The software collects system activity data, primarily keeping it on your computer. Data is sent for analysis only if a security issue is detected and all handling follows strict privacy policies. Any security-related data is reported to Berkeley’s Privacy Office, and false alarms result in immediate data deletion.
Normal Process:
The software continuously documents recent system activity, like websites visited, names of files opened, and network connections. Data is stored on your computer for about 10 minutes, constantly updating as new activity replaces old data.
Alert Process:
Only if a potential security threat is detected will the system save the last 10 minutes of activity for further review. This data is temporarily stored and sent for analysis only if the issue is confirmed. If it's a false alarm, the data is deleted.
Manual Collection Process:
In rare cases, our security analysts may require collecting specific data to investigate a significant threat to campus–like ransomware or campus-wide incident. This may be performed prior to contact with the security contact, and will be documented as Access Without Consent as outlined by the Office of Ethics, Risk, and Compliance.
All actions are documented, and data is deleted within 30 days unless needed for ongoing investigation.
Enterprise Search Capabilities:
Security teams can search for specific security indicators on university computers. This tightly controlled search does not collect personal data beyond system-related activity.