruction.

The following circumstances may require that the manager, supervisor, or departmental representative allow the cardholder to retain possession of the Cal 1 Card after separation:

• seasonal or partial-year employee likely to return for a future appointment in the same department
• employee or affiliate with a Cal 1 Card debit balance on their account   
• faculty member who transitions to an emeriti appointment in UCPath upon retirement 

The Cal 1 Card system will reflect an inactive status for students the day after the SIS database no longer reflects an active registration status for the current or following academic term.  Students do not need to surrender their Cal 1 Card solely because of an inactive status. 

Designated departmental access control representatives must notify Facilities Services separately to request the removal of corresponding building access privileges for inactive individuals as well as for cardholders who may still have an active status on campus but are no longer eligible for specific access privileges.

Cal 1 Card Reader Equipment Requirements

Procurement, configuration, and use of any hardware or software leveraging or interfacing with Cal 1 Card technology must be pre-approved by the Cal 1 Card Program Office and/or Campus Facilities Services.

Campus Facilities Services has purview over approvals for any access control hardware, functions, and security alarm applications per the Campus Access Control Policy. 

Requests to install readers for other services (e.g. printing, equipment check-out, event admission, attendance tracking, etc.) or to access Cal 1 Card data must be initiated via submission of the Cal 1 Card Data Access Request Form. Unauthorized deployment of hardware or software leveraging or interfacing with Cal 1 Card technology may result in additional costs incurred by the department due to technological incompatibility. 

Reporting Violations of this Policy

Policy violations should be reported immediately via an email to cal1card@berkeley.edu.

Responsibilities

• The Cal 1 Card Office will manage authorization requests for use not associated with building access and communicate the final decision once the assessment is complete. If approved, the Cal 1 Card Office will provide installation guidelines and procedures, best practices for use of sensitive data, and referral to other departments as applicable.
• Facilities Services will manage authorization requests for the installation of all campus access control hardware and security alarm systems that utilize Cal 1 Card technology, and provide direct management and/or oversight of access control privileges and records, in partnership with campus departments employing such systems.
• Eligible cardholders are to use the Cal 1 Card responsibly and in accordance with the stipulations described in this policy.

Consequences of Policy Violations 

Policy violations should be reported via an email to cal1card@berkeley.edu. Cal 1 Card program representatives will investigate the nature of the reported violation(s) and consult with other departments as needed for further assessment, escalation, and/or disciplinary action(s). Disciplinary action(s) will be undertaken by the appropriate departments or offices who will do so in accordance with applicable campus policies and other statutory requirements.

Glossary

• Student(s) - Refers to individuals with an active enrollment status in UC Berkeley’s SIS and includes degree-seeking undergraduate and graduate students or cross-enrolled / concurrently enrolled visiting students.
• Employee(s) - Refers to individuals with active employee appointments in UCPath.
• Affiliate(s) - Refers to individuals with an active non-employee appointment in UCPath.
• Eligible cardholder(s) - Registered students and active employees and affiliates.
• Card technologies - Refers to the various technologies available on the Cal 1 Card that can be scanned or read to deliver cardholder data (e.g. RFID Prox, Mag stripe, Bar code).

Related Documents and Policies

• UCOP Privacy of and Access to Information Responsibilities
• The Family Educational Rights and Privacy Act (FERPA)
• Disclosure of Information from Student Records
• Minimum Security Standards for Electronic Information (MSSEI)
• Campus Access Control Policy
• UC Policy on Gender Recognition and Lived Name
• The Clipper Card
• Cal Dining Terms & Conditions
• HR Separation Policy Checklist
• Cal 1 Card Data Access Request Form