 |
|||||||||||||||
 |
|||||||||||||||
 |
|||||||||||||||
|
July 1, 1992
I. REFERENCES
A. Federal Statutes
Federal Family Educational Rights and Privacy Act of 1974, dated July
17, 1976 (20 U.S.C. Section 1232g)
Federal Privacy Act of 1974 - Public Law 93-579 (5 U.S.C. 552a)
B. State of California Statutes
State of California Education Code, Section 67100 et seq.
State of California Information Practices Act of 1977 (Civil Code
Section 1798 et seq.)
State of California Public Records Act (Gov. Code Section 6250 et
seq.)
C. University Policies
Business and Finance Bulletin:
RMP-7, "Privacy of and Access to Information Responsibilities,"
dated November 1, 1985.
Policies Applying to Campus Activities, Organizations, and Students:
Part B, Section 10.00, "University of California Policies Applying
to the Disclosure of Information from Student Records," dated
October 31, 1983.
University of California Academic Personnel Manual:
Section 158, Academic Personnel Records/Rights of Academic
Appointees, Including Rights Regarding Records, dated July 5, 1984.
Section 160, Academic Personnel Records/Maintenance of, Access to,
and Opportunity to Request Amendment of, dated December 1, 1986.
University of California Administrative and Professional Staff
Program Personnel Policies:
Policy 160, Privacy of and Access to Records, dated December 1,
1990.
University of California Executive Program Personnel Policies:
Policy 20, Executive Program Personnel Records, dated July 1, 1986.
University of California Management and Professional Program Personnel
Policies:
Policy 60, Personnel Records, dated December 1, 1990.
University of California Staff Personnel Manual:
Staff Personnel Policy 605, Staff Personnel Records, dated
December 1, 1990.
II. INTRODUCTION
On June 9, 1978, President Saxon advised the Chancellors, Laboratory
Directors, and members of the Expanded President's Administrative
Council of the passage of the State of California Information Practices
Act, and the need for the University to review policies and procedures
regarding privacy of and access to records. As the first step in the
review, he enclosed a statement describing legal requirements under
pertinent State and Federal laws.
Since 1978, there have been changes in the various laws and in
University administrative policy and procedures resulting from practical
application of these laws. This Bulletin therefore supersedes the
Presidential letter and separately issues legal requirements on privacy
of and access to information. The provisions of these laws as applicable
to the university are the minimum requirements for developing University
policies and procedures, and for dealing with the right of public access
to information and the right of privacy of individuals. Other Business
and Finance Bulletins in the RMP series deal with responsibilities and
specific subjects related to privacy of and access to information.
III. FEDERAL PRIVACY ACT OF 1974
The Federal Privacy Act is primarily directed to Federal agencies for
the purpose of protecting the privacy of individuals identified in
information systems maintained by such Federal agencies. Except with
respect to social security numbers, the Act applies to the University
only in the few instances when a contract (not a grant) is entered into
obligating the University to operate a system of records on behalf of a
Federal agency in order to accomplish a Federal agency function.
"System of records" includes any group of records from which
information is retrievable by name of an individual or some
identifying number, symbol, or other identifying particular assigned
to the individual.
Regarding use of social security number, the Federal Privacy Act does
pertain to the University. Section 7(b) of the Act is applicable to any
Federal, State, or local governmental agency. In accordance with
Section 7(b), if the University requests an individual to disclose his
or her social security number, it must inform that individual whether
such disclosure is mandatory or voluntary, by what statutory or other
authority the number is solicited, and what uses will be made of it.
Furthermore, the University may not deny any individual any right,
benefit, or privilege provided by law because of such individual's
refusal to disclose his or her social security number unless, (a) the
disclosure is required by Federal statute, or (b) the disclosure is
required in relation to a system of records maintained by the University
in existence and operating before January 1, 1975, and if such
disclosure was required by statute or regulation adopted prior to that
date to verify the identity of an individual. (Sample Federal Privacy
Notices are attached as Exhibit A.)
IV. FEDERAL FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT OF 1974, DATED
JULY 17, 1976 (Buckley Amendments)
This Federal law pertains to student records. See: Policies Applying to
Campus Activities, organizations, and Students, Part B, Section 10.00,
"University of California Policies Applying to the Disclosure of
Information from Student Records," dated October 31, 1983.
V. STATE OF CALIFORNIA EDUCATION CODE
This State law pertains to student records. See: Policies Applying to
Campus Activities, Organization, and Students, Part B, Section 10.00,
"University of California Policies Applying to the Disclosure of
Information from Student Records," dated October 31, 1983.
NOTE: "Student records" are those records which pertain to students
directly in their capacity as students. Such records include, but are
not limited to, academic evaluations, transcripts, test scores and other
academic records, disciplinary records, and financial aid records.
Records which are maintained for purposes unrelated to a student's
status as a student, such as medical, psychological, or employment
records, are not considered to be student records, nor are records of
applicants who have not enrolled in any academic program of the
University. Once applicants become students, however, their admissions
records become student records. Those records which do not fall within
the definition of student records are governed by the California
Information Practices Act and the California Public Records Act. (See
Sections VI. and VII.)
VI. CALIFORNIA PUBLIC RECORDS ACT (Government Code Section 6250 et seq.)
Privacy of and Access to University Public Records
The California Public Records Act declares that access to information
concerning the conduct of the people's business is a fundamental and
necessary right of every person in the State, that public records are
open to inspection at all times during regular office hours, and are
subject to inspection and copying by every person except as provided in
the Act.
The numbers in the margin of this section reference the applicable
Government Code section.
A. Definitions
6252 1. The term "person" includes any natural person, corporation,
partnership, firm, or association.
2. The term "public records" includes any writing containing
information relating to the conduct of the public's business
prepared, owned, used, or retained by any State or local agency
regardless of physical form or characteristics.
3. The term "writing" means handwriting, typewriting, printing,
photostating, photographing, and every other means of recording
upon any form of communication or representation, including
letters, words, pictures or sounds, or symbols, or combination
thereof, and all papers, maps, magnetic or paper tapes,
photographic films and prints, magnetic or punched cards, discs,
drums, and other documents.
B. Access to Public Records
6253 1. Times when Records are Open to Inspection
Public records are open to inspection at all times during the
office hours of the University and every person has a right to
inspect any public records, except as hereafter provided.
Regulations may be adopted stating the procedures to be
followed when making records available.
6256 2. Right to Copy of Public Records: Time Limits
Any person may receive a copy of any identifiable public record
or copy thereof. The University is required to determine within
10 days after receipt of a records request whether or not to
comply with the request and to notify the person making the
request of such determination and the reasons therefor. In
unusual circumstances, as specified below, the time limit may be
extended by written notice to the person making the request.
The notice will set forth the reasons for the extension and the
date on which a determination is expected to be dispatched. No
notice shall specify a date that would result in an extension
for more than 10 working days. "Unusual circumstances, means:
6256.1 a. The need to search for and collect the requested records from
field facilities or other establishments that are separate
from the office processing the request.
b. The need to search for, collect, and appropriately examine a
voluminous amount of separate and distinct records which are
demanded in a single request.
c. The need for consultation, which shall be conducted with all
practicable speed, among two or more components of the
University having substantial subject matter interest
therein.
6256.2 3. Denial of Request for Records
Any notification of denial of any request for records shall set
forth the names and titles of positions of each person
responsible for the denial.
6257 4. Fees for Copies
A fee may be charged for copies of records, or information
produced therefrom, covering the direct costs of duplication.
(See also Section VII.M. for fees for copies under the
Information Practices Act.)
C. Records Exempt from Disclosure Requirements
6254 The University is not required to disclose the following types of
records:
6254 (a) 1. Preliminary drafts, notes, or inter-agency or
intra-University memoranda which are not retained by the
University in the ordinary course of business, provided that the
public interest in withholding those records clearly outweighs
the public interest in disclosure.
6254 (b) 2. Records pertaining to pending litigation to which the
University is a party, until the pending litigation has been
finally adjudicated or otherwise settled.
6254 (c) 3. Personnel, medical, or similar files, the disclosure of
which would constitute an unwarranted invasion of personal
privacy.
6254 (e) 4. Geological and geophysical data, plant production data, and
similar information relating to utility systems development, or
market or crop reports, which are obtained in confidence from any
person.
6254 (f) 5. Records of complaints to, or investigations conducted by the
University Police Departments or other agencies for correctional or
law enforcement purposes, except that certain information
regarding individuals who have been arrested and regarding
specified information in complaints received by law enforcement
entities are to be released. The local Information Practices
Coordinator should be consulted about release of this
information.
6254 (g) 6. Test questions, scoring keys, and other examination data
used to administer an examination for employment or an academic
examination.
6254 (h) 7. The contents of real estate appraisals or engineering or
feasibility estimates and evaluations relative to the
acquisition of property, or to prospective public supply and
construction contracts, until all of the property has been
acquired or all of the contract agreement obtained.
6254 (j) 8. Library circulation records kept for the purpose of
identifying the borrower of items available in libraries, and
library and museum materials made or acquired and presented
solely for reference or exhibition purposes. This exemption
does not apply to records of fines imposed on the borrowers.
6254 (k) 9. Records the disclosure of which is exempted or prohibited
pursuant to provisions of Federal or State law, including, but
not limited to provisions of the Evidence Code relating to
privilege such as the physician-patient or lawyer-client
privilege.
6254 (p) 10. University records related to activities governed by the
Higher Education Employee-Employer Relations Act (HEERA) which
reveal the University's deliberative processes, impressions,
evaluations, opinions, recommendations, meeting minutes,
research, work products, theories, or strategy, or which
provide instruction, advice, or training to employees who do
not have full collective bargaining and representation rights
under HEERA. Nothing in this subdivision shall be construed to
limit the disclosure duties of the University with respect to
any other records relating to the activities governed by the
employee relations acts.
6254 (q) 11. University records related to activities governed by
Articles 2.6 (commencing with Section 14081), 2.8 (commencing
with Section 14087.5), and 2.91 (commencing with Section 14089)
of Chapter 7 of Part 3 of Division 9 of the Welfare and
Institutions Code, which reveal the special negotiator's
deliberative processes, discussions, communications, or any
other portion of the negotiations with providers of health care
services, impressions, opinions, recommendations, meeting
minutes, research, work product, theories, or strategy, or
which provide instruction, advice, or training to employees.
Except for the portion of a contract containing the rates of
payment, contracts for inpatient services entered into pursuant
to these articles on or after April 1, 1984, shall be open to
inspection one year after they are fully executed. In the
event that a contract for inpatient services which is entered
into prior to April 1, 1984, is amended on or after April 1,
1984, the amendment, except for any portion containing the
rates of payment, shall be open to inspection one year after it
is fully executed. If the California Medical Assistance
commission enters into contracts with health care providers for
other than inpatient hospital services, those contracts shall
be open to inspection one year after they are fully executed.
Three years after a contract or amendment is open to inspection
under this subdivision, the portion of the contract or
amendment containing the rates of payment shall be open to
inspection.
Notwithstanding any other provision of law, the entire contract
or amendment shall be open to inspection by the Joint
Legislative Audit Committee. The Joint Legislative Audit
Committee shall maintain the confidentiality of the contracts
and amendments until such time as a contract or amendment is
fully open to inspection by the public.
6254 (r) 12. Records of Native American graves, cemeteries, and sacred
places maintained by the Native American Heritage Commission.
6254 (s) 13. A final accreditation report of the Joint Commission on
Accreditation of Hospitals which has been transmitted to the
State Department of Health Services pursuant to subdivision (b)
of Section 1282 of the Health and Safety Code, related to
contracts for outside inspection services.
6255 14. In addition to the types of records listed above, the
University may withhold any records for which it can be
demonstrated that the public interest served by not making the
records public clearly, not minimally, outweighs the public
interest served by disclosure of the record. The interest of
the public and not just the interest of the University is to be
considered.
6254 NOTE: Although the statutory exemptions from disclosure allow the
University to deny disclosure, they do not require non-disclosure.
Nothing in this section is to be construed as preventing disclosure
of records concerning the administration of the University,
unless disclosure is otherwise expressly prohibited by law.
6254.5 Whenever the University discloses a public record which is
otherwise exempt from disclosure requirements as outlined above in
numbers 1 - 13 to any member of the public, this disclosure shall
constitute a waiver of the pertinent exemption. Once a record
otherwise exempt from disclosure has been disclosed to a member of
the public that exemption cannot be claimed regarding that public
record when requested by another member of the public at a later
date. This Section, however, shall not apply to disclosures:
6254.5 (a) Made pursuant to the Information Practices Act or discovery
proceedings.
6254.5 (b) Made through other legal proceedings.
6254.5 (c) Within the scope of disclosure of a statute which limits
disclosure of specified writings to certain purposes.
6254.5 (e) Made to any governmental agency which agrees to treat the
disclosed material as confidential. Only persons authorized in
writing by the person in charge of the agency shall be permitted
to obtain the information. Any information obtained by the
agency shall be used only for purposes which are consistent with
existing law.
D. Confidentiality of University Employee Home Address and Telephone
Numbers
6254.3 1. The home addresses and home telephone numbers of University
employees shall not be deemed to be public records and shall not
be open to public inspection, except that disclosure may be made
as follows:
a. To an agent or a family member of the individual to whom the
information pertains.
b. To an officer or employee of another State agency when
necessary for the performance of its official duties.
c. To an employee organization pursuant to regulations adopted
by the Public Employment Relations Board, except that the
home addresses and home telephone numbers of University
employees performing law enforcement related functions shall
not be disclosed.
d. To an agent or employee of a health benefit plan providing
health services or administering claims for health services
to University employees and their enrolled dependents, for
the purpose of providing the health services or
administering claims for employees and their enrolled
dependents.
2. Upon written request of any employee, the University shall not
disclose the employee's home address or home telephone number to
an employee organization and shall remove the employee's home
address and home telephone number from any mailing list
maintained by the University, except if the list is used
exclusively by the University to contact the employee.
E. Public Employment Contracts
6254.8 Every employment contract between the University and any employee
is a public record which is not subject to the provisions of Sections
6254 and 6255, i.e., is not exempt from disclosure requirements and
may not be withheld on the grounds that the public interest is best
served by non-disclosure.
6254.9 F. Computer Software
Computer software developed by the University is not itself a public
record. The University may sell, lease, or license the software for
commercial or noncommercial use. "Computer software, includes
computer mapping systems, computer programs, and computer graphics
systems. However, the public record status of information is not
affected merely because it is stored in a computer-such information
shall be disclosed. This section is not intended to limit any
copyright protections.
G. Civil Rights & Remedies
6258 1. Any person may institute proceedings for injunctive or
declarative relief in any court of competent jurisdiction to
enforce his or her right to inspect or to receive a copy of any
public records or class of public records.
6259 (a) 2. Whenever it is made to appear, by verified petition to the
superior court of the county where the records or some parts
thereof are situated, that certain public records are being
improperly withheld from a member of the public, the court shall
order the officer or person charged with withholding the records
to disclose the public record or show cause why he or she should
not do so.
6259 (b) 3. If the court finds that the public official's decision to
refuse disclosure is not justified, he or she shall order the
public official to make the record public. If the judge
determines that the public official was justified in refusing to
make the record public, he or she shall return the item to the
public official without disclosing its content and with an order
supporting the decision refusing disclosure.
6259 (c) 4. In an action filed on or after January 1, 1985, an order of
the court either directing disclosure by a public official or
supporting the decision of the public official refusing
disclosure is not a final judgment or order, but shall be
immediately reviewable by petition to the appellate court. Any
person who fails to obey the order of the court shall be cited
to show cause why he or she is not in contempt of court.
6259 (d) 5. The court shall award court costs and reasonable attorney
fees to the plaintiff should the plaintiff prevail in
litigation. The costs and fees shall be paid by the University
and shall not become a personal liability of the University
employee. If the court finds that the plaintiff's case is
clearly frivolous, it shall award court costs and reasonable
attorney fees to the University.
VII. CALIFORNIA INFORMATION PRACTICES ACT of 1977 (Civil Code
Section 1798 et seq.)
Privacy of and Access to University
Records Pertaining Specifically to Personal Data
The California Information Practices Act of 1977 established
certain requirements for the collection, maintenance, and
dissemination of any information that identifies or describes
an individual. All records maintained by the University that
fall within the definitions included in Section VII.A. and B.
are covered by this law. The Information Practices Act does
not apply to student records, i.e., those records pertaining to
an individual directly in his or her capacity as a student.
But it does apply to records of potential students before
enrollment, i.e., records of applicants for admission. (See
Sections IV. and V.)
The numbers in the margin of this section reference the
applicable Civil Code section.
A. Definitions - General
1798.3 (g) 1. The term "record" means any file or grouping of
information about an individual that is maintained by
an agency by reference to an identifying particular
such as the individual's name, photograph, finger or
voice print, or a number or symbol assigned to the
individual.
1798.3 (h) 2. The term "system of records" means one or more records,
which pertain to one or more individuals, which is
maintained by the University, from which information is
retrieved by the name of an individual or by some
identifying number, symbol, or other identifying
particular assigned to the individual.
NOTE: Subsections 1 and 2 above should not be interpreted to
deny an individual access to information pertaining to
him or her merely because it is not filed or retrieved
by an identifier particular to that individual. An
individual has a right of access to information about
himself or herself if his/her name or identifier appears
in a record, even if the information is not maintained
by an identifier particular to the individual. Any
personal information about an individual is accessible
to that individual, regardless of how it is filed, if a
reasonable effort would locate it.
1798.3 (d) 3. The term "individual" means a natural person.
1798.3 (f) 4. The term "person" means any natural person, corporation,
partnership, firm, or association.
1798.3 (b) 5. The term "agency" means every State office, officer,
department, division, bureau, board, commission, or
other State agency except:
a. The California Legislature;
b. The California Judiciary;
c. The State Compensation Insurance Fund, except as to
any records which contain personal information
about that agency's employees; or
d. A local agency, as defined in subdivision (b) of
Section 6252 of the Government Code.
1798.3 (i) 6. The term "governmental entity" means any branch of the
Federal government or the local government.
1798.3 (k) 7. The term "regulatory agency" means the State Banking
Department, the Department of Corporations, the
Department of Insurance, the Department of Savings and
Loan, the Department of Real Estate, and agencies of
the United States or of any state responsible for
regulating financial institutions.
1798.3 (c) 8. The term "disclose" means to disclose, release,
transfer, disseminate, or otherwise communicate all or
any part of any record orally or by electronic or any
other means to any person or entity.
1798.3 (e) 9. The term "maintain" includes maintain, acquire, use or
disclose.
B. Definitions - Categories of Information
The primary significance of distinguishing between
confidential, personal, and nonpersonal information is to
clarify access rights of the individual to whom records
pertain and third party disclosure rights. Generally
speaking, everyone has a right of access to nonpersonal
information which may be viewed as the equivalent of public
information. Full access to personal information is
provided to the individual to whom the information
pertains, but very limited disclosure of it is allowed to
other persons or agencies. Confidential information, as
defined in the law, has the most restricted access and so
long as the information remains confidential it generally
is not accessible even to the individual to whom it
pertains. Although recent amendments to the Information
Practices Act have altered or deleted those three categories
of information, University policy continues to classify
information as confidential, personal, or nonpersonal. In
addition, University policy establishes a special category
of confidential academic review records.
1. Confidential Information
Recent amendments to the Information Practices Act
delete the term confidential information from Section
1798.3 but retain the limited access rights provided to
information previously so denied by addition of a new
Section 1798.40. Section 1798.40 provides that an
agency is not required to disclose information to the
individual to whom the information pertains if certain
criteria are satisfied. The criteria listed correspond
to those previously used to define the term confidential
information. Thus, although the term has been
eliminated from the Act, no substantive change has been
effected regarding disclosure or access rights. The
University will continue to use the term confidential
information to mean any information which meets any of
the following criteria:
1798.40 (a - c) a. Is compiled for the purpose of investigation of
suspected criminal activities or identification of
individual criminal offenders or alleged offenders.
1798.40 (d) b. Is maintained for the purpose of an investigation
of an individual's fitness for University
employment, or of a grievance or complaint, or a
suspected civil offense, so long as the information
is withheld only so as not to compromise the
investigation or a related investigation. The
identities of individuals who provided information
for the investigation may be withheld pursuant to
Section 1798.38. (See Section VII.H.1.)
1798.40 (e) c. Would compromise the objectivity or fairness of a
competitive examination or appointment or promotion
in University service, or is used to determine
scholastic aptitude.
1798.40 (f) d. Pertains to the physical or psychological condition
of the individual, if the University determines
that disclosure would be detrimental to the
individual. The information shall be disclosed
upon the individual's written authorization to a
licensed medical practitioner or psychologist
designated by the individual.
APM 160-20-b(1) 2. Confidential Academic Review Records
A special University category of confidential academic
review records is defined in Academic Personnel Manual
Section 160-20-b(1). This category pertains to
academic evaluations and letters of recommendation.
Access to this type of information is specially
controlled both for the individual to whom the
information pertains and to all third parties.
Academic Personnel Manual Section 160-20-c(2) and
160-20-d define these access rights.
3. Nonpersonal Information
The recent amendments to the Information Practices Act
also delete the term nonpersonal information from the
Act. The deleted Section 1798.3 (c) defined
nonpersonal information as "...limited factual data,
which could not, in any reasonable way reflect or convey
anything detrimental, disparaging, or threatening to an
individual's reputation, rights, benefits, privileges,
or qualifications." Although the term has been deleted
from the Act, Section 1798.24 (g) continues to permit
disclosure of such information pursuant to the
California Public Records Act. Disclosures under this
section do not require consent of the individual to
whom the information pertains. Under the California
Public Records Act, disclosure of personal information
is allowable so long as the disclosure does not
constitute an "unwarranted invasion of personal
privacy." With both acts in mind, the University will
continue to use the term nonpersonal information as
defined above and will disclose such information in
accordance with the Information Practices Act, the
Public Records Act, Staff Personnel Policy 605,
Academic Personnel Section 160, Administrative and
Professional Staff Program Personnel Policy 160,
Executive Program Personnel Policy 20, and Management
and Professional Program Personnel Policy 60.
The University has determined that the following
information about University employees is nonpersonal:
a. Name
b. Date of hire or separation
c. Current position title
d. Current rate of pay
e. organization unit assignment, including office
address & telephone number
f. Current job description
g. Full time or part time, and career, casual or
probationary status
h. Prior non-University employment
i. Additional employment information may be required
to be released to the public as determined by the
General Counsel and the Senior Vice President-
Administration
1798.3 (a) 4. Personal Information
In further interpretation of the Information Practices
Act as amended, the University will use the term
"personal information" to mean all information that
identifies or describes an individual except that
information which is determined to be confidential,
confidential academic, or nonpersonal as discussed in
Subsections 1, 2, 3 above, and the disclosure of which
would constitute an unwarranted invasion of
personal privacy. Thus, much information about
individuals will fall under the personal category.
Some examples of the most common types of personal
information are:
a. Birthdate
b. Citizenship
c. Social security number
d. Home address and home telephone number
e. Income tax withholding
f. Staff performance evaluations or letters of
corrective actions
g. Spouse's or other relatives' names
C. General Requirements
Under the Information Practices Act, the University of
California shall:
1798.14 1. Maintain in its records only that information about an
individual which is relevant and necessary to
accomplish a purpose of the University required or
authorized by the California Constitution or statute or
mandated by the Federal government.
1798.15 2. Collect information about an individual to the greatest
extent practicable directly from the individual who is
the subject of the information rather than from
another source.
1798.16 3. Maintain the source or sources of information about an
individual unless the source is the data subject, and
maintain the information in a readily accessible form
so as to be able to provide it to the data subject upon
request.
1798.18 4. Maintain all records to the maximum extent possible,
with accuracy, relevance, timeliness, and completeness.
1798.60 5. Ensure that an individual's name and address are not
1798.62 distributed for commercial purposes or sold or rented
by the University unless such action is specifically
authorized by law. Upon written request of any
individual, any University office which maintains a
mailing list shall remove the individual's name and
address from such list, except that the office need not
remove the individual's name if such name is
exclusively used by the University to directly contact
the individual.
1798.20 6. Establish rules of conduct for persons involved in the
design, development, operation, disclosure, or
maintenance of records containing information about an
individual, and instruct each such person with respect
to such rules of the requirements of the Information
Practices Act and related University policies and of the
remedies and penalties for noncompliance. (Sample
Rules of Conduct are attached as Exhibit D.)
1798.21 7. Establish appropriate and reasonable administrative,
technical, and physical safeguards to ensure compliance
with the Information Practices Act and the security and
confidentiality of records.
1798.19 8. Cause, consistent with its authority, the requirements
of this policy to be applied to any information about
an individual contained in any records the University
has contracted to operate or maintain.
1798.77 9. Ensure that no record containing information about an
individual is modified, transferred, or destroyed for
the purpose of avoiding compliance with these legal
requirements. The University shall not remove or
destroy information about an individual who has
requested access to the information before allowing the
individual access to the record containing the
information. Violation may lead to civil action under
the State law.
D. Notice Requirements - To the Individual
1798.17 The University shall provide the notice specified in this
section on or with any form used to collect personal
information from individuals. When contact with the
individual is of a regularly recurring nature, an initial
notice followed by a periodic notice of not more than
one-year intervals shall satisfy this requirement.
The notice shall include all of the following:
1798.17 (a) 1. The name of the University office that is requesting the
information.
1798.17 (b) 2. The title, University address, and University telephone
number of the official who is responsible for the
system of records and who shall, upon request, inform
an individual regarding the location of his or her
records and the categories of any persons who use the
information in these records.
1798.17 (c) 3. The authority, whether granted by statute, regulation,
or University policy which authorizes the maintenance
of the information.
1798.17 (d) 4. With respect to each item of information, whether
submission of such information is mandatory or
voluntary.
1798.17 (e) 5. The consequences, if any, of not providing all or any
part of the requested information.
1798.17 (f) 6. The principal purpose or purposes within the University
for which the information is to be used.
1798.17 (g) 7. Any known or foreseeable disclosure which may be made of
the information to Federal, State, or local
governmental agencies.
1798.17 (h) 8. The individual's right of access to records containing
personal information which are maintained by the
University.
1798.17 This section does not apply to any enforcement document
issued by an employee of a law enforcement agency in the
performance of his or her duties wherein the violator is
provided an exact copy of the document, or to accident
reports whereby the parties of interest may obtain a copy
of the report pursuant to Section 20012 of the Vehicle Code.
The notice required by this section does not apply to
University requirements for an individual to provide his or
her name, identifying number, photograph, address, or
similar identifying information, if this information is
used only for the purpose of identification and
communication with the individual by the University, except
that requirements for an individual's social security
number shall conform with the provisions of the Federal
Privacy Act of 1974. (A sample State Privacy Notice is
attached as Exhibit B. For information concerning use of
social security number, see Section III, and Exhibit A.)
E. Notice Requirements - To the State
1798.9 In accordance with the Information Practices Act, the
University shall file notices with the State Office of
Information Practices, on March 31 of each year, for any
system of records containing personal or confidential
information.
1798.10 Notices required to be filed by the Information Practices
Act shall specify each of the following:
1798.10 (a) 1. An index or list showing each record system by name or
title.
1798.10 (b) 2. The procedures to be followed for an individual to gain
access to, and contest the contents of, records
containing personal information. The procedures shall
include the name or title and business address of the
University's designated contact person for each record
system.
1798.10 (c) 3. Each known instance during the reporting period in which
personal information has been distributed by the
University or obtained by any person in a manner not in
accord with law.
1798.10 (d) 4. Each known instance during the reporting period where
access to records requested under the Information
Practices Act or the California Public Records Act has
been denied, and each known instance of delay in
providing access to, or copies of, records beyond the
statutory limits imposed by the applicable
provisions of the Information Practices Act or the
California Public Records Act, and the statutory basis
or other reasons therefor.
1798.10 If the University fails to file such a report the State
Office of Information Practices promptly shall inform the
University and if the University fails to comply within 30
days thereafter, the State Office shall report the failure
as a violation in its annual report to the Legislature
pursuant to the Information Practices Act.
In addition, upon the request of an individual who is
identified in a record system, or upon the request of the
Office of Information Practices, the University shall, with
respect to any personal information in the record system,
explain the authority and purpose for maintaining the
information, the routine or probable disclosures
of the information, and the retention and disposal policies
pertaining to the information.
F. Inquiries About Information
1798.32 1. Each individual shall have the right to inquire and be
notified as to whether the University maintains a
record about himself or herself. Inquiries shall
specify the name or title of the system of records.
The University shall allow individuals to review the
notices submitted to the State Office of Information
Practices (see Section VII.E.). and shall take
reasonable steps to assist individuals in making their
requires sufficiently specific.
2. When notifying an individual as to whether or not the
University maintains records about the individual, such
notice shall include the title and business address of
the University official responsible for maintaining the
records, the procedures to be followed to gain access to
the records, and the procedures to be followed for an
individual to contest the contents of such records
unless the individual has received this notice during
the past year.
G. Disclosure of Information
1. Nonpersonal Information
The University will disclose all nonpersonal
information in response to any request.
2. Confidential Academic Review Records
Disclosure of confidential academic review records is
governed by University policies contained in Academic
Personnel Manual Section 160.
3. Confidential Information
Most confidential information, as defined in the law,
is nondisclosable to the individual to whom it pertains
or to others except as provided by law. For example,
medical records are subject to the Confidentiality of
Medical Information Act; Mental health records, records
related to alcohol and drug abuse, and records
related to AIDS are subject to similar special laws, as
are criminal law enforcement records and investigative
materials. Questions pertaining to the release of
confidential information should be directed to the
Office of The General Counsel or the local Information
Practices Coordinator for guidance.
1798.24 4. Personal Information
The University will not disclose any personal
information in a manner that would link the information
disclosed to the individual to whom it pertains unless
the disclosure of the information is:
1798.24 (a) a. To the individual to whom the information pertains.
1798.24 (b) b. With the prior written voluntary consent of the
individual to whom the record pertains, but only if
such consent has been obtained not more than 30
days before the disclosure, or in the time limit
agreed to by the individual in the written consent.
1798.24 (c) c. To the duly appointed guardian or conservator of the
individual or a person representing the individual
provided that it can be proven with reasonable
certainty that such person is the authorized
representative of the individual to whom the
information pertains.
1798.24 (d) d. To those officers, employees, attorneys, agents, or
volunteers of the University if the disclosure is
relevant and necessary in the ordinary course of
the performance of their official duties and is
related to the purpose for which the information
was acquired.
1798.24 (e) e. To a person, or to another agency when the transfer
is necessary for the transferee agency to perform
its constitutional or statutory duties, and the use
is compatible with a purpose for which the
information was collected and the use or transfer
is listed in the notice filed with the State Office
of Information Practices or accounted for in
accordance with Section VII.I.1. With respect to
information transferred from a law enforcement or
regulatory agency, or information transferred to
another law enforcement or regulatory agency, a
use is compatible if the use of the information
requested is needed in an investigation of unlawful
activity under the jurisdiction of the requesting
agency or for licensing, certification, or
regulatory purposes by that agency.
1798.24 (f) f. To a governmental entity when required by State or
Federal law.
1798.24 (g) g. Pursuant to the California Public Records Act.
1798.24 (h) h. To a person who has provided the University with
advance adequate written assurance that the
information will be used solely for statistical
research or reporting purposes, but only if the
information to be disclosed is in a form that will
not identify any individual.
1798.24 (i) i. Pursuant to a determination by the University that
compelling circumstances exist which affect the
health or safety of an individual, if upon the
disclosure, notification is transmitted to the
individual to whom the information pertains
at his or her last known address. Disclosure shall
not be made if it is in conflict with other State
or Federal law.
1798.24 (k) j. To any person pursuant to a subpoena, court order,
or other compulsory legal process if, before the
disclosure, the agency reasonably attempts to
notify the individual to whom the record pertains,
and if the notification is not prohibited by law.
1798.24 (1) k. To any person pursuant to a search warrant.
1798.24 (n) l. For the sole purpose of verifying and paying
government health care service claims made pursuant
to Division 9 (commencing with Section 10000) of
the Welfare and Institutions Code, related to
provision of aid and services to the needy and
distressed.
1798.24 (o) m. To a law enforcement or regulatory agency when
required for an investigation of unlawful activity,
or for licensing, certification, or regulatory
purposes, unless the disclosure is otherwise
prohibited by law.
1798.24 (p) n. To another person or governmental organization to
the extent necessary to obtain information from the
person or governmental organization as necessary
for an investigation by the University of a failure
to comply with a specific State law which the
University is responsible for enforcing.
1798.24 (q) o. To the State Office of Information Practices when
the transfer is necessary for that office to
investigate a complaint it has received regarding
an alleged violation of any provision of the
Information Practices Act or to perform its
mediation functions, provided that the Office of
Information Practices has received written
voluntary consent of the individual to whom the
information pertains for such a transfer.
1798.24 (t) p. To a committee of the Legislature or to a member of
the Legislature, or his or her staff when
authorized in writing by the member, where such
member has permission to obtain the information
from the individual to whom it pertains or where
the member provides reasonable assurance that he or
she is acting in behalf of the individual.
1798.24 (u) q. For scientific research within the University of
California or to a nonprofit educational
institution conducting scientific research,
provided the request for information includes
assurances of the need for personal information,
procedures for protecting the confidentiality of
the information and assurances that the personal
identity of the subject shall not be further
disclosed in individually identifiable form.
H. Deletion of Information Prior to Disclosure
1798.38 1. Deletion of Source of Letters of Recommendation
If information, including letters of recommendation,
compiled for the purpose of determining suitability,
eligibility, or qualifications for employment,
advancement, renewal of appointment or promotion, was
received with the promise or, prior to July 1, 1978,
with the understanding that the identity of the source
of the information would be held in confidence and such
source is not in a supervisory position with respect to
the individual to whom the record pertains, the
University shall fully inform the individual of all
personal information about that individual without
identification of the source. This may be done by
providing a copy of the text of such material with only
such deletions as are necessary to protect the identity
of the source, or by providing a comprehensive summary
of the substance of the material. Whichever method is
used, the University shall insure that full disclosure
is made to the subject of any personal information that
could reasonably in any way reflect or convey anything
detrimental, disparaging, or threatening to an
individual's reputation, rights, benefits, privileges,
or qualifications, or be used by the University to make
a determination that would affect an individual's
rights, benefits, privileges, or qualifications.
"Supervisory positions" shall not be deemed to
include chairpersons of academic departments.
NOTE: With respect to confidential academic review records,
see Academic Personnel Manual Section 160-20-c(2).
1798.42 2. Deletion of Personal or Confidential Information About
Others
In disclosing information contained in a record to an
individual, the University shall not disclose any
personal or confidential information as defined in the
law relating to another individual which may be
contained in a record. To comply with this section,
the University, in disclosing information, shall delete
from disclosure such information as may be necessary.
1798.43 3. Deletion of Confidential Information About the
Individual
In disclosing information contained in a record to an
individual, the University need not disclose any
confidential information as defined in the law
pertaining to that individual. To comply with this
section, the University, in disclosing personal
information contained in a record, may delete from
disclosure any confidential information.
NOTE: The above subsection does not apply to confidential
academic review records. See Academic Personnel Manual
Section 160-20-c(2).
I. Accounting of Disclosures
1798.25 1. In compliance with the Information Practices Act, the
University shall keep an accurate accounting of the
date, nature, and purpose of each disclosure of a
record made pursuant to Subsections i, j, k, m, and n
of Section VII.G.4. This accounting shall also be
required for disclosures made in accordance with
Subsections e and f of Section VII.G.4., unless notice
to the State office of Information Practices has been
provided as described in Section VII.E. The accounting
shall also include the name, title, and business
address of the person or agency to whom such a
disclosure was made. (A sample Accounting of
Disclosure Form is attached as Exhibit C.) For the
purpose of an accounting of a disclosure made
under Subsection m of Section VII.G.4., it shall be
sufficient for a law enforcement to record the date of
disclosure, the law enforcement agency or regulatory
agency requesting the disclosure, and whether the
purpose of the disclosure is for an investigation of
unlawful activity under the jurisdiction of the
requesting agency, or for licensing, certification, or
regulatory purposes by that agency.
Routine disclosures of information pertaining to
crimes, offenders, and suspected offenders, to law
enforcement or regulatory agencies of federal, state,
and local government shall be deemed to be disclosures
pursuant to Subsection e of Section VII.G.4.
1798.27 2. The University shall retain the required records of
disclosure for at least three years after the
disclosure, or until the original record is destroyed
pursuant to the University's disposition schedule,
whichever is shorter.
1798.28 3. The University shall inform any person or agency to
whom a record containing personal or confidential
information has been disclosed during the preceding
three years, of any correction of an error or notation
of dispute, if an accounting of such disclosure was
required and has not been destroyed, or if the name of
the person or agency to whom the disclosure was made is
known.
J. Right of Access by Individuals to Whom Information Pertains
1798.34 (a) 1. Confidential Academic Review Records
The right of access to confidential academic review
records by the individual to whom such information
pertains is governed by University policies contained
in Academic Personnel Manual Section 160.
2. Confidential Information
1798.40 a. The University is not required to disclose
information determined to be confidential, as set
forth in Section VII.B.1., to the individual to
whom such information pertains. This shall not be
construed to deny an individual access to
information relating to him or her if access is
allowed by another statute or decisional law of
this State.
1798.41 (a) b. Except as provided in Subsection J.2.d below, if
the University determines that information
requested is exempt from access as confidential,
the University shall inform the individual in
writing of its findings that disclosure is not
required by law.
1798.41 (b) c. Except as provided in Subsection J.2.d. below, the
University shall conduct a review of its
determination that particular information is
confidential and exempt from access within 30 days
from the receipt of a request by an individual
directly affected by the determination, and inform
the individual in writing of the findings of the
review. The review shall be conducted by the local
Information Practices Coordinator.
1798.41 (c) d. If the University believes that compliance with
Subsection J.2.b. above, would seriously interfere
with attempts to apprehend persons who are wanted
for committing a crime or attempts to prevent the
commission of a crime or would endanger the life of
an informant or other person submitting information
contained in the record, it may petition the
presiding judge of the superior court of the county
in which the record is maintained to issue an ex
parte order authorizing the University to respond
to the individual that no record is maintained.
3. Personal Information
1798.34 (a) a. The University shall permit any individual upon
request and proper identification to inspect all
the personal information in any record containing
personal information, and maintained by reference
to an identifying particular assigned to the
individual. In addition, the individual shall be
permitted to inspect any personal information about
himself or herself where it is maintained by
reference to an identifying particular other than
that of the individual, if the University knows or
should know that the information exists. The
individual also shall be permitted to inspect the
accounting made in accordance with Section VII.I.
1798.34 (b) b. The University shall permit the individual, and,
upon the individual's request, another person of
the individual's own choosing to inspect all the
personal information in the record and have an
exact copy made of all or any portion thereof. The
University may require the individual to furnish a
written statement authorizing disclosure to another
person.
1798.34 (c) c. The University shall present the information in the
record in a form reasonably comprehensible to the
general public.
1798.34 (d) d. Whenever the University is unable to access a
record by reference to name only, or when access by
name only would impose an unreasonable
administrative burden, the University may require
the individual to submit other identifying
information, to facilitate access to the record.
1798.34 (e) e. The information or a true copy thereof, shall be
made available to the individual at a location near
the residence of the individual or by mail,
whenever reasonable.
K. Requests for Amendment of Records
1798.35 1. The University shall permit an individual to request in
writing an amendment of a record and shall, within 30
days of the date of receipt of such request:
1798.35 (a) a. Make each correction and inform the individual of
such correction; or
1798.35 (b) b. Inform the individual of its refusal to amend the
record, the reason for the refusal, the procedures
established by the University for the individual to
request a review of the refusal, and the name,
title, and business address of the reviewing
official.
1798.36 2. Any individual who disagrees with a refusal to amend a
record may request a review of such refusal. The
review shall take place within 30 days, unless for good
cause shown the University extends the review by an
additional 30 days. If, after such review, the
reviewing official refuses to amend the record in
accordance with the request, the University shall
permit the individual to file a statement of reasonable
length setting forth the reasons for the individual's
disagreement.
1798.37 3. The University, with respect to any disclosure
containing information about which the individual has
filed a statement of disagreement, shall clearly note
any portion of the record which is disputed and make
available to any person to whom the disputed record
has been or is disclosed copies of the individual's
statement and copies of a concise statement of the
reasons of the University for not making the amendment.
NOTE: For procedures regarding requests for corrections or
deletions in records and additions to such records, see
Academic Personnel Manual Section 160, Administrative
and Professional Staff Program Personnel Policy 160,
Executive Program Personnel Policy 20, Management and
Professional Program Personnel Policy 60, and Staff
Personnel Manual Policy 605.
L. Deadlines for Release, Copying, and Amendment of Information
1798.34 (a) 1. The University shall make available all disclosable
information within 30 days of the receipt of a request
for active records, and within 60 days for records that
are geographically dispersed or which are inactive and
in storage. Failure to respond within these time
limits shall be deemed denial.
17983.34 (b) 2. When an individual inspects disclosable information the
University shall provide, upon the individual's
request, exact copies of such information within 15
days of the inspection.
1798.41 (b) 3. If requested information is determined to be
confidential and thus exempt from access, the
University shall inform the individual in writing
within 30 days from the receipt of the request.
1798.35 4. Requests for an amendment of a record requires
University action within 30 days of request. See
Section VII.K. for the action required.
NOTE: See Section VI.B.2. for deadlines under the Public
Records Act.
M. Fees for Copies
1798.33 The University may establish fees to be charged, if any, to
an individual for making copies of a record. Such fees
shall exclude the cost of any search for and review of the
record and shall not exceed ten cents per page. (See
Section VI.B.4. for fees for copies under the Public
Records Act.)
N. State Office of Information Practices
1798.6 In accordance with the Information Practices Act, the
1798.8 State Office of Information Practices, upon
receiving a complaint, may investigate violations of the
Act and may attempt to mediate any dispute between the
University and a complaining individual. The
Office of Information Practices shall not have access to
personal information except pursuant to the written
voluntary consent of the individual to whom the information
pertains.
O. Civil Remedies
1798.45 1. An individual may bring a civil action against the
University whenever the University does any of the
following:
1798.45 (a) a. Refuses to comply with an individual's lawful
request to inspect personal information.
1798.45 (b) b. Fails to maintain any record concerning any
individual with such accuracy, relevance,
timeliness, and completeness as is necessary to
assure fairness to any determination relating to
the qualifications, character rights, opportunities
of, or benefits to the individual that may be
made on the basis of such record, if, as a result
of such failure, a determination is made which is
adverse to the individual.
1798.45 (c) c. Fails to comply with any other provision of the
Information Practices Act, or any rule promulgated
thereunder, in such a way as to have an adverse
effect on an individual.
1798.46 2. In any suit brought under the provisions of Subsection
O.1.a., above, the court may enjoin the University from
withholding the records and order the production to the
complainant of any University records improperly
withheld. The court hall assess against the University
reasonable attorney's fees and other litigation costs
reasonably incurred in any suit in which the
complainant has prevailed.
1798.48 3. In any suit brought under the provisions of Subsection
O.l.b. or c. above, the University shall be liable to
the individual in an amount equal to the sum of:
1798.48 (a) a. Actual damages sustained by the individual,
including damages for mental suffering.
1798.48 (b) b. The costs of the action together with reasonable
attorney's fees as determined by the court.
1798.50 4. The above authorized civil actions shall not apply with
respect to an allegation that an opinion which is
subjective in nature, as distinguished from a factual
assertion, about an individual's qualifications in
connection with a personnel action, was not accurate,
relevant, timely or complete.
1798.53 5. Any University employee, other than when acting solely
in his or her official capacity, who intentionally
discloses information not otherwise public, which he or
she knows or should reasonably know was obtained from
personal or confidential information maintained by the
University, or from "records" within a "system of
records" (as such terms are defined in the Federal
Privacy Act of 1974) maintained by a Federal government
agency, shall be subject to a civil action, for
invasion of privacy, by the individual to whom the
information pertains. In any successful action the
complainant, in addition to any special or general
damages awarded, shall be awarded a minimum of $2,500
in exemplary damages as well as attorney's fees and
other litigation costs reasonably incurred in the suit.
P. Penalties
1798.55 1. Any officer or employee of the University who
intentionally violates any provision of the Information
Practices Act or any rules or regulations adopted
thereunder may be disciplined, and such discipline may
include termination of employment.
1798.56 2. Any person who willfully requests or obtains any record
containing personal or confidential information from
the University under false pretense shall be guilty of
a misdemeanor and fined not more than $5,000, or
imprisoned not more than one year, or both.
1798.57 3. Except for disclosures which are otherwise required or
permitted by law, the intentional disclosure of medical,
psychiatric, or psychological information in violation
of the disclosure provisions of the Information
Practices Act is punishable as a misdemeanor if the
wrongful disclosure results in economic loss or
personal injury to the individual to whom the
information pertains.
Q. Relation of the Information Practices Act to Other Laws
1798.70 1. The Information Practices Act shall be construed to
supersede any other provision of State law, including
any exemption in Section 6254 or 6255 of the Public
Records Act, which authorizes any agency to withhold
from an individual any record containing personal
information which is otherwise accessible under the
Information Practices Act.
1798.71 2. The Information Practices Act shall not be deemed to
abridge or limit the rights of litigants, including
parties to administrative proceedings, under the laws,
or case law, of discovery of this state.
1798.76 3. Nothing in the Information Practices Act shall be
construed to revoke, modify, or alter in any manner any
statutory provision or any judicial decision which (a)
authorizes an individual to gain access to any law
enforcement record, or (b) authorizes discovery in
criminal or civil litigation.
EXHIBIT A
(See Section III., pages 4 and 5)
SAMPLE FEDERAL PRIVACY NOTICES
Section 7(b) of the Federal Privacy Act of 1974 provides that any
Federal, State, or local government agency which requests an individual
to disclose his or her social security account number shall inform that
individual whether the disclosure is mandatory or voluntary, by what
statutory or other authority such number is solicited, and what uses
will be made of it. The notification requirements of Section 7(b) of the
Act may be met in one of three ways.
OPTION 1
For requesting the mandatory disclosure of social security numbers to be
used for record keeping systems established prior to January 1, 1975,
pursuant to Federal or State statute or regulation.
Pursuant to the Federal Privacy Act of 1974, you are hereby notified
that disclosure of your social security number is mandatory. Disclosure
of the social security number is required pursuant to (Federal or State
statue or regulation - provide citation.) The social security number is
used to verify your identity.
OPTION 2
For requesting the mandatory disclosure of social security numbers to be
used for record keeping systems established prior to January 1, 1975,
pursuant to the authority of The Regents.
Pursuant to the Federal Privacy Act of 1974, you are hereby notified
that disclosure of your social security number is mandatory. This record
keeping system was established prior to January 1, 1975 pursuant to the
authority of The Regents of University of California under Art. IX, Sec.
9 of the California Constitution. The social security number is used to
verify your identity.
OPTION 3
For requesting the voluntary disclosure of social security numbers for
record keeping systems established subsequent to January 1, 1975,
pursuant to the authority of The Regents.
Pursuant to the Federal Privacy Act of 1974, you are hereby notified
that disclosure of your social security number is voluntary. This record
keeping system was established pursuant to the authority of The Regents
of the University of California under Art. IX, Sec. 9 of the California
Constitution. The social security number is used to verify your
identity.
EXHIBIT B
(See Section VII.D., page 19)
SAMPLE STATE PRIVACY NOTICE
The State of California Information Practices Act of 1977 (effective
July 1, 1978) requires the University to provide the following
information to individuals who are asked supply information about
themselves:
The principal purpose for requesting the information on this form is to
(state purpose - payment of earnings, administration of University
Benefits Program, process application for admission, determine
eligibility for ..., report payments for income tax purposes, etc.).
State and/or Federal statute and/or University policy authorize
maintenance of this information.
Furnishing all (or specifically designated) information requested on
this form is mandatory - failure to provide such information will delay
or may even prevent completion of the action for which the form is being
filled out.* Information furnished on this form may be used by (state
departments which will use the information) for (state other uses, if
applicable), and will be transmitted to the State and Federal
governments as required by law.
Individuals have the right to review their own records in accordance
with University personnel policy and collective bargaining agreements.
Information on applicable policies and agreements can be obtained from
campus, Laboratory, or office of the President staff and Academic
Personnel Offices.
The official(s) responsible for maintaining the information contained on
this form is (are): (name of office/title of responsible officer).
* Alternate - "Furnishing the information requested on this form is
voluntary. There is no penalty for not completing the form."
EXHIBIT C
(See Section VIII., page 26)
SAMPLE ACCOUNTING OF DISCLOSURE
Date: _____________________________________________________________________
Name: _____________________________________________________________________
Title:____________________________________________________________________
Business address: _________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
(of Person or agency to whom disclosure was made)
Nature/Purpose of disclosure: _____________________________________________
___________________________________________________________________________
___________________________________________________________________________
Signature and department of University official authorizing disclosure:
___________________________________________________________________________
Attachments: Written request of party asking for disclosure
Copy of material/records which are disclosed
EXHIBIT D
(See Section VII.C.6., page 18)
RULES OF CONDUCT FOR UNIVERSITY EMPLOYEES
INVOLVED WITH INFORMATION REGARDING INDIVIDUALS
A. Employees responsible for the collection, maintenance, use, and
dissemination of information about individuals which relates to their
personal life, including their employment and medical history, financial
transactions, marital status and dependents, shall comply with the
provisions of the State of California Information Practices Act.
Business and Finance Bulletin RMP-8, "Legal Requirements on Privacy of
and Access to Information," shall be used as a basic guide in
administering the Act's provisions.
B. Employees shall not require individuals to disclose personal or
confidential information about themselves which is not necessary and
relevant to the purposes of the University or to the particular function
for which the employee is responsible.
C. Employees shall make every reasonable effort to see that inquiries
and requests by individuals for their personal or confidential records
are responded to quickly, courteously, and without requiring the
requester to repeat the inquiry to others unnecessarily.
D. Employees shall assist individuals who seek information pertaining to
themselves in making their inquiries sufficiently specific and
descriptive so as to facilitate locating the records.
E. Employees shall not disclose personal or confidential information
relating to individuals to unauthorized persons or entities. The
intentional disclosure of such information to such persons or agencies
may be cause for disciplinary action.
F. Employees shall not seek out or use personal or confidential
information relating to others for their own interest or advantage. The
intentional violation of this rule may be cause for disciplinary action.
G. Employees responsible for the maintenance of personal and
confidential records shall take all necessary precautions to assure that
proper administrative, technical, and physical safeguards are
established and followed in order to protect the confidentiality of
records containing personal or confidential information.
|
|||||||||||||||
|
|||||||||||||||
|
Send comments or questions about this website to Yvonne Tevis. |
|||||||||||||||
