Resources

Organizations

Campus

• Institutional Review Board (IRB) 

  The UCLA Institutional Review Boards review all research activities  conducted at UCLA involving human subjects for compliance with federal regulations.

• Records & Resource Management Department

  The Records Management Department provides three major services for the campus community:  public information request processing, subpoena processing and records management consulting and services.

Government

• California Office of Privacy Protection

  The Office of Privacy Protection assists individuals with identity theft and other privacy-related concerns; provides consumer education and information on privacy issues; coordinates with local, state and federal law enforcement on identity theft investigations; recommends policies and practices that protect individual privacy rights.

Documents

UCLA & UC Policies

• UCLA Policy 220:  Disclosure of Information from Student Records
  

  This policy applies only to Records pertaining to Students in their capacity as Students; it is not applicable to other Records which are maintained for purposes unrelated to a Student’s status as a Student. The Disclosure of information from Student Records is governed by the Federal Family Educational Rights and Privacy Act (FERPA). It is the purpose of this policy to provide reasonable interpretations of those laws and to protect the Student’s right of privacy as guaranteed by the Constitution of the State of California.

• UCLA Policy 420:  Notification of Breaches of Computerized Personal Information – Attachment B, Data Security Guidelines
  

  Policy 420 is intended to enhance the management of Personal Information that could be used, possibly in conjunction with other information, to impersonate an individual in ways that might cause loss of privacy and/or financial damage. The principles set forth in these guidelines are to be used to establish best practices to minimize the collection, distribution, and retention of personally identifying electronic data.

• UCLA Policy 455:  UCLA Email Policy
  

  This Policy clarifies the applicability of law and of other University policies to Electronic Mail. It also defines new policy and procedures where existing policies do not specifically address issues particular to the use of Electronic Mail. This campus Policy reflects all of the relevant provisions in the University Electronic Communications Policy (ECP) concerning Email and has been extended to include certain required campus implementations in the area of Electronic Mail only.

• UCLA Policy 603:  Privacy of and Access to Information (Legal Requirements)
  

  This document explains the general legal requirements governing privacy of and access to information, and establishes campus procedures to implement requirements of the State of California Information Practices Act. The legal requirements apply to general University Records. They supplement established University student, academic, and staff personnel policies which govern maintenance and access to Records.

• UC Electronic Communications Policy

  The University recognizes that principles of academic freedom and shared governance, freedom of speech, and privacy hold important implications for the use of electronic communications, while seeking to ensure that University administrative records are accessible for the conduct of the University's business.

• UC Business and Finance Bulletin IS-2 Inventory, Classification and Release of University Electronic Information
  

  The purpose of this bulletin is to establish guidelines for the classification of information assets to aid risk assessments in conformance with University IT security policy and to identify the need for specific security measures to ensure the appropriate level of protection for resources. This bulletin also references existing University policy regarding access to, release, or disclosure of University information. Roles and responsibilities at all levels in the University of California system are identified.

• UC Business and Finance Bulletin IS-3 Electronic Information Security
  

  The purpose of this bulletin is to establish guidelines for achieving appropriate protection of University electronic information resources and to identify roles and responsibilities at all levels in the University of California system.

• UC Business and Finance Bulletin RMP-2 Records Retention and Disposition: Principles, Processes and Guidelines
  

  The purpose of this bulletin is to establish, in the context of the records lifecycle, the university-wide principles and processes for records disposition, and to outline the roles and responsibilities.

• UC Business and Finance Bulletin RMP-7 Privacy of and Access to Information Responsibilities
  

  This bulletin establishes responsibilities for privacy of and access to all information maintained by any segment of the University, except for those records pertaining to students.

• UC Business and Finance Bulletin RMP-8 Legal Requirements on Privacy and Access to Information Policies
  

  This bulletin issues legal requirements on privacy of and access to information in compliance with the State of California Information Practices Act. The provisions of these laws as applicable to the university are the minimum requirements for developing University policies and procedures, and for dealing with the right of public access to information and the right of privacy of individuals.

State of California

• California State Constitution

  Article 1 Declaration of Rights, Section 1. 
  “All people are by nature free and independent and have inalienable rights.  Among these are enjoying and defending life and liberty, acquiring, possessing and protecting property, and pursuing and obtaining safety, happiness and privacy.”

• California Information Practices Act of 1977 (Civil Code §§1798-1798.28)

  Statute defines the limits established to protect the privacy of individuals in the maintenance and dissemination of personal information.

Federal

• Code of Fair Information Practices - U.S. Department of Health, Education and Welfare  

  In the Record, Computers and the Rights of Citizens report prepared by the Secretary’s Advisory Committee on Automated Personal Data Systems, HEW established the basic principles of the 1973 Code of Fair Information Practices.

• The Privacy Act of 1974, 5 U.S.C. § 552a

  The Act regulates the collection, maintenance, use and dissemination of personal information by federal executive branch agencies.

Other Documents

• Organisation for Economic Cooperation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

  These guidelines represent international consensus on the core principles guiding the collection and management of personal information by governments, business and consumer representatives in their efforts to protect privacy and personal data.

Articles