UCSC Implementation of the UC Electronic Communications Policy (UCSC ECPI)
- I. Purpose/Scope
- II. Definitions
- III. Applicability and Authority
- IV. Areas of Responsibility
- V. Allowable Users
- VI. Allowable Uses
- VII. Access Restrictions
- VIII. Access Without Consent
- IX. Privacy Protections and Limits
- X. Use of Specific Services (web pages and radio frequency stations)
- XI. Security
- XII. Getting Help
- XIII. Related Policies/References for More Information
The University of California Electronic Communications Policy (UC ECP), issued November 17, 2000 and revised August 18, 2005, clarifies the applicability of law and of other University policies to electronic communications. It also defines new policy and guidelines where existing policy did not specifically address issues particular to the use of electronic communication. The UC ECP governs electronic communications at UCSC.
The UCSC Implementation of the UC Electronic Communications Policy (UCSC ECPI or "Implementation") details the specific manner in which the campus will carry out its responsibilities for electronic communications as articulated in University of California Electronic Communications Policy (UC ECP), Attachment 2, Implementation Guidelines (see References, below). The UCSC ECPI is not intended to repeat or elaborate upon all contents of the UC ECP. Users should consult the UC ECP for complete policy information.
To meet their own business needs, divisions may implement additional, local procedures and practices that further refine the UC ECP and this implementation information. These must comply with, and can be more restrictive but not more permissive than, University and campus policy, including the UC ECP.
University-wide Electronic Communications Policy definitions are found in Appendix A of the UC ECP at: http://policy.ucop.edu/doc/7000470
- Compelling Circumstances
- Electronic Communications
- Electronic Communications Resources
- Electronic Communications Records
- Electronic Communications Systems or Services
- Emergency Circumstances
- Substantiated Reason
- Time-dependent, Critical Operational Circumstances
- Transactional Information
- University Administrative Record
- University Electronic Communications Systems or Services
- Use of Electronic Communications Services
A. Electronic communications:
Electronic communications are any information that is transmitted electronically. This includes, but is not limited to, email and email attachments, web pages, phone calls, faxes, broadcasts, electronically transmitted files, information submitted online, etc. It also applies to details about an individual’s online activities, and information from transactional logs. Please see the University-wide definition (link above) for additional details.
B. Electronic communications service provider:
Any campus unit or individual who manages or makes available for others’ use electronic communications services that utilize University equipment and/or facilities.
Applicability. The following is UCSC's implementation of the University of California Electronic Communications Policy (UC ECP). It applies to: (1) all electronic communications services and resources operated by University of California, Santa Cruz units, (2) all users of University of California, Santa Cruz electronic communications services and resources, and (3) all electronic communications generated by campus units or utilizing University facilities, including the contents of electronic communications and the electronic attachments and transactional information associated with such communications.
Authority. The Vice Chancellor, Information Technology, on behalf of the Office of the Chancellor and the Office of the Campus Provost/Executive Vice Chancellor is the campus authority for UCSC's Implementation of the UC ECP, issued on 2/5/2010. Next review date is 2/5/2012.
The UC ECP and UC Business and Finance Bulletin Information Security (IS) Series identify roles and responsibilities for electronic information security. This document further clarifies areas of responsibility specifically related to UC Santa Cruz electronic communications and electronic communications resources.
- A. Vice Chancellor, Information Technology (VC IT)
- B. Campus Provost/Executive Vice Chancellor (CP/EVC), Vice Chancellor, Business and Administrative Services (VC BAS), Vice Provost and Dean of Graduate Studies (VPDGS), and Vice Provost and Dean of Undergraduate Education (VPDUE)
- C. Unit/Department Heads and Deans
- D. Managers and Supervisors
- E. Academic Senate
- F. Electronic Communications Service Providers
- G. Office of the Registrar
- H. Student Judicial Affairs/College Administrative Officers
- I. Title IX Office
- J. Campus Counsel
- K. University Police
- L. Internal Audit/Staff Human Resources/Academic Personnel Office/Labor Relations
- M. Office of Information Asset Management (IAM)
- N. Information Practices Analyst, Office of the Campus Provost/Executive Vice Chancellor
- O. Office of Risk Services
- P. Head of Special Collections and Archives, University Library
- Q. Individual Users
- Identify responsibility within his/her organization for the following:
- Develop, implement and revise this implementation information.
- Administer and interpret the UC ECP and UCSC's Implementation.
- Provide consultation regarding access restrictions, securing electronic communications records to preserve evidence, or inspection, monitoring and disclosure without consent.
- Publish an annual report summarizing instances of authorized or emergency non-consensual access to electronic communications, as described in Section VIII, Access Without Consent, below.
- Establish additional guidelines for electronic communications services consistent with UC ECP and this Implementation.
- Ensure users are aware of UC ECP or other guidelines related to electronic communications services.
- Collaborate with other campus organizations, e.g. Student Judicial Affairs/College Administrative Officers, Title IX Office, Campus Counsel, University Police, Internal Audit/Staff Human Resources/Academic Personnel Office/Labor Relations, the Whistleblower Office/LDO, regarding alleged violations of this Implementation or policy or law and appropriate response.
- Appoint designees to act in the absence of the VC IT.
B. Campus Provost/Executive Vice Chancellor (CP/EVC), Vice Chancellor, Business and Administrative Services (VC BAS), Vice Provost and Dean of Graduate Studies (VPDGS), and Vice Provost and Dean of Undergraduate Education (VPDUE)
- Authorize restrictions of service for:
- VC BAS: Non-University individuals and process any appeals for this population
- CP/EVC: Students
- Authorize the monitoring, inspection, and/or disclosure of electronic communications without consent for the following populations, after appropriate consultation (see Section VIII, Access Without Consent):
- CP/EVC: Academic employees
- VPDGS: Graduate students (students not in a capacity as a staff employee)
- VPDUE: Undergraduate students (students not in a capacity as a staff employee)
- VC BAS: all other electronic communications holders
- Appoint designee to act in his/her absence. Note: The authority for authorizing access without consent may not be re-delegated.
- Ensure timely and appropriate notification of affected user(s) of access restrictions or of monitoring, inspection or disclosure of electronic communications without consent.
- Recuse him/her self in the event of a conflict of interest regarding access restrictions or access without consent.
- After appropriate consultation (see Section VII.A.2.a, Access Restrictions), authorize access restrictions when there is substantiated reason to believe violations of law or University policy have taken place; or under time-dependent, critical operational circumstances.
- Appoint designee to act in his/her absence.
- Ensure timely and appropriate notification of affected user(s) of access restrictions.
- Incorporate access to and disposition of employee electronic communications records and resources into departmental exit procedures.
- Authorize individuals as eligible for access to electronic communications services and resources.
- For electronic communications service providers within their organization, ensure compliance with theUC ECP and this Implementation.
- Employ techniques to reduce the need to access an employee’s electronic communications without consent in the event of an absence. See Section IX.C, Access to University Administrative Records, for details.
- Ensure student information is not disclosed in violation of the Federal Family Educational Rights and Privacy Act of 1974 (FERPA) or other state or federal laws, or UC policy.
- Ensure that monitoring or recording of telephone calls comply with the provisions of UC ECP Section IV.C.1.d, Telephone Conversations. This generally entails advising people when a conversation is being monitored or recorded and providing an alternative method of doing business with the University to clients who do not wish to be part of a monitored telephone call. Additional details are available at the above link.
- Advise employees who use University telephones for personal or other purposes that supervisors have access to records of all calls made from University telephones assigned to their use and that such records may be used for administrative purposes.
- Academic Senate Chair and Vice Chair: Respond to requests for consultation from the CP/EVC, VC BAS, Campus Counsel, or the Chancellor in cases where the inspection, monitoring, or disclosure of electronic communications held by academic employees is involved.
- Respond to written requests for consultation from Unit/Department Heads and Deans in cases where the restriction of electronic communications held by faculty is involved.
- Respond to requests for consultation in a timely manner (within 72 hours upon receipt of written request).
- Provide electronic communications services to individuals consistent with Section V, Allowable Users.
- Terminate the electronic communications services of individuals consistent with Section V, Allowable Users.
- Authorize complete or partial service restrictions under Emergency Circumstances or Compelling Circumstances, when there are Time-Dependent, Critical Operational Circumstances, or in order to perform system maintenance. See Section VII, Access Restrictions for details.
- Ensure timely notification of affected user(s) of access restrictions, as possible and appropriate.
- Ensure that the privacy, confidentiality and security provisions of UC ECP Sections IV and V are implemented on their system(s).
- Ensure confidentiality of electronic personal information in accordance with other UC policy and state and federal law, including FERPA.
- Ensure the preservation of electronic communications evidence when authorized by a responsible campus official (see Section VIII, Access Without Consent).
- Ensure that the proper authorizations have taken place before placing service restrictions on an electronic communications user (see Section VII, Access Restrictions).
- Ensure that the proper authorizations have taken place before permitting the monitoring, inspection, and/or disclosure of electronic communications without consent (see Section VIII, Access Without Consent).
- Establish backup creation and disposition schedules for electronic communications services, as appropriate.
- Where applicable, ensure that electronic documents are kept in accordance with the UC Records Disposition schedules.
- Develop local implementing procedures and coordinate appropriate review.
- System Monitoring: Understand and comply with the provisions of UC ECP Section IV.C.2.b, System Monitoring, and Section V.B, Security Practices, regarding routine monitoring of transmissions for the purpose of ensuring reliability and security of UCSC electronic communications resources and services.
- Office of Record for student requests for non-release of public information.
- Office of Record for campus FERPA information and practices.
- Consult on matters regarding alleged violations of policy and procedures by students.
- Consult with Unit/Department Head or Dean regarding service restrictions.
- Consult on matters regarding allegations of sexual harassment.
- Point of contact for all matters involving sexual harassment.
- Provide legal advice to campus administration as appropriate, including but not limited to:
- Consult in cases involving the preservation of electronic evidence, or the inspection, monitoring, or disclosure of electronic communications records without consent.
- Search warrants and subpoenas for electronic communications records.
- Appropriate notification where electronic comunications records have been accessed without consent.
- Consult on matters regarding alleged violations of the law.
- Police Chief:
- Authorize steps to secure electronic communications records to preserve evidence.
- For Emergency circumstances requiring nonconsensual access to electronic communications records, take actions as described in Section VIII, Access Without Consent, below.
Consult on matters regarding alleged violation of University policies and procedures.
Inform campus administration and units/departments of best business practices, regulations, and laws relating to the management of information. Additionally, IAM consults on issues related to vital records management and records retention.
- Manage responses to requests for information and records, including subpoenas, when required by and consistent with law.
- Manage responses to requests for information for which there is no established process, with appropriate consultation.
Facilitate requests for information, records, and the preservation of electronic evidence relating to lawsuits covered by the University Self-Insurance Programs.
Handle issues related to inclusion of electronic communications into the University Archives.
- Adhere to campus Policy for Acceptable Use of UCSC Electronic Information Resources (Acceptable Use Policy) and the procedures outlined in this Implementation.
- Adhere to UC ECP Section V.C, Integrity, which prohibits attempting to breach security mechanisms that protect electronic communications resources, records, systems or services unless otherwise authorized by other provisions of the UC ECP.
- Ensure student information is not disclosed in violation of FERPA or other state or federal laws, or UC policy.
- Provide the University with copies of electronic communications records in their possession that pertain to the administrative business of the University or as required by law or University policy. Note: Individuals should be aware that electronic communications records arising from personal use may be difficult to distinguish from public records, and such records may be subject to inspection or disclosure pursuant to the California Public Records Act. Additional information is available in Sec V.B of UC ECP Attachment 1.
- Follow existing University policies, practices and guidelines for information security.
A. University Users:
University students, faculty, staff and others formally affiliated with the University are the intended users of University electronic communications services and resources where in support of the University's mission. Affiliation for individuals other than University students, faculty, and staff must be authorized by the department or unit and can include, but is not limited to, those in program, research, contract, or license relationships with the University.
Access to electronic communications services or resources, if provided, is a privilege accorded at the discretion of the University and may be subject to a fee.
Individual departments/units may further restrict eligibility, but may not expand it to additional categories of users.
B. Public/Non-University Users:
Individuals who do not meet the above criteria for University Users may only access University electronic communications services or resources under programs sponsored by the University or any of its departments or sub-units, and in accordance with the UC ECP and UCSC's Acceptable Use Policy.
C. Change of Affiliation:
When staff, faculty, students, affiliates, contractors, etc. change their affiliation within the University of California, Santa Cruz, for example transferring between departments or retiring, the individual's electronic communications access may be continued, modified, or terminated, as appropriate, based on University business need and departmental/unit authorization. Access must be consistent with the authorities of the new position/affiliation and privacy, confidentiality, and security provisions of the UC ECP, Sections IV and V.
D. Termination of Affiliation:
When staff, faculty, students, affiliates, contractors, etc. terminate their affiliation with the University of California, Santa Cruz, as determined by the department or unit (also the Registrar or College for students), the individual’s access to UCSC electronic communications services and resources will be cancelled or modified, as appropriate.
Provisions of the UC ECP relating to allowable uses of electronic communications resources are addressed in UCSC's Acceptable Use Policy.
A. Access Restrictions:
Access to University electronic communications services or resources may be wholly or partially restricted or rescinded without prior notice and without the consent of the electronic communications user under the following circumstances and in accordance with the procedures in this section:
- i. When required by and consistent with law,
- ii. When there is a Substantiated Reason to believe that violations of law or University policy have taken place,
- iii. When there are Compelling Circumstances,
- iv. Under Time-dependent, Critical Operational Circumstances,
- v. Under Emergency Circumstances, and
- vi. According to other established campus wide procedures.
- Definitions for terms ii - v, above: UC ECP, Appendix A
In the absence of established campuswide procedures including those below, access restrictions are subject to the approval of the appropriate Vice Chancellor: CP/EVC for academic employees, CP/EVC for students, VC BAS for all other Users.
- Authorization when required by and consistent with law:
- The use of University electronic communications services or resources may be restricted or rescinded by the University at its discretion when required by and consistent with law;
- The University may restrict or terminate access to University electronic communications services or resources by any user who repeatedly violates copyright law;
- If the University becomes aware that copyrighted materials may be being distributed without permission, access to the material may be blocked until the material is rendered unavailable for unauthorized distribution. This may involve blocking network access until the situation is resolved.
Note: The University may charge a reconnection fee in cases of blocked network access due to copyright infringement.
- Authorization when there is Substantiated Reason to believe violations of law or University policy have taken place; or under Time-dependent, Critical Operational Circumstances:
- Service Restrictions for Staff and Academic Employees: A Unit/Department Head or Dean may restrict electronic communications services or resources for staff or academic employees after consultation with individuals, offices or bodies as appropriate according to the roles outlined above in Section IV, Areas of Responsibility.
- Service Restrictions for Students: The CP/EVC may restrict electronic communication services or resources for students.
- Service Restrictions for Non-University Individuals: The VC BAS may restrict electronic communication services or resources for non-university Individuals.
- Temporary Service Restrictions: Electronic communications service providers may temporarily restrict an electronic communications user's services or resources to perform system maintenance or when there are Time-dependent, Critical Operational Circumstances, such as to control an emergency or prevent damage or loss. The service provider shall give reasonable notice if possible and shall notify affected users as soon as possible.
- Emergency Authorization:
For Emergency Circumstances or Compelling Circumstances, electronic communications service providers may wholly or partially restrict services or resources without prior notice and without the consent of the electronic communications user in order to control an emergency or prevent damage or loss. Approval for restriction under these circumstances is not required.
- Other established campus wide procedures:
For non-routine electronic communications access restrictions, such as those outside the scope of Section V.C and D, above, the authorizer of the restrictions, or his/her agent, shall give reasonable advance notice of restrictions where possible and practical. Where advance notification is not possible or practical, the authorizer/agent will notify the user as soon as is reasonably possible. Notice shall include the scope, reason and duration of the restriction to the extent possible, and as consistent with law and other University and campus policy.
C. Access to Records:
Individuals can request access to stored data that becomes unavailable as a result of access restrictions. Such requests may require authorization from the original approver of the restrictions, are subject to established data retention practices and technical feasibility, and may be restricted by law or policy.
Faculty, staff, and students may appeal the decision to restrict electronic communications services or resources in accordance with applicable existing University and/or campus complaint procedures. Non-University individuals may appeal to the VC BAS.
University Users and Non-University Individuals are expected to comply with requests for copies of electronic communications records in their possession that pertain to University business or as required by law . Except as outlined in UCSC ITS Routine System Monitoring Practices, an electronic communications record holder’s consent shall be sought by the University prior to inspection, monitoring, or disclosure of electronic communications records in the holder’s possession. Exceptions are allowed under the following limited circumstances, as provided for under UC ECP Section IV.B, Access Without Consent, and the procedures below:
- i. When required by and consistent with law,
- ii. When there is a Substantiated Reason to believe that violations of law or University policy  have taken place,
- iii. When there are Compelling Circumstances,
- iv. Under Time-dependent, Critical Operational Circumstances,
- v. Under Emergency Circumstances
- Definitions for terms ii - v, above: UC ECP, Appendix A
- Where consent has not been granted for access to electronic communications records, including under the circumstances listed above, UCSC's process and procedures for nonconsensual access of electronic communications records, available at http://its.ucsc.edu/policies/docs/ecpform.pdf, shall be applied.
- Authorization or denial of nonconsensual access must be documented in writing utilizing the UCSC Authorization Form for Access to Electronic Communications Records without Consent (available at the above link) or equivalent.
- Requests for information from the FBI or other Federal Agents must be referred to Campus Counsel or the UC Office of the General Counsel. Specific instructions from the UC Office of the President are available at http://www.ucop.edu/information-technology-services/policies/it-policies-and-guidelines/legislative-and-other-guidance/files/fbi_it_inst.pdf.
- Requests to secure and preserve electronic communications records as evidence normally must be authorized by Campus Counsel, the Campus Police Chief, or Risk Services in the case of lawsuits. The procedures for nonconsensual access in item 1, above, are not required to secure and preserve records, but they may be required before such records are monitored, inspected or disclosed.
- Routine monitoring of access to institutional collections of patient and student records is not subject to the nonconsensual access provisions of the ECP because these records are collected, stored and accessed for business purposes only.
- Campus administrators with questions about the appropriateness of a request involving electronic communications records should contact the Operations Director in the Office of the Campus Provost/Executive Vice Chancellor: firstname.lastname@example.org, Campus Counsel: email@example.com, or the IT Policy Office: firstname.lastname@example.org.
Affected individuals shall be notified of nonconsensual access actions at the earliest opportunity that is lawful and consistent with other University policy. See detailed process and procedures at http://its.ucsc.edu/policies/docs/ecpform.pdf for additional details and exceptions.
ITS summarizes instances of nonconsensual access as defined above, where consistent with law. Such reports are available upon request to the office of the VC IT and will not include personally identifiable data.
Under both the normal and emergency procedures for access to electronic communications without the record holder’s consent, affected individuals may appeal the decision in accordance with applicable existing University and/or campus complaint procedures. Non-University individuals may appeal to the VC BAS.
 Also see Section IX.C, Access to University Administrative Records
 See UC ECP Appendix C, Policies Related to Access Without Consent
A. Personal Information:
- Compliance with Law and University Policy. The collection, use and distribution of personal information shall be consistent with federal and state law and University policy including, but not limited to, UC Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, and UC Information Security policies.
- Release of Information. A written release should be obtained prior to posting, broadcasting, or distributing an individual's picture or statement, except in cases of news reporting. Forms and additional information are available on UCSC’s University Relations Identity Guidelines web pages.
- Sale or Distribution of Personally Identifiable Information. In no case shall electronic communications that contain personally identifiable information about individuals, including data collected by the use of "cookies" or otherwise automatically gathered, be sold or distributed to third parties without the explicit permission of the individual.
- Telephone Records and Conversations. Managers and supervisors should advise employees who use University telephones for personal or other purposes that supervisors have access to records of all calls made from University telephones assigned to their use, e.g. who was called and for how long, and that such records may be used for administrative purposes.
B. Student Information:
Users of electronic communications systems and services shall not disclose information about students in violation of FERPA or other state or federal laws, or UC policy.
At UC Santa Cruz, the Registrar’s web site provides authoritative information about the privacy of student records and the disclosure of information from student records, including the ability for students to request that the campus not make public their email address(es) and telephone number(s).
C. Access to University Administrative Records:
University policy assigns the ownership of the administrative records of the University to The Regents of the University of California. This applies whether such records are in paper, digital, or other format, and regardless of their physical location. University employees are required to provide the University, upon request, with copies of electronic communications records in their possession that pertain to the administrative business of the University. See UC ECP Attachment 2, Sec III.B.5 for additional details, including for the following items.
- Absences. In order to reduce the need to gain access to an employee's electronic communications without consent in the event of absence, units/departments are encouraged to use, individually or in combination, techniques such as those outlined in UC ECP Attachment 2, Section III.B.5 (link above), for ensuring appropriate authorization and access.
- Separated Employees. Unit/Departmental exit procedures for separating employees shall include the disposition and/or transition of employee electronic communications records and resources, including steps to ensure unit/department access to information necessary for University business. Separating employees should be informed that their records will be accessed for University business purposes, and should be advised to remove any personal records before access is transferred to the unit/department. Specific examples and considerations, including for involuntary separations, are included in UC ECP Attachment 2, Sec III.B.5 (link above).
- Deceased Record Holders. In the absence of pre-existing campus guidelines or protocols, advice of Campus Counsel shall be sought by campus administrators if requests for access to a former holder’s electronic communications records are received.
D. System Monitoring:
UCSC Information Technology Services (ITS) routine system monitoring principles and practices are available online at http://its.ucsc.edu/policies/monitoring. Other campus Electronic Communications Service Providers should adhere to similar principles and practices.
E. Backup Procedures:
Electronic Communications Service Providers shall provide information about backup creation and disposition, e.g. schedules and retention periods, associated with electronic communications on their system(s) to electronic communications users upon request.
A. Web Pages:
- Standards. University Relations has established identity guidelines for campus web pages. Any identity element, as described in these guidelines, used to denote official UCSC web pages must only be used for official campus web pages. Personal web pages must comply with UCSC’s Acceptable Use Policy.
- Host Names (Internet Names). Host names that end in ucsc.edu are allocated on request for computers and servers attached to UCSC’s network. Public Affairs regulates all @ucsc.edu host name assignments. While host name assignments do not require pre-approval, the Public Affairs Office can revoke any host name that is inappropriate, confusing, needed by another campus unit, or for any other reason upon determining that such a change is in the best interest of the campus. See the Policy on the Establishment of Web Server Names in UCSC Domain for additional information.
B. Radio Frequency Stations:
- Station Licenses. Operation of radio frequency stations (including television, radio, auxiliary broadcast facilities, maritime, aeronautical, land mobile, satellite, microwave, and paging) requires Federal Communications Commission licensing. Campuses shall apply for such licenses through UC's Office of the Associate Vice President, Information Resources and Communications.
- Radio Frequency Interference. Users of telecommunications radio frequency transmitters and receivers shall operate such equipment in compliance with regulations of the Federal Communications Commission. In particular, users shall not interfere with other station operators or other users on the same station, regardless of whether such operators or users are affiliated with the University.
The University makes reasonable efforts to provide secure and reliable electronic communications services. Users and operators of University electronic communications resources are expected to follow existing University policies, practices and guidelines for information security, including UC Business and Finance Bulletin IS-3, Electronic Information Security.
Information Technology Services (ITS) and other electronic information service providers are to implement practices to ensure, to the extent possible, rapid recovery from security intrusions and service interruptions of campus-wide electronic communications resources.
The use of audit technologies and practices to help identify security violators and speed up recovery from security incidents is not to conflict with the provisions of this Implementation or the UC ECP.
State and Federal Laws
- California Information Practices Act of 1977 (Civil Code Section 1798 et seq.)
- California Public Records Act (Government Code Section 6250 et seq.)
- Federal Family Educational Rights and Privacy Act of 1974 (FERPA)
University of California Policies
- University of California Policy web site
- Digital Copyright Protection at the University of California
- University of California Business and Finance Bulletins:
- University of California Electronic Communications Policy (UC ECP) and Attachments
- University of California Records Retention Schedule
UC Santa Cruz References
- UCSC Policies and Procedures web site
- UCSC IT Policies and Guidelines
- Acceptable Use Policy (Policies for Acceptable Use of UCSC Electronic Information Resources)
- Administrative Responsibilities Handbook
- Campus Student Rule Book
- Digital Millennium Copyright Act at UC Santa Cruz
- The Navigator, Undergraduate Handbook
- Policies that apply to use of campus residential networks (ResNet) (including links in left nav bar)
- Procedures for Blocking Network Access
- Public Records & Information Practices Request FAQs
- Subpoenas FAQ
- UCSC Authorization Form for Access to Electronic Communications Records without Consent
- UCSC ITS Routine System Monitoring Practices
- UCSC’s Univeristy Relations Identity Guidelines web pages, including Photography Guidelines and Recommendations and Photography Release Forms (links in top and left nav bar)
- UCSC Public Affairs Policy on the Establishment of Web Server Names in UCSC Domain
- UCSC Registrar's FERPA web pages:
Last Rev. 7/29/13