Campus Online Activities Policy

Last Revised:  May 2010
Effective Date: 
Supersedes: E-Berkeley Policy for Campus Online Activities
Responsible executive: UC Berkeley Chief Information Officer (CIO)
Responsible office: Office of the CIO: Security, Privacy, and Policy
Contact: Berkeley Campus IT Policy Manager,


The University of California, Berkeley, recognizes the value and potential for faculty, students, and staff to use University electronic resources to enhance learning, research and public service. The information technology explosion has greatly expanded opportunities for innovative means to conduct campus activities, and the campus community must be mindful that these expanded opportunities will require a new sense of stewardship regarding the projection of the online image of the campus. The use of campus electronic resources under University jurisdiction must comply with University of California policies, rules, and regulations, as well as local, state, and federal laws. The University of California Electronic Communications Policy (ECP) ( governs all electronic communications, whether by the Web or other developing media. The Berkeley Campus Computer Use Policy  governs all campus computing and networking activities.

This Berkeley Campus Online Activities Policy establishes policy and offers guidelines where existing policies do not specifically address issues particular to the use of electronic resources. It also clarifies the applicability of law and of other University or Campus policies to online activities. Where possible, this Policy defers to other existing policies. Policies of particular importance in this area include the ECP and the Computer Use Policy which outline relevant information to guide UC Berkeley departments and individuals in creating their online presence.

Where the authorized officials to approve processes for topics included in this Policy have been identified, this document provides links to that information. When the identities of authorizing campus officials are known for activities included in the scope of this Policy, links to that information are provided. Also see the campus Guide to Administrative Responsibilities from the Controller's Office, for a broader range of information about campus authorizations and responsibilities.


This policy applies to all electronic resources owned or managed by the Berkeley campus and all electronic resources provided by the campus through contracts and other agreements. For example, any website using the Berkeley.EDU domain is governed by this Policy.

The Berkeley Community: CalNet ID and name registration in the Berkeley.EDU domain

Campus participants

Campus students, faculty, staff, and others affiliated with the University (including those in program, contract, or license relationships with the campus) may be eligible to use campus electronic communications resources or services. Individual members of the UC Berkeley Community are eligible to establish a UC Berkeley electronic identity (CalNet ID) and to register subdomain names in UC Berkeley's Internet domain Berkeley.EDU. The CalNet Gateway website provides guidance for the acquisition of a CalNet ID. Policy and procedures governing registration in Berkeley.EDU are contained in the Campus Domain Name System (DNS) Service Policy.

Eligibility to use campus services for any campus participant shall be determined by the appropriate authorizing official (see Criteria for Inclusion in the CalNet System A CalNet ID is only a means to verify a campus identity. It is not the sole means of determining permission to access specific services. Access to any Berkeley Campus service shall be determined by the provider of each resource or service by means of additional authorizing mechanisms. All use of Berkeley Campus online services is subject to compliance with applicable laws and University and campus policies.

Affiliates, support groups, and student organizations

Affiliate organizations covered by the University Policy and Administrative Guidelines on Support Groups, Campus Foundations, and Alumni Associations( are eligible to register in Berkeley.EDU) ( Other affiliate groups who want to register in Berkeley.EDU domain must have a formalized agreement with an authorized campus official, and the agreement must include authorization for use of the Berkeley Campus facilities, name, or other resources. Student organizations are granted a range of campus electronic communications resource privileges. Consult Campus Life and Leadership for more information on the application of this policy to online student organization activities. See Berkeley Campus Regulations Implementing University Policies (, Sections 211 and 212.

Programs offered to non-affiliated individuals or entities are not eligible to register in Berkeley.EDU. These programs for non-affiliates must independently register their name in a domain other than Berkeley.EDU, for example, .org. In very rare instances, if there is a compelling strategic argument to register these programs in Berkeley.EDU, approval must be granted by the Chancellor or the appropriate delegated authority, such as the Campus Technology Council (CTC). See Requests for Exceptional Registration in Berkeley.EDU ( for procedures for submitting exceptional requests.

Public participants

Individuals and organizations that have no affiliation with the campus may not use the Berkeley.EDU domain name for their resources. Also see the section on Use of University Name.

Privacy and confidentiality of information

Berkeley campus departments or units who provide online services ("technology service providers") must comply with all applicable University regulations and laws governing personal privacy and the confidentiality of information. Some state and federal laws preserve the confidentiality of identified classes of information (e.g., student educational records, personal employment information, or proprietary commercial software); records that do not fall under established legal protections are subject to public disclosure under law. Some specific guidelines include the following:

  • Existing privacy and confidentiality regulations that were created with paper records in mind continue to apply to the same categories of information existing in electronic form.
  • Privacy and confidentiality regulations protect not only individuals and groups affiliated with the campus, but also non-University users of campus online resources.
  • Service agreements that outsource data processing activities to third-party vendors must ensure compliance with the same privacy and confidentiality regulations as in-house activities. (See the requirement for review by the campus Business Contracts Office under "Relationships with vendors" in this document.)

Technology service providers must take a broad view of their privacy and confidentiality responsibilities, such as minimizing invasion into private lives and avoiding risks to health and safety. For example, the online publisher of a class roster who wishes to include student pictures and contact information must get permission from each student, and also must limit access to class members only, using password protection or other technologies.

For more information see the guide to Selected Privacy and Confidentiality Regulations  and thePrivacy Issues and Protection of Personal Information website. For additional assistance with privacy regulations, contact one of the Campus Privacy and Confidentiality Resource Contacts listed in Appendix A of this Berkeley Campus Policy on Online Activities.

Users of campus online resources should familiarize themselves with associated rights and risks regarding privacy and confidentiality. A good source for such information is the University of California Electronic Communications Policy Attachment 1: "User Advisories" sections: III. Privacy Expectations, IV. Privacy Protections, and V. Privacy Limits. Some factors that should limit users' expectation of privacy include:

  • laws that guarantee public access to certain types of information,
  • subpoenas or other legal instruments that authorize access to information,
  • legitimate business needs that necessitate the University's access to workplace records
  • computer system administration duties that sometimes result in unavoidable inspection of information, and
  • technical vulnerabilities inherent in electronic communications systems.

Privacy statement

Technology service providers who collect data via website interfaces must adhere to the provisions of the Privacy Statement for UC Berkeley Websites ( and must post a privacy statement to notify users regarding the types and uses of data that is gathered. Online service providers may further refine the standard campus privacy statement to include additional privacy provisions, but may not reduce the level of their activities' compliance.

Student information disclosure

The disclosure of information about students is governed by the Federal Family Educational Rights and Privacy Act (FERPA) and in part by the State of California Education Code. The University of California Policies Applying to the Disclosure of Information from Student Records( and Berkeley Campus Policy Governing Disclosure of Information from Student Records( [PPT]) provide guidance in complying with these laws.

Social security numbers

All Berkeley Campus units are required to obtain CIO approval for all processes that collect, use, or store Social Security Numbers associated with individuals. This requirement augments other existing Campus and UC policies protecting confidential information, including the Berkeley CampusMinimum Standards for Electronic Information and the University of California Electronic Security Policy, IS-3 [PDF].

Use of the University name and seal

Use of the University name is regulated by the State of California Education Code 92000(

The Berkeley Policy on the Use of the University's Name, Seals, and Trademarks ( clarifies that the name "University of California" and all abbreviations thereof may not be used to imply, either directly or indirectly, the University's endorsement, support, favor, association with, or opposition to an organization, product, or service without appropriate authorization. A January 21, 1998 Campus directive highlights provisions from that policy. The University Electronic Communications Policy, Section III.D states that:

References or pointers to any-non-University entity contained within University electronic communications shall not imply University endorsement of the products or services of that entity.

When an electronic communication might give the impression that the author's endorsement represents an endorsement by the University, the communication must include an explicit disclaimer. An appropriate disclaimer is:

Links on these pages to commercial sites do not represent endorsement by the University of California or its affiliates.

The University's names, seals, and trademarks convey the University's reputation of excellence. The campus community must exercise care in the use of these symbols in order to preserve their integrity and value as emblems of our institution. Use of the official seal of the Campus implies institutional support; therefore, it may only be used as authorized in the Berkeley Policy cited above. Consult theBusiness Contracts and Brand Protection (BCBP) for information on appropriate use of Berkeley trademarks and logos, particularly if they are intended for use in a commercial context, such as when promoting any products or services. Specific restrictions are outlined in BCBP's UC Berkeley Trademark Guidelines and Requirements.

Display of non-Berkeley marks on campus websites must ensure compliance with any trademark and copyright rights of their owners. (See the section of this Policy regarding Sponsorship, advertising, or other forms of acknowledgement.)

Sponsorship, advertising, or other forms of acknowledgement

UC Berkeley's Internet domain Berkeley.EDU is considered a campus trademark and any links to commercial entities or announcement of promotional activities on Berkeley.EDU websites must conform with the following:

  • An authorized campus official must approve the announcement of commercial promotional activities or links to commercial entities on departmental, program or project websites.
  • Use of commercial trademarks and logos on campus websites requires review by the Business Contracts and Brand Protection(BCBP ) (
  • References or links to a non-University entity shall not imply University endorsement of the products or services of that entity. Acknowledgements must be consistent with University policy on endorsement, such as the Berkeley Campus Regulations, section 230, Commercial Activity and Fund Raising (
  • Acknowledgements may not extensively promote the sponsor.
  • Acknowledgements may not be associated with activities that might diminish the integrity of the University's image and/or brand value.
  • Acknowledgements require a sponsorship agreement prepared by an approved campus unit such as the Berkeley Campus Business Contracts Office or the Sponsored Projects Office.

Commercial information may be published on campus websites in conjunction with University support programs that are allowed under University regulations or consistent with the business mandate of the campus department. Examples of acceptable promotional strategies for these activities include:

  • Promotional materials or links on websites as part of an instructional program or which serve an "informational function," as opposed to providing a means of stimulating demand for products; however, advertising and solicitations for any commercial purposes not under the auspices of the University are strictly prohibited on course websites.
  • A campus newspaper operated by students may publish paid advertising online.
  • Announcement of sport or music event programs may include advertisements provided the advertising does not constitute a separate, profit-making activity.
  • The sale of products or services in support of the instructional, research, or business needs of the University may include links to vendor products. Use of any vendor logos or other non-University trademarks on campus websites requires authorization by the owner.
  • The disseminating of employment information such as employer profiles, links to specific employer web sites and job resources web sites by campus career centers whose primary role is to assist students with employment opportunities.

Acknowledgement of non-University entities may take the following form: "We wish to acknowledge the following sponsors …" and may include the following:

  • logos and slogans that do not contain comparative or qualitative descriptions of the sponsor's products, services, facilities, or companies;
  • sponsor locations and telephone numbers;
  • value-neutral descriptions, including displays or visual depictions of a sponsor's product line or services;
  • brand or trade names and product or service listings;
  • links to non-University entities supporting departmental or program income-producing activities;
  • acknowledgement of contributions to a fund-raising event or a performing arts organization in the promotional website.

Links on campus websites that lead to off-campus, commercial, locations should be formatted so as to indicate separation from the campus. For example, it is advisable that any commercial links should open (or "spawn") a separate new browser window when they are clicked on.

All income produced from electronic promotional activities is subject to University procedures ensuring full compliance with the Unrelated Business Income Tax (UBIT) law.

Relationships with vendors

Agreements with and use of commercial service providers for online services must be consistent with University policy and the primary education, research, or public service goals of the department's, organization's, or individual's (faculty or staff) website. For example, these agreements cannot be used for personal financial gain (except as permitted under applicable academic personnel policies). The considerable opportunities for developing both informal and formal arrangements with commercial entities can challenge campus webmasters' ability to conform with established University controls. Relationships with vendors that result in a significant "visible presence" for a commercial entity on a department or individual website should be reviewed by the appropriate campus oversight office. Decisions regarding appropriateness shall be based on standards defined in existing University and campus policies and regulations. Consult with the Berkeley Campus Business Contracts Office (BCO) ( to ensure that agreements with and use of commercial service providers for the conduct of online activities conform with University and campus policies.

The BCO is delegated the authority to execute various service agreements between campus units and external entities, and their review must be included for any contracts negotiating online service agreements with third-party vendors. This pertains to click agreements as well as standard written agreements or contracts. In particular, in order to ensure appropriate protection of University records, agreements that involve external hosting of University records must receive campus review and approval. The BCO uses the following criteria to escalate reviews through departmental approval structures:

  • Dollars involved: dollars expended or dollars of revenue expected.
  • Newsworthiness: whether the contract will be of interest to the press.
  • Precedent: whether this type of arrangement has been reviewed and approved previously.
  • Risk: potential for negligence, personal injury, product liability or failure of performance by the contracting party.
  • Sensitive data: access to or release of any personally identifiable or other confidential records on non-University hosts require appropriate procedures to ensure protection of University records.

In compliance with UCOP's Business and Finance Bulletin IS-10 on Systems Development Standards, the Campus Technology Council (CTC) is tasked with reviewing systems that take more than one year to develop and implement, cost more than $100,000, or meet certain other criteria. See the CTC website at for more details.

Use of electronic mail

The campus encourages the use of electronic communications to share information and knowledge in support of the University's mission of education, research and public service and to conduct the University's business. The Electronic Communications Policy (ECP) governs all electronic communications; it also provides User Advisories regarding User Responsibilities, Privacy Expectations, Privacy Protections, Privacy Limits, and Security Considerations. This Berkeley Campus Online Activities Policy augments the ECP with the following policy provisions:

Directory information

To facilitate effective communications on campus:

  • All Berkeley campus students must establish a email address. Students are responsible for keeping the address current and for regularly monitoring their email for official communications from the University. (See the Campus Policy on E-Mail Addresses for Students.)
  • Faculty and staff are strongly encouraged to maintain a current contact email address.

Mass mailings

To minimize the impact of email traffic on the campus community and to avoid placing undue burden on computing and networking systems, large-scale campus electronic mailings should be restricted to the following circumstances:

  • for the purpose of conducting official campus business, or
  • to mailing lists to which the recipients have subscribed.

Official campus mailings must be approved by an authorized campus official for the organizational unit or the target audience. Individuals who are included in distribution lists for official campus notifications do not have the option to have their address removed from the list. All campus electronic mailings are subject to regulations governing privacy, such as limits on the use of directory information. Campus email address lists may not be distributed to off-campus entities.

  • Mailings to students must have approval by the Office of the Registrar (, 643-7490).
  • Email notifications to faculty and staff for official campus communications must use the Web-based campuswide email communication system CALmessages(
  • Mailings to Berkeley campus alumni or donors who have not consented to be included in a distribution list must have approval by University Relations.

Any electronic mailings that are large enough to negatively affect network or systems performance must be coordinated through Information Services and Technology (IST). For help in assessing the potential impact of your mailing on network performance, or to request assistance,

Campus electronic mailings may not be used to advertise or solicit commercial activities or services, except that:

  • Electronic mailings regarding commercial activities in direct support of campus department or unit functions and sanctioned by the relevant campus organizational control unit may be considered departmental business.
  • Departments may engage in mass mailing solicitations for their income-producing programs that are specifically allowed under University regulations and with the approval of the relevant authorizing official(s) for the target audience.

See "Guidelines for Complying with Federal Anti-Spam Law," available from the University of California Office of the President website.  Also see the Sponsorship, advertising, or other forms of acknowledgement section of this Policy.


The University of California Copyright Education Web Site( provides a rich resource on copyright-related issues.

Copyright notice

A copyright notice should be posted on campus websites to clarify who owns the work, emphasize that the University (or other affiliated owner) asserts copyright ownership, and encourage contact by those who wish to use the material. Also, it is helpful for sites to provide permission notices that describe the conditions for use of online works by others. For additional information and examples of copyright notices and permission statements, see Copyright Notices on Campus Websites(

Copyrighted ownership

U.S. Copyright law and University policy govern the creative works of faculty, students, and staff posted on campus electronic systems. Creators of works are advised to familiarize themselves with University and campus copyright policy and guidelines when posting materials on campus websites. See the University of California Policy on Copyright Ownership (1992) ( and University of California Policy and Guidelines on the Reproduction of Copyrighted Materials for Teaching and Research (1986) ( for the full text of University policy.

The University of California Standing Committee on Copyright ( is charged to align University copyright policy and management with the goals of the academic mission in the context of continuous and rapid change. Refer to their website for current UC policy on ownership of course materials, particularly those in digital form.

Using copyrighted works and Fair Use

Creators must secure appropriate permission when including copyrighted or trademarked material, such as text, logos, photographic images, video, sound, or graphic illustrations. Fair Use provisions allow use of copyrighted material without the authorization from the copyright owner for limited purposes, such as criticism, comment, news reporting, teaching, scholarship, or research. For more information see OTT's website: "What is Fair Use" ( Information Resources & Communications at the University of California clarifies its position with respect to digital copyright at the "Digital Copyright Protection at the University of California" website (  Instructions for submitting Digital Millennium Copyright Act (DMCA) allegations of copyright infringement for UC Berkeley online locations to the UC Berkeley DMCA designated agent are available online at

Guidance for instructors

Only authorized UC Berkeley community members, after securing authorized approval, are permitted to capture in electronic form instructionally-related materials, such as lectures, PowerPoint presentations, and class room discussion. Instructors and website developers must comply with existing policies relating to instruction ( Developers of course websites must take appropriate measures to protect against claims of copyright infringement, such as password-protecting those parts of the site that contain copyrighted material in order to limit access to class participants.

Links to several sites offering additional copyright guidance are listed at Copyright Information Resources (

The Educational Technology Services unit ( may be able to assist campus faculty and academic support staff with copyright questions regarding use of online technology for teaching and learning.

Technical infrastructure and applications

The Campus strongly encourages the creation of a technical framework that offers a frictionless environment supporting integration, communication, collaboration, and compatibility of technology-enabled learning and business systems. To meet this goal, UC Berkeley has adopted an enterprise-wide, component-based technical framework to facilitate the integration of and access to enterprise and departmental applications and data in the campus environment.

Use of CalNet data in applications

CalNet is a unified directory service and authentication infrastructure intended to provide campus departments with a centralized means by which they can validate users who need or wish to access departmental applications. See the CalNet Gateway website for complete information, including CalNet Policies for users, deputies, developers, and data owners (
Application developers wishing to use CalNet infrastructure data must register in the CalNet administrative system. This registration should occur after specific data and technical needs have been identified. See "How to incorporate CalNet services into your application" from the CalNet Information for Application Developers website.


The University of California's Information Technology Accessibility Policy (effective August 27, 2013) states that all campus websites and web applications should be accessible to people with disabilities, including those who use assistive technologies.

For more information, please see the following pages on the Web Accessibility website:

For assistance with campus online resource accessibility technology, contact

Enterprise Architecture

The Information Technology Architecture Committee (ITAC) ( has collected a set of Enterprise Architecture Documents ( ) that discuss the framework and the rationale for UC Berkeley's Enterprise architecture. This enterprise architecture is based on operational and technical principles that are described in the ITAC reports as well as the UC-wide report: UC 2010: A New Business Architecture for the University of California , July 2000 (  Starting in 2007, ITAC will develop a set of high-level architectural roadmaps that will serve as guidelines and frameworks to use in evaluating future technology investments and initiatives campuswide.

Campus units are urged to evaluate the applications and services they intend to implement to determine whether their technical choices will facilitate the systems' compliance with the Berkeley Campus architectural framework. The ITAC maintains Enterprise Architecture Guidelines to aid in such evaluations. The Campus Technology Council may require an architectural review by the ITAC for proposed applications or technology investments that will have critical impact on the Berkeley Campus online environment.

System and network security

In order to provide its constituency with secure yet open electronic communications, the campus must protect the physical and logical integrity of its networks, computers, software and data. There are a variety of potential security threats to these resources, including unauthorized intrusions, malicious misuse, or inadvertent compromise.

Campus departments, units, or groups must establish appropriate security guidelines, standards, or procedures that pertain to electronic information resources under their purview. Activities outsourced to off-campus entities must comply with the same security requirements as in-house activities.

Policies and guidelines related to campus IT security include:

Web publishing

Website identification and style

All websites under campus jurisdiction (i.e., on UC Berkeley servers or commercial servers funded by campus budgets) must display the following information on at least one page (preferably the first page) of the site:

  • the name of the campus unit, department, or affiliated individual publishing the site
  • contact information

The date of last revision should be included on a website when the timeliness of the content information is pertinent to the usability of the information. For example, any reference information, procedures, policies, or other material that could be subject to frequent changes should include the date.

Also, a copyright notice should be included on campus websites. For additional information and examples of copyright notices and permission statements, see Copyright Notices on Campus Websites.  See the “Copyright” section of this Policy for general copyright information.

A campus department or unit may establish additional local policies and guidelines governing content and style of websites under its jurisdiction. Guidance in this regard is available from resources such as:

  • Berkeley's Style Manual: guidelines for using campus-identifying components in a consistent and appropriate manner.
  • The UC Office of the President Stylebook.

Berkeley Home Page website registration

Registration through the UC Berkeley Web Registry ( is required in order for a site to be linked from the Berkeley Home Page. This registration is available to campus departments or units that are part of the campus organization, or to programs or groups that have formalized agreements with the campus or have been officially designated as Support Groups, Campus Foundations and Alumni Associations (

The locations of links from the Berkeley Home Page are determined by the Public Affairs Office in consultation with the applicant. All registered sites must comply with the UC Berkeley Web RegistryTerms and Conditions. Registration of a site requires submission of site name and URL, site description and keywords, and contact information for the site's publisher.

Course websites are published through the Online Schedule of Classes( Several Learning Management Systems, i.e., centralized online repositories of online course data, with built-in tools for developing, administering, and publishing course websites, are currently supported by UC Berkeley. For more information see the campus ETS Web Services site (

Student organization sites should be registered through Campus Life and Leadership's Student Organizations Registry (

Personal websites

The University of California, Berkeley supports the concept of faculty, staff, and students creating personal websites that provide information relevant to the individual's role at the campus. Any uses of the University name or marks are subject to restrictions on Use of the University name and seal (see that section in this Policy).

Sites on University servers may not be used to promote personal business or to provide personal financial gain, except as permitted under applicable academic personnel policies. (See Section M of theBusiness and Finance Bulletin 29 - Management and Control of University Equipment,

Personal sites shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless appropriately authorized (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer shall be included unless it is clear from the context that the author is not representing the University. An appropriate disclaimer is:

The opinions or statements expressed herein should not be taken as a position of or endorsement by the University of California, Berkeley.

Personal sites may not be registered with the UC Berkeley Web Registry(

Policy violations

Violations of University policies governing the use of University electronic resources may result in restriction of access to University information technology resources. In addition, disciplinary action may be taken under other University policies, guidelines, implementing procedures, or collective bargaining agreements, up to and including dismissal. Any restrictive action must follow standard University procedures that assure due process.

Submit any questions regarding possible violation of policy or law to either the appropriate authority as defined under Appendix B, "Responsible Entities" and "Resource Offices" ( or to  See Responding to Inappropriate Use of Computing and Network Resources.

Questions about this Policy may be addressed to

Updates approved by the Campus Technology Council May 24th, 2010