Privacy and Online Monitoring

Policy Statement

UC Berkeley recognizes privacy as a fundamental value of the University, key to human dignity and the academic and intellectual freedoms that further the University mission. Monitoring online activities may be essential to ensure the reliability of online services and to protect institutional information. Certain forms of monitoring may be necessary to comply with the law or to carry out other activities in support of the University’s mission. However, even monitoring undertaken for important objectives may enable surveillance that runs contrary to privacy interests of the University community.

To fulfill UC Berkeley’s commitment to transparency, the appropriate balancing of privacy with other campus obligations and priorities, and the UC Statement of Privacy Values and UC Privacy Principles:

1. Providers of UC Berkeley’s network and IT systems and services must develop, maintain, and openly publish meaningful notice of their monitoring practices. Meaningful notice requires proportionality to the level of privacy impact – more invasive monitoring practices warrant more conspicuous notice to those individuals being monitored.
2. Providers must promptly notify the Information Risk Governance Committee (IRGC) and the Senate Committee on Computing and Information Technology (CIT) of monitoring practices that meaningfully deviate from those already approved.
3. Units that wish to propose exceptions to this policy or associated procedures, or propose exceptions or changes to established campus monitoring norms, must engage with the IRGC and CIT in the privacy balancing process.

Scope of Policy

In Scope

This policy applies to monitoring practices made possible by virtue of UC Berkeley’s role as a provider of network services and information technology (IT) systems and services.

Monitoring practices may be conducted by, facilitated by, or performed at the direction of University personnel in units including but not limited to Information Security and Policy (ISP), Information Services & Technology (IST), application and service providers, or external suppliers/partners. For purposes of this policy, monitoring practices include but are not limited to data collection activities related to information security, data analytics, and device management.

Out-of-Scope

Service Operation

Collection and use of data strictly for purposes of operating the core and expected functionality of an online service are not monitoring practices for purposes of this policy.

(Examples: An email server must review incoming messages to identify recipients and place messages in the proper mailboxes. An online application for building maintenance requests must include collection and review of the requests people submit. These are both examples of core and expected functionality and are not monitoring practices. Collecting standard web logs, by contrast, is a monitoring practice. Collecting and using such information for web application troubleshooting or to identify information security incidents would be within campus norms but remains subject to this policy’s notice requirements. Collecting and using data about which employees viewed the campus jobs website falls outside of defined norms and would be a monitoring practice subject to the notice and balancing analysis requirements of this policy.)

Approved Human Subjects Research

Research approved by the Berkeley campus Committee for Protection of Human Subjects or Office for Protection of Human Subjects is exempt from this policy.

Jurisdiction with UC Electronic Communications Policy

The systemwide Electronic Communications Policy covers approvals for non-routine access to electronic communications.

This campus policy defines requirements for notice, analysis, review, and approval of routine monitoring practices. If monitoring involves electronic communications, the escalation process for non-routine use of monitoring data must meet the requirements of the systemwide Electronic Communications policy.

Why We Have This Policy

Privacy is an important value of the University

The University of California has declared¹ privacy -- of both autonomy and information -- an important value, and recognizes it as one of many values and obligations of the University. Among other things, privacy plays a role in upholding human dignity and sustaining a strong and vibrant society.

Autonomy privacy -- an individual’s ability to conduct activities without concern for observation -- underlies the academic and intellectual freedoms that further the mission of the University by allowing for individual autonomy, free inquiry, and the ability to speak and participate in discourse without intimidation.

Information privacy -- the appropriate protection, use, and dissemination of information about individuals -- recognizes an individual’s interest in controlling or significantly influencing the handling of information about him- or herself.

Framework for appropriately respecting privacy

In the context of ever more sophisticated cybersecurity threats, data analytics, and other surveillance technology, this policy aims to:

• Enable innovative use of data and technology in a secure and privacy-respecting manner.
• Prevent trust-eroding conflicts over secret surveillance and privacy-invasive monitoring.
• Create a sustainable framework to manage privacy risks and articulate why certain practices are acceptable or not.

Appendix A: “Why We Have This Policy” further describes the social context making this policy essential.

Procedures

The privacy balancing process associated with this policy defines established campus monitoring norms, minimum requirements for transparency, privacy balancing analysis factors, and the process for documenting approval of monitoring practices conducted on the campus network and IT systems and services.

Responsibilities

Units Conducting Monitoring

1. Develop, maintain, and openly publish meaningful notice to individuals being monitored. Meaningful notice requires proportionality to the level of privacy impact — more invasive monitoring practices warrant more notice to those individuals being monitored.

2. Promptly notify the Information Risk Governance Committee (IRGC) and Senate Committee on Computing and Information Technology (CIT) of monitoring practices that meaningfully deviate from those already approved.

3. When proposing exceptions to this policy or associated procedures, or proposing exceptions or changes to established campus monitoring norms, engage with the IRGC and CIT in the privacy balancing process.

Information Risk Governance Committee (IRGC)

1. Define procedures and guidance for carrying out the privacy balancing process.
2. Conduct the balancing process review for monitoring practices and approve or reject proposed practices.
3. Prioritize online monitoring practices for campus vetting.
4. Establish campus monitoring norms.

Campus Privacy Officer

1. Maintain the inventory of campus monitoring norms and approved exceptions.

2. Guide and support IRGC’s privacy balancing process activities.

3. Collect, review and respond to campus feedback on monitoring practices.

4. Provide notification and feedback regarding the outcomes of the privacy balancing process to affected units.

Chief Information Security Officer

Guide and support IRGC’s balancing process activities.

Campus Information Security and Privacy Committee (CISPC)

Provide consultation to IRGC and the Campus Privacy Officer regarding monitoring practices and the privacy balancing process.

Academic Senate Committee on Computing and Information Technology (CIT)

Provide consultation to IRGC regarding monitoring practices, monitoring proposal feedback received from campus, and the privacy balancing process.

Glossary

• Autonomy Privacy: An individual’s ability to conduct activities without concern for observation. Autonomy Privacy is an underpinning of academic freedom and is related to concepts such as anonymity, the monitoring of behavior, and the First Amendment’s freedom of association; for example, by identifying with whom an individual corresponds or by building a profile of an individual through data mining. Autonomy privacy also encompasses records created by the individual such as research data, working drafts of research findings, and communications of ideas or opinions. Autonomy privacy includes non-electronic observation of individuals.

• Information Privacy: The appropriate protection, use, and dissemination of information about individuals. Information privacy addresses an individual’s interest in controlling or significantly influencing the handling of information about him- or herself, whether said information is an academic, medical, financial, or other record.

• Monitoring Practices: The broad set of electronic actions that observe, track, intercept, disclose, process, store, or collect information about activities or states occurring on technology devices when the observation/data collection is or can be associated with personal information or the behavior, activities, or transactions of individuals.

• Privacy Balancing Process: The analysis and approval process (collectively, “privacy balancing process”) is the deliberate evaluation of what, and how, monitoring data may be collected, reviewed, used, and retained. It includes the minimum requirements for policy-making and

  decision-making when competing privacy and security interests, University values, or obligations exist. General requirements for the balancing process are outlined in the UC Privacy and Information Security Report. UC Berkeley’s specific requirements for the balancing process are defined in this policy and the associated Privacy and Online Monitoring Procedures.

Related Documents and Policies

Procedures

Privacy and Online Monitoring Procedures

Guiding Documents

This policy implements UC Berkeley’s interpretation of the following guiding documents in regard to monitoring practices: