Campus network data reports may be sent to campus departments by Network Operations and Services (NOS) or the Information Security Office (ISO), either because operational or security issues have been observed, or when otherwise requested by the departments. This access is given on the condition that the use of the data must respect all governing laws and policies. In particular, its use must comply with the University's firmly-held principles of academic freedom and shared governance, freedom of speech, and privacy, within the context of the University's legal and other obligations.
Systems Support:
The University of California Electronic Communications Policy (ECP) is very specific about the level of inspection allowed to system administrators to ensure the proper functioning of resources. As part of their assigned job duties, support staff may access data, but only at the least invasive level necessary to do the job.
Resource Management:
The campus has approved the distribution of network data reports so departments may conduct financial planning or other resource management duties, in support of the business operations of the department. Departments must exercise great caution to ensure that their uses of the data do not impinge upon the expectations of privacy afforded to campus network users by law and policy. For example, except under allowable circumstances described in the ECP, departments:
- Shall not monitor the activities of specific individuals; and
- Shall not intentionally search network data reports for violations of law or policy.
However, if during the performance of their duties systems personnel inadvertently see information indicating serious misuse, they are advised to consult with their supervisor. For cases involving "improper governmental activity", see the "Policy on Reporting and Investigating Allegations of Suspected Improper Governmental Activities" and the Berkeley Campus whistleblower resources. If the situation is an emergency, intervening action may be appropriate.
The ECP governs all activities using UC electronic communication resources. ECP provisions must be followed when electronic communication records (see ECP Appendix A Definitions) are involved in any situation.
Departments must document and make available to their user's general information about their network data monitoring practices. If departments determine that it is necessary to examine suspect electronic communications records beyond routine practices, the user’s consent shall be sought. If circumstances prevent prior consent, notification procedures described in ECP Section IV.B.3 "Notification" shall be followed.
Any discussions with individuals about their activities on the network must be conducted within the context of applicable human resource policies or contracts, codes of conduct, affiliation agreements, or other applicable due process procedures.
Any requests for network data in support of academic research or instruction must be submitted to security-policy@berkeley.edu.