Laws and Policies

Vineyard

Your privacy is protected by numerous federal and state laws, systemwide policies, and campus policies. These policies describe the requirements and processes for protecting various types of information, as well as the University's obligations in providing access to public records when requested. When releasing records or data, the University balances the obligation to act transparently with the principals of maintaining an individual's personal privacy.

The following glossary of privacy related terms is provided for your reference.

  • Autonomy privacy--an individual’s ability to conduct activities without concern of suspected or actual observation
  • "Big data"--large aggregated data sets of information, which may include transactional information online such as web logs, social media information or searches
  • Campus privacy program--a coordination of activities necessary to develop a unified culture of privacy consistent with the UC Statement of Privacy Values and Principles
  • Electronic Communications Policy--the UC Electronic Communications Policy (ECP) establishes principles, rules and procedures applying to all members of the University community to specifically address issues particular to the use of electronic communications
  • FERPA--The Family Educational Rights and Privacy Act is a Federal law that protects the privacy of student education records
  • Governance--Oversees the principles and program, ensures compliance and provides high-level strategic direction (the “what”)
  • HIPAA--The Health Insurance Portability and Accountability Act of 1996, is a Federal law that, among other things, protects the privacy of individually identifiable health information
  • Incidental personal use--a general concept, but as defined specifically by the ECP, the use of University resources for non-University activities, where “use does not: (i) interfere with the University’s operation of electronic communications resources; (ii) interfere with the user’s employment or other obligations to the University, or (iii) burden the University with noticeable incremental costs”
  • Information privacy--the appropriate protection, use and dissemination of information about individuals; information privacy protects data about people
  • Information security--supports the protection of information resources from unauthorized access, which could compromise the confidentiality, integrity, and availability of those resources; information security protects data and infrastructures
  • Management--directs and facilitates implementation of the campus privacy or information security program (the "how")
  • Operations--each unit must implement the program as appropriate, in accordance with management directives (drives toward the “what” with the “how”)
  • Privacy balancing process--a tool that applies the UC Privacy Values and Principles to adjudicate between competing values, obligations and interests of the University, intended for use by privacy boards, privacy officials and others both in making policy and to guide case-specific decision-making.
  • Privacy by design--in general, the philosophy of embedding privacy proactively; making it the default
  • Records and information management--policy, regulations and general principles for appropriately managing, accessing and preserving administrative records throughout their lifecycle and schedules for their final disposition
  • UC Privacy Principles--principles derived from UC Statement of Privacy Values and intended to be used to guide policies and practice
  • UC Statement of Privacy Values--declares privacy, of both autonomy and information, as an important value of the University and clarifies that privacy is one of many values and obligations of the University