Privacy Statement for UC Berkeley Websites

PolicyRelated Guidelines

Effective Date:  April 2009
For questions about this policy, contact: itpolicy@berkeley.edu

Policy

  • The University of California, Berkeley is committed to protecting the privacy and accuracy of your confidential information to the extent possible, subject to provisions of state and federal law. Other than as required by laws that guarantee public access to certain types of information, or in response to subpoenas or other legal instruments that authorize access, personally-identifiable information is not actively shared. In particular, we do not re-distribute or sell personal information collected on our web servers.

Information collected

  • UC Berkeley websites may collect personal information such as name, address, e-mail address, telephone number(s), and/or educational interests. Such personal information may be requested by us for research, public service or teaching programs, or for administrative purposes. Additional personal information, such as credit card account information, may be requested for purchases or enrollment purposes.
  • Web servers typically collect, at least temporarily, the following information: Internet Protocol (IP) address of computer being used; web pages requested; referring web page; browser used; date and time. UC Berkeley may collect statistics identifying particular IP addresses from which our websites are accessed.

Use of collected information

  • UC Berkeley may use personal information collected from websites for the purpose of future communication back to online enrollees, in order to keep you informed of such activities as campus programs, symposia and/or special events, but only if you are provided the opportunity to opt out of that type of use.
  • UC Berkeley may use browser-IP-address information and anonymous-browser history to report information about site accesses and for profiling purposes. This information is generally used to improve Web presentation and utilization. The campus also may use IP address information for troubleshooting purposes.
  • Some UC Berkeley online activity sites may use "cookies" in order to deliver web content specific to individual users’ interests or to keep track of online purchasing transactions. Sensitive personal information is not stored within cookies.

Distribution of collected information

  • UC Berkeley will not disclose, without your consent, personal information collected about you, except for certain explicit circumstances in which disclosure is required by law.
  • UC Berkeley will not distribute or sell personal information to third-party organizations.

Individual choice

  • Individuals who wish to use methods other than online enrollment may submit requests by email or U.S. mail addressed to the UC Berkeley organization responsible for the website.

Access to own information

  • Questions regarding users’ rights to review, modify or delete their previously provided personal information should be directed to the campus organization to which they provided the information. Any disputes will be resolved under existing records regulations applicable to UC Berkeley.

Additional Information

  • For more detailed information about requirements for campus online activities see the e-Berkeley Policy section on Privacy and Confidentiality of Information.

Responsibility for external sites

  • UC Berkeley does not control the content or information practices of external organizations. We recommend you review the privacy statements of these organizations.
1

How to Write an Effective Website Privacy Statement

The Campus Online Activity Policy states:

"Technology service providers who collect data via website interfaces must adhere to the provisions of the Privacy Statement for UC Berkeley Websites and must post a privacy statement to notify users regarding the types and uses of data that is gathered. Online service providers may further refine the standard campus privacy statement to include additional privacy provisions, but may not reduce the level of their activities' compliance."

Your privacy statement must accurately reflect your site's data collection and use.

  • Your privacy statement should be clear, direct and easy to understand.
  • Keep technical jargon and legal terminology to a minimum.
  • If you decide to modify how you use personal information, you must inform your users.
  • A company’s privacy policy is only as strong as the staff that implements it.

How to write a privacy statement to reflect your site's data collection and use

1) Determine what types of information you collect from visitors to your website.  Is the information personally identifiable? For example does your site collect:

  • names
  • addresses
  • phone numbers
  • e-mail addresses
  • IP addresses
  • access dates and times

2) Why is this information collected? Is the data collection appropriate to the activity or transaction? If not, why do you collect it?

3) By what means is this information collected?

  • cookies
  • weblogs
  • surveys
  • web forms
  • registration for an event or course
  • newsletter sign-up
  • to place an order
    • credit card # ((Note: Billing and Payment Services approval is required to handle credit card transactions.)
    • SSN (As of July 1, 2010, Campus policy requires approval for all electronic processes that collect, use, or store SSNs.)

4) What will this information be used for and who will have access to it? (Campus policy prohibits sharing, re-distributing or selling personal information collected on webservers.)

  • Do you have the user's consent to collect and use the information?
  • Does the user have the option to prohibit such collection and use?
  • Is the site hosted by an outside vendor? What will they do with the information?
  • Does the site use any kind of analytics? If so, have you informed the user and provided directions to disable analytic tracking?
  • How long will the collected information be stored?

5) How will users be informed if your privacy policies change (including changes to how the information will be used)?

  • Via email?
  • Will you post a privacy statement modification date?

The Fair Information Practice Principles of transparency and consent require that consent is obtained prior to collection. Additionally, users must be informed if their information is used for any purposes other than for which consent was given.

6) How can visitors with questions about your site's privacy statement contact someone?

  • Have you provided a webmaster contact address?
  • Have you provided a departmental contact telephone number?

7) How is user information protected?

  • Computer safeguards?
  • Secured files and physical access controls?
  • If the site is not intended to handle confidential information,  have you informed users?
  • Are there alternate ways for users to provide confidential information, such as via staff phone numbers?
  • Is SSL activated?

Customizable Privacy Statement Templates

If your website does not collect analytics or other personal information, this sample Privacy Statement [WORD] can be customized (with revision dates, and contact information) for use on your UC Berkeley website.

If your website collects analytics or other personal information, this sample Privacy Statement [WORD] can be customized for use on your UC Berkeley website.

Some Campus Examples

  • Cal Performances: (click on the "Privacy" tab)
  • http://www.calperfs.berkeley.edu/buy/policies/?tab=4#TabbedPanels1
  • Graduate Division
  • http://www.grad.berkeley.edu/graddiv/privacy.shtml
  • Career Center
  • https://career.berkeley.edu/General/privacy.stm
  • Berkeley Security
    https://security.berkeley.edu/content/website-privacy-statement-berkeley-security

Resources

 

home