Notice: This policy is scheduled to be rescinded on June 30, 2027.
Last Revised: May 2010. Technical update June 2026.
Effective Date:
Supersedes: E-Berkeley Policy for Campus Online Activities
Responsible executive: UC Berkeley Associate Vice Chancellor for Information Technology (AVC for IT) and Chief Information Officer (CIO)
Responsible office: Berkeley IT Policy Office
Contact: Berkeley IT Policy Manager, itpolicy@berkeley.edu
I. Introduction and Policy Summary
The University of California, Berkeley, recognizes the value and potential for faculty, students, and staff to use university IT Resources to enhance education, research, and public service. As technology evolves, the campus community must actively steward the digital representation of the campus. The use of campus IT Resources and services under university jurisdiction must also comply with University of California policies, rules, and regulations, as well as local, state, and federal laws. The UC Electronic Communications Policy (ECP) governs all electronic communications. The Berkeley campus policy on Acceptable Use of Technology Resources (“Acceptable Use Policy” or AUP) governs the use of all campus computing, networking, and information resources.
This Berkeley Campus Online Activities Policy establishes policy and offers guidelines where existing policies do not specifically address issues particular to the use of IT Resources and the university’s online presence. It also clarifies the applicability of law and of other university or campus policies to these areas. Policies of particular importance in this area include the ECP and the AUP, which guide UC Berkeley departments and individuals in creating and managing their online presence. In the event of a conflict between this policy and the law or policies/regulations listed as authoritative, those authorities take precedence.
II. Definitions
Definitions of key terms used in this Policy are included in UC Berkeley’s Information Security Policy Glossary
III. Scope of the Policy
This policy applies to all IT Resources owned or managed by the Berkeley campus and all IT Resources provided by the campus through contracts and other agreements. For example, any website using the berkeley.edu domain is governed by this Policy.
IV. Policy and Procedures
A. The Berkeley Community: CalNet and Name Registration in the Berkeley.EDU Domain
Campus students, faculty, staff, and others affiliated with the university (including those in program, contract, or license relationships with the campus) may be eligible to use campus electronic communications resources or services as determined by their campus affiliation and the access rules set by the service proprietor.
1. CalNet
a. CalNet ID
Individual members of the UC Berkeley community are eligible to establish a UC Berkeley electronic identity (CalNet ID), which provides access to many campus systems and IT services. A CalNet ID is only a means to authenticate an active campus electronic identity. It is not the sole means of determining permission to access specific services. The CalNet for Me website and CalNet User Terms of Service provide guidance for the acquisition of a CalNet ID, including eligibility, terms of use, and related policies.
b. CalNet services
CalNet offers a variety of identity and access management services to the campus community. See the Identity and Access Management section of the IT Service Hub to find available CalNet services and offerings. For details on CalNet policies and terms of service, see CalNet Terms of Service
c. Use of CalNet data in applications
CalNet is a unified directory service (LDAP - Lightweight Directory Access Protocol) and authentication infrastructure intended to provide campus departments with a centralized means by which they can validate users who need or wish to access departmental applications.
- Application developers wishing to use CalNet infrastructure data must register in the CalNet administrative system.
- See the CalNet website for complete information, including CalNet Policies for users, technologists, and departments.
2. Name registration in the Berkeley.EDU domain
Individual members of the UC Berkeley community are also eligible to request subdomain names, websites, and have an email address in UC Berkeley's Internet domain, berkeley.edu, as defined in the CalNet Service Policies (see above) and Domain Name System (DNS) Service Policy (link below). Affiliates, support groups, and student organizations may be eligible in defined circumstances. Individuals and organizations that have no affiliation with the campus may not use the berkeley.edu domain name. Policy and procedures governing registration in the berkeley.edu domain are contained in the campus Domain Name System (DNS) Service Policy and Resources. Also see the section below on Use of University Name and Seal
B. Privacy and Confidentiality of Information
1. Laws, Regulations, and Privacy Principles
Berkeley campus departments or units that provide online services ("IT Service Providers") must comply with all applicable university regulations and laws governing personal privacy and the confidentiality of information. Some state and federal laws preserve the confidentiality of identified classes of information (e.g., student educational records, personal employment information, or proprietary commercial software); records that do not fall under established legal protections are subject to public disclosure under law.
Some specific guidelines include the following:
- Existing privacy and confidentiality policies and regulations that were created with paper records in mind continue to apply to the same categories of information existing in electronic form.
- Privacy and confidentiality regulations protect not only individuals and groups affiliated with the campus, but also non-university users of campus online resources.
- Service agreements that outsource data storage and processing activities to third-party vendors must ensure compliance with comparable privacy and confidentiality regulations as in-house activities. (See the requirement for review under "Relationships With Vendors" in this policy.)
IT Service Providers must take a broad view of their privacy and confidentiality responsibilities as outlined in UC’s Privacy Principles. For example, the online publisher of a class roster who wishes to include student pictures or contact information must get permission from each student, and also must limit access to class members only, using password protection or other technologies.
The University of California Electronic Communications Policy (ECP) outlines information about rights, risks, and responsibilities regarding privacy and confidentiality, including limitations to the privacy protections provided by university policy. Factors that may limit an individual’s privacy include:
- Laws that guarantee public access to certain types of information.
- Subpoenas or other legal instruments that authorize access to information.
- Legitimate business needs that necessitate the university's access to workplace records.
- Computer system administration and routine monitoring duties that sometimes result in the unavoidable inspection of information.
- Technical vulnerabilities inherent in electronic communications systems.
2. Website privacy statements
Anyone who collects data via a campus website (including website analytics) must adhere to the Privacy Statement for UC Berkeley Websites and must link to it or post a separate privacy statement to notify users regarding the types and uses of data that is gathered. IT Service Providers may further refine the default privacy statement to include additional privacy protections, but may not reduce protections below the baseline defined in the campus default privacy statement. Direct questions about allowable website privacy practices to the Privacy Office.
3. Privacy Resources
For more information, see the campus guide to Selected Privacy and Confidentiality Regulations. For additional assistance with privacy regulations, contact the Privacy Office (privacyofficehelp@berkeley.edu).
The Privacy Office, in collaboration with the Information Security Office, advises IT Service Providers, system and data proprietors, and users on interpretation and application of the data classification standard in alignment with laws, regulations, policy, and privacy principles.
C. Use of the University Name and Seal
Use of the university name is regulated by Article 1 of the State of California Education Code 92000.
The name "University of California" and all abbreviations thereof may not be used to imply, either directly or indirectly, the university's endorsement, support, favor, association with, or opposition to an organization, product, or service without appropriate authorization, as stated in California Education Code 92000. The UC Electronic Communications Policy (Section III.D) includes a similar restriction, including with respect to references or pointers to non-university entities contained within university electronic communications.
Questions about the use of the university’s name or marks in electronic communications, including on websites, whether by university or non-university entities or individuals, and particularly if intended for use in a commercial context, should be directed to Brand Management at brandmanagement@berkeley.edu.
Display of non-Berkeley marks on campus websites must ensure compliance with any trademark and copyright rights of their owners. (See the “Advertising or Other Forms of Sponsor Acknowledgment” section of this Policy.)
D. Advertising or Other Forms of Sponsor Acknowledgment
UC Berkeley's Internet domain berkeley.edu is considered a campus trademark, and any links to commercial entities or announcements of promotional activities on berkeley.edu websites must conform with the following:
- Acknowledgments require a sponsorship agreement or a documented gift acceptance prepared by those with the Delegated Authority to execute such agreements on campus. A current list of delegations can be found at: https://oercs.berkeley.edu/delegations-authority.
- Brand Management must approve the announcement of commercial promotional activities or links to commercial entities on departmental, program, or project websites. At its discretion, Brand Management may issue standardized guidelines or identify specific categories of activities that are deemed pre-approved.
- References or links to a non-university entity shall not imply university endorsement of the products or services of that entity (see UC ECP Section III.D).
- Acknowledgments may not extensively promote the sponsor.
Commercial information may be published on campus websites in conjunction with university support programs that are allowed under university regulations or consistent with the business mandate of the campus department. Examples of acceptable promotional strategies for these activities include:
- Promotional materials or links on websites as part of an instructional program or which serve an "informational function," as opposed to providing a means of stimulating demand for products; however, advertising and solicitations for any commercial purposes not under the auspices of the university are strictly prohibited on course websites.
- A campus newspaper operated by students may publish paid advertising online.
- The sale of products or services in support of the instructional, research, or business needs of the university, subject to an authorized and valid university agreement, may include links to vendor products. Use of any vendor logos or other non-university trademarks on campus websites requires authorization by the non-university trademark owner.
- The dissemination of employment information, such as employer profiles, links to specific employer websites, and job resources websites by campus career centers whose primary role is to assist students with employment opportunities.
Acknowledgement of non-university entities may include the following:
- Logos and slogans that do not contain comparative or qualitative descriptions of the sponsor's products, services, facilities, or companies;
- Sponsor locations and telephone numbers;
- Value-neutral descriptions, including displays or visual depictions of a sponsor's product line or services;
- Brand or trade names and product or service listings;
- Links to non-university entities supporting departmental or program income-producing activities;
- Acknowledgement of contributions to a fundraising event or a performing arts organization on the promotional website.
Links on campus websites that lead to off-campus, commercial locations should be formatted so as to indicate separation from the campus. For example, any commercial links should open (or "spawn") a separate new browser window when they are clicked on.
All income produced from electronic promotional activities is subject to university procedures ensuring full compliance with the Unrelated Business Income Tax (UBIT) law.
E. Relationships With Suppliers
Agreements with and use of third-party service providers for online services must be consistent with university policy and the primary education, research, or public service mission of the university.
Third-party relationships for business purposes must be processed through authorized campus channels to ensure compliance with applicable laws, regulations, and policies. This pertains to click-through agreements as well as standard written agreements or contracts. In particular, in order to ensure appropriate protection of Institutional Information, agreements that involve external hosting of Institutional Information, or access to university IT Resources, must receive campus review and approval. A current list of those with the Delegated Authority to execute such agreements on campus can be found at: https://oercs.berkeley.edu/delegations-authority. Use of third-party services that have not completed required review and approval processes is prohibited for non-public Institutional Information.
The Business Office in the office of the Associate Vice Chancellor for Information Technology and Chief Information Officer is tasked with reviewing technology acquisitions that cost more than $100,000, as part of the Supply Chain Management/Procurement process.
F. Use of Electronic Mail
The campus provides IT Resources in support of the university's mission of education, research, and public service, and to conduct the university's business. The Electronic Communications Policy (ECP) governs all electronic communications; it also provides User Advisories regarding User Responsibilities, Privacy Expectations, Privacy Protections, Privacy Limits, and Security Considerations. This Berkeley Campus Online Activities Policy modifies the ECP with the following policy provisions:
1. Directory Information
To facilitate effective communications on campus, all students and employees must establish a berkeley.edu email address as part of the matriculation or hiring process.
Students are responsible for keeping the address current and for regularly monitoring their email for official communications from the university. (See the Campus Policy on Student E-Mail Addresses.)
2. Mass Mailings
To minimize the impact of email traffic on the campus community and to avoid placing undue burden on computing and networking systems, large-scale campus electronic mailings should be restricted to the following circumstances:
- For the purpose of conducting official campus business, or
- To mailing lists to which the recipients have subscribed.
Mass mailings must be approved by an authorized campus official for the organizational unit or the target audience. Individuals who are included in distribution lists for official campus notifications do not have the option to have their address removed from the list. Additionally, all campus electronic mailings are subject to regulations governing privacy, such as limits on the use of directory information.
-
Campus email address lists may not be distributed to off-campus entities without written approval from the Institutional Information Proprietor or a formal contractual relationship.
-
Mass email notifications to faculty and staff for official campus communications must use the campuswide email communication system, Calmessages
-
Mass mailings to Berkeley alumni and donors, who have not consented to be included in a distribution list must have approval by University Relations, as indicated in the campus’s advancement database (CADS), the campus’s annual fund solicitation and prospect development policies, and other relevant policies as they may be promulgated and revised over time. Contact cadshelp@berkeley.edu with questions.
-
See the campus directory terms of use for limitations on the directory’s use and use of the information it contains.
Campus electronic mailings may not be used to advertise or solicit commercial activities or services, except that:
- Electronic mailings regarding commercial activities or strategic partnerships in direct support of campus department or unit functions and sanctioned by the relevant campus organizational control unit may be considered departmental business.
- Departments may engage in mass mailing solicitations for their income-producing programs that are specifically allowed under university regulations and with the approval of the relevant authorizing official(s) for the target audience.
Any electronic mailings that are large enough to negatively affect network or systems performance must be coordinated through the particular email service provider (e.g., Berkeley Information Technology (IT) for campus email). For help in assessing the potential impact of your mailing on network or system performance, or to request assistance, contact the relevant campus email provider. For campus email, contact bConnected@berkeley.edu.
See the following for additional information:
-
UC Berkeley’s policy on Acceptable Use of Technology Resources (including email)
-
Also see the Advertising or Other Forms of Sponsor Acknowledgment section of this Policy
G. Copyright
As both creators and users of copyrighted materials, members of the UC Berkeley community should understand and responsibly exercise their rights and obligations under both U.S. Copyright Law and UC policy. The University of California Copyright Web Site provides a rich resource on copyright-related issues, including ownership, fair use, classroom and online teaching considerations, and more.
1. Copyrighted ownership
U.S. Copyright law and university policy govern the copyright ownership of works created by faculty, students, and staff. See the Works Created at UC web page for more information, including the Copyright Ownership policy (2021) and Ownership of Course Materials policy (2003). Creators of works are advised to familiarize themselves with UC policy and guidelines when posting materials on campus websites.
2. Fair Use
Fair use allows limited copying or use of copyrighted works without having to seek the copyright owner’s permission, when the use is for purposes such as teaching, research, scholarship, reporting, criticism, or parody. See the Fair Use for Teaching and Research webpage for guidance. The UC’s policy on Copyright and fair use (2015) encourages faculty, staff, and students to use copyrighted materials appropriately within fair use guidelines to fulfill the teaching, research, and public service mission.
Outside of Fair Use, creators must secure appropriate permission when including copyrighted or trademarked material, such as text, logos, photos, video, sound, or graphic illustrations, in their works.
3. Copyright notice
A copyright notice should be posted on campus websites to clarify who owns the work, such as the university or another affiliated owner. Even if a copyright notice is presented on a campus website, viewers may still use content from those sites if their use is a fair use.
It is also helpful for sites to provide permission notices that describe the conditions for use of online works for users who wish to exceed fair use. If you direct people to obtain a license when exceeding fair use, note that only the UC Regents may grant licenses to use UC Regents-copyrighted works. For sites wishing to provide broader permissions through Creative Commons or similar licenses, only individuals or entities who are the copyright owners or have proper delegated authority may license UC-owned materials on behalf of The Regents. Berkeley Contracts and Brand Protection can issue these licenses for The Regents.
For additional guidance on copyright notices and permission statements, see Copyright Notices on Campus Websites.
4. Additional Resources
The Library’s Scholarly Communication & Information Policy office offers extensive guidance and consultations on copyright and fair use for research, publishing, and instruction.
Instructions for submitting Digital Millennium Copyright Act (DMCA) allegations of copyright infringement for UC Berkeley online locations are available via the Information Security Office
H. IT Accessibility
The University of California's Information Technology Accessibility Policy identifies accessibility standards that all websites, web applications, and web content; Social Media; digital documents; course content; and 3rd party technology, services and content must meet.
For more information, please see the Digital Accessibility website
For assistance with campus technology accessibility, contact improving-accessibility@berkeley.edu
I. Information Security
In order to provide its constituency with secure yet open IT Resources, the campus must protect the physical and logical integrity of its networks, computers, software and data. There are a variety of potential security threats to these resources, including unauthorized intrusions, malicious misuse, or inadvertent compromise.
Campus departments, units, and groups must establish procedures to ensure that Institutional Information and IT Resources under their purview are appropriately protected and comply with campus information security policies and standards
J. Web Publishing
1. Website identification and style
All websites under campus jurisdiction (i.e., on UC Berkeley servers or commercial servers funded by campus budgets) must display the following information on at least one page (preferably the first page) of the site:
-
The name of the campus unit, department, or affiliated individual publishing the site;
-
Contact information.
The date of last revision should be included on a website when the timeliness of the content information is pertinent to the usability of the information. For example, any reference information, procedures, policies, or other material that could be subject to frequent changes should include the date.
Also, a copyright notice should be included on campus websites. For additional information and examples of copyright notices and permission statements, see Copyright Notices on Campus Websites. See the “Copyright” section of this Policy for general copyright information.
A campus department or unit may establish additional local policies and guidelines governing the content and style of websites under its jurisdiction. Guidance in this regard is available from resources such as:
-
UC Berkeley Brand Guidelines, available at https://brand.berkeley.edu: guidelines for using campus-identifying components in a consistent and appropriate manner.
-
UC Berkeley Brand Editorial Resources: includes links to preferred style guides.
-
The UC Office of the President Brand Guidelines, available at: https://brand.universityofcalifornia.edu/
2. Berkeley Home Page website registration
Registration through the UC Berkeley Web Registry is required in order for a site to be linked from the Berkeley Home Page. This registration is available to campus departments or units that are part of the campus organization, or to programs or groups that have formalized agreements with the campus or have been officially designated as Support Groups, Campus Foundations and Alumni Associations
The locations of links from the Berkeley Home Page are determined by Strategic Communications in consultation with the applicant. All registered sites must comply with the UC Berkeley Web Registry Terms and Conditions. Registration of a site requires submission of site name and URL, site description and keywords, and contact information for the site's publisher.
Course websites are published through the Online Schedule of Classes. Several Learning Management Systems, i.e., centralized online repositories of online course data, with built-in tools for developing, administering, and publishing course websites, are currently supported by UC Berkeley. For more information see the Research, Teaching, and Learning "Supported Learning Tools” webpage
Student organization sites should be registered through the Organization Advising & Student Involvement Services (OASIS) team (https://lead.berkeley.edu/student-orgs/).
3. Personal websites
UC Berkeley supports the concept of faculty, staff, and students creating personal websites that provide information relevant to the individual's role at the campus. Any uses of the campus name or marks are subject to restrictions on Use of the University Name and Seal (see that section in this Policy).
Sites on university servers may not be used to promote personal business or to provide personal financial gain, except as permitted under applicable academic personnel policies. (See Section M of the UC Business and Finance Bulletin 29 - Management and Control of University Equipment.)
Personal sites shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the university or any unit of the university unless appropriately authorized (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer shall be included unless it is clear from the context that the author is not representing the university. An appropriate disclaimer is:
“The opinions or statements expressed herein should not be taken as a position of or endorsement by the University of California, Berkeley.”
Personal websites may not be registered with the UC Berkeley Web Registry (http://berkeley.edu/registry/index.shtml).
V. Responsibilities
This policy includes elements associated with multiple responsible offices and functions across campus, as indicated in the policy text and Appendix A. The Berkeley IT Policy Office is responsible for the maintenance of this policy. Questions may be addressed to itpolicy@berkeley.edu.
VI. Consequences of Policy Violations
Violations of university policies governing the use of university IT Resources may result in restriction of access to university information technology resources. In addition, disciplinary action may be taken under this and other university policies, guidelines, implementing procedures, or collective bargaining agreements, up to and including dismissal. Any restrictive action must follow standard university procedures that assure due process.
Submit any questions regarding possible violation of policy or law to either the appropriate authority as defined under Appendix A, "Responsible Entities" (see "Resource Offices") or to itpolicy@berkeley.edu. See How do I report Computer or Network Misuse?
VII. Additional Related Policies and Procedures
-
UC Business and Finance Bulletin A-61, Procedures for Determining Unrelated Business Income and Expenses
-
UC Business and Finance Bulletin BUS-29, Management and Control of University Equipment Section M - Personal Use of Property: Section M - Personal Use of Property
-
UC Whistleblower Policy and the Whistleblower Protection Policy
-
University of California Policies Applying to Campus Activities, Organizations, and Students (PACAOS): Section 30 Policy on Speech and Advocacy
-
Berkeley Campus Policy on Disclosure of Information from Student Records
VIII. Appendix
- Appendix A: Responsible Entities