| Responsible Office | Information Security Office |
|---|---|
| Contact | itpolicy@berkeley.edu |
Policy Summary
The California Information Practices Act (Civil Code section 1798.29 and following) requires state agencies, including the University of California, to disclose any security breach of a computerized system containing unencrypted personal information to any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Campus departments are urged to reduce to the least amount necessary the collection, distribution, and retention of personally identifying electronic data if these data are not critical to business needs.