Each member of the Berkeley campus community and all individuals who collect, use, disclose or maintain UC Berkeley information and electronic resources must comply with the full text of all UCB IT policies. Selected policies and topics are highlighted below.
Protect University Information and Electronic Resources
Safeguard Sensitive Information
Use of the following types of data requires extra sensitivity due to the significant potential for misuse and costly reporting requirements in the event of unauthorized access. If your work involves handling any of these types of data, you must receive special training in the protection of electronic information. In addition, any systems that process this data must employ additional security measures as defined in the campus Minimum Security Standards for Electronic Information (MSSEI). Examples include:
* Social Security Numbers
* CA Driver’s License Numbers
* CA Identification Number
* Other government-issued ID numbers (passport, tax ID, military ID, etc.)
* Credit Card Numbers
* Financial Account Information and Loan Information
* Health Information
* Health Insurance Information
* Confidential Student Data
* Passphrases and other secret authentication information
* Some human genetic/genomic data
* Data identified by contract as restricted (e.g., federal research contracts/grants)
Secure All Devices
Basic security protections are required on all networked devices (computers, smart phones, printers, gaming systems, etc.):
* Regularly install software updates
* Install anti-malware software
* Use a host-based firewall
* Ensure adequate physical security
* Set devices to auto-lock when inactive
* Disable unnecessary services
* Select strong passphrases
* Keep privileged accounts separate from regular accounts
* Use the campus VPN when connecting remotely
See the campus Minimum Security Standards for Networked Devices (MSSND) for details.
Report Security Incidents or Suspicious Activity
Immediately report security incidents or suspicions that University information pertaining to you or to others or resources is missing, has been accessed without authorization, or has been altered.
Do not attempt to correct security issues yourself! Your efforts (e.g., turning off a printer to clear sensitive information from memory) may destroy important evidence needed to determine the nature and extent of a problem.
- Contact: security@berkeley.edu
- Or Report a Security Incident
Privacy of Electronic Communications
The privacy of electronic communications is governed by UC's Electronic Communications Policy.
The University does not examine or disclose electronic communications records without the holder's consent or, in specific situations, formal campus authorization; however, in some circumstances, information from your incidental personal activities may be accessed.
Routine Security Monitoring
Providers of electronic communications services ensure the integrity and reliability of systems under their control through the use of techniques that include routine monitoring of electronic communications (e.g., scanning, bandwidth monitoring) and network traffic inspection. User consent is not required for these routine monitoring practices.
Keep Personal Information Separate
Although incidental personal use of electronic resources is generally allowed, you are encouraged to organize and clearly mark information that is personal.
- For example, create a folder called "Personal" in your computer files or e-mail program to hold any personal information. When colleagues or supervisors need to find business-related information in your work area and you are not available to assist, these files will not be viewed.
- Co-mingled information (mixed work and personal) is presumed to be University information.
Ownership
Information related to the organization, functions, policies, decisions, procedures, operations, or other business activities of the university is owned by the Regents of the University of California.
- Significant University information should not be stored permanently in personal email accounts or computers, but should be stored in shared folders or institutional/departmental email accounts.
- Upon separation from the University, all University property, including email and electronic files, must remain with the University.
Use Campus Technology Responsibly
Campus computer use and network access is a privilege. Users must act responsibly and professionally, respect the rights of other users and treat them with civility, respect the integrity of the systems, data, and related physical resources, and observe all relevant laws, regulations, and contractual obligations.
Acceptable Use
In support of the University's mission of teaching, research, and public service, the University of California, Berkeley provides computing, networking, and information resources to the campus community. The campus policy on Acceptable Use of Technology Resources defines how those resources may be used.
Data / Record Retention
Know and follow record retention schedules: the less time you keep records (electronic and paper), the better! Organize and label the records you keep according to disposition dates.
Accessibility
The University of California is committed to providing an electronic environment that is accessible to everyone, including individuals with disabilities. Tools and Resources:
Copyright
Secure appropriate permission when uploading and downloading electronic content including copyrighted or trademarked material, such as text, logos, images, video, sound, programs, music, movies, games, etc. The campus Library and UC Copyright website both provide extensive guidance on copyright and fair use.