Skip to main content
Privacy Privacy
  1. HOME
  2. Guiding Principles

UC San Diego Privacy Principles

COMMITMENT TO PRIVACY

Privacy of individuals is essential to promoting the values of academic integrity, intellectual freedom, autonomy, and freedom of expression and association. Privacy is an integral part of the ethical treatment of individuals and institutional assets and serves as a basis for a respectful environment[1]. UC San Diego is strongly committed to maintaining the privacy and security of all data[2] that is entrusted to us, including the personal information[3] of faculty, students, alumni, staff, applicants, and research participants.

We commit to managing data as a strategic institutional resource and asset. Our data management strategies are intended to protect, and not restrict, the core academic values and processes of UC San Diego and increase the value of campus information resources through widespread and appropriate use. We recognize our responsibilities of stewardship for personal information and will only access it to support the campus education, service, and research missions, or for other legally required purposes. In order to balance the privacy and legal rights of individuals with the utility of the data in service of our mission, we commit to providing broad access to data consistent with the level of sensitivity of the data, roles and responsibilities of the users, appropriate and legitimate purposes for use, and level of training.

PRINCIPLES

UC San Diego operates from a baseline of compliance with relevant laws and regulations. Various laws and regulations, such as FERPA and the Common Rule, protect personal data of individuals. Once legal requirements are met, the guiding principles balance the privacy of the individuals and security of institutional assets with the value of data. Most laws address the principles below. Even where laws and policies are silent, stewardship principles guide data handling practices.[4]

Personal data must be consistently protected throughout its lifecycle commensurate with its level of sensitivity and criticality to campus operations, regardless of where it resides, type of media, or what purpose it serves. Data collection, retention, use, and sharing practices should be transparent and provide essential protections for the privacy of individuals. When collecting, accessing, using, or disclosing personal data, we commit to the following data protection principles:

  • Stewardship; fiduciary aspirations:  We will have a documented and published governance structure for privacy and personal data matters.
    • Ethical considerations in addition to legal compliance:  Even where the law is silent or permissive, we will strive to consider the ethical treatment of our community above other needs and consider the potential consequences of our activities on individuals and their rights and liberties. To the extent possible, processing of personal data should benefit the individual data subject directly.
    • Privacy by default and design:  To the extent possible, privacy protections will be the default setting for our programs unless necessary to do otherwise. We will commit to considering data use and privacy issues early on as part of policy development, project design, or system deployment. Privacy protections will be included as requirements in all projects.
    • Education and training:  All individuals who access personal data or whose work has the potential to impact the privacy of others will be appropriately trained in privacy and data ethics. 
  • Empower data subjects; individual rights and autonomy:  To the extent possible, we will empower individuals to participate and make choices about the use of their data. We will include voices of those potentially impacted by policy decisions (e.g., students) in our decision-making processes. 
  • Transparency, purpose specification, and use limitation; secondary use consistent with specified purpose:  Except where prohibited by law, we will be transparent about our collection, use, disclosure, and maintenance of personal information by using privacy notices, statements of data protection practices, informed consent documents, or other similar information as appropriate. We understand that, with some exceptions, individuals have the right to access and inspect personal data UC San Diego maintains about them and understand the uses and disclosures of such data.[5] To the maximum extent possible, we will specify and communicate the purpose of data use to the individual at the time it is collected or as soon as possible thereafter. We will handle personal data for the sole purpose of conducting the legitimate business of the University, consistent with the principles of justice, equity, and beneficence. We will specify and document our purpose for accessing and using personal data. In every endeavor, we must consider potential unintended consequences of data use, inquiry, and disclosure; we will be mindful of uses or disclosures that may cause harm or be surprising or alarming to individuals who have provided sensitive personal data, particularly if they may feel unexpectedly singled out. Where possible, we will select the most privacy-protective methods and procedures for accessing and using personal data. When using data collected for one purpose for a secondary purpose, we will ensure those secondary purposes are consistent with what was communicated to data subjects at the time of collection; otherwise, new/updates communications should be provided to data subjects.
  • Disclosure limitation and data minimization (i.e., minimum necessary principle):  We will collect no more personal information than necessary to serve the campus mission or as legally required. We will use de-identified, aggregated, masked, or otherwise anonymized data whenever possible. We will retain personal data no longer than necessary.[6] We will limit disclosure to that which is necessary for the intended purpose, recognizing that not every disclosure limitation method (e.g., HIPAA de-identification, anonymization, pseudonymization, differential privacy, masking) may not be appropriate for every purpose. 
  • Access control (i.e., need to know, right to know principle):  We will provide authorized individuals access to information they need to carry out work responsibilities. We will follow appropriate approval processes to request access to data. We will limit access to personal data to those with a legitimate business or research purpose to conduct a properly assigned task, or as required by law. We will safeguard the personal data from inappropriate use through strong, documented administrative controls, particularly where technical controls are unavailable.
  • Security and Data Protection:  We will use technical, administrative, and physical security measures appropriate to the level of sensitivity and criticality of personal data.
  • Data quality, accuracy, and integrity:  To the extent practicable, we will ensure that personal data is accurate, relevant, timely, and complete.[7]
  • Due diligence when working with third parties handling personal data:  When transferring or providing access to personal data outside UC San Diego, or using a third party vendor/service provider to process personal data, we will assess the privacy, security, and legal status of the external entity prior to transfer or access.
  • Accountability to individuals and the community; documentation of data practices: When processing personal data, we will be accountable, first and foremost, to individual data subjects and groups. We will maintain up-to-date documentation of our data practices, which should be available for inspection by data subjects.

DATA OWNERSHIP

Records and data collected or used under the auspices of the University or with University resources are not automatically owned by the individual users or researchers, even when stored on personal devices.

STATEMENT ON PURPOSE OF DATA USE

All personal data should be used for legitimate purposes only, and to the maximum extent possible, these purposes should be communicated to the individuals at the time of collection. Some uses require additional approvals or procedures. Having access to personal data does not confer authority to further disseminate or disclose that information or use it for other purposes.

  • Legitimate Purposes
    • Business or educational purpose

      Legitimate business/educational purpose means that 1) the information or record is relevant and necessary to the accomplishment of some task or determination, and 2) the task or determination is an employment responsibility for the Data User or is a properly assigned subject matter for the Data User.[8] Examples of legitimate purposes include:

      • Following up on research misconduct claims
      • Providing guidance to a student on their progress toward graduation
      • Evaluating an employee for a potential STAR award
      • Emailing alumni newsletters
      • Investigating illegal conduct[9]
      • Learner analytics to the extent that this purpose has been clearly communicated to the learner at the time of collection

      Personal data may not be used for:

      • Activities unrelated to the user's assigned university roles and responsibilities, even if well-meaning
      • Marketing of services or products or other commercial purposes not under the auspices of the University without approval from the Chancellor[10]
      • Political campaign activities or electioneering in violation of University policies
      • Personal gain, curiosity, or concern, even if well-meaning, without consent
      • Unlawful activities
      • Uses that violate other University policies[11][12]

      Based on the principle of data minimization, identifiable personal data should not be used where de-identified, aggregated, masked, or otherwise anonymized data is sufficient to accomplish the purpose

    • Human subjects research purpose:

      Collection of personal data (including direct identifiers, indirect identifiers, potentially identifiable information, and small cell sizes) for human subjects research[13] purposes is only authorized with a current approval or exemption from the Institutional Review Board (IRB)[14] and, in some cases, the individual's consent, in addition to documentation of privacy and security safeguards.

      Access to and use of personal data collected for administrative or other non-research purposes, such as student or employee information (including direct identifiers, indirect identifiers, potentially identifiable information, and small cell sizes), for human subjects research purposes is only authorized with the approval of the cognizant data steward in consultation with the Chief Privacy Officer, a current approval or exemption from the IRB, and, in some cases, the individual's consent.

    •  

      The University encourages, and some sponsors require, researchers to provide access to research data for other researchers or to the public. Researchers who handle personal, or otherwise regulated, data are encouraged to work with institutional officials – such as cognizant privacy officers, export control officials, and librarians – to determine how best to achieve open science goals.

SPECIAL CATEGORIES OF INFORMATION

Certain categories of information are governed by special laws and policies. To the extent that there is a conflict between those laws or policies and this document, the law or policy will control; when one has more stringent requirements, the more stringent one will control. The following are some categories of data specifically protected by law:

  • Social Security Numbers, national identification numbers, or driver's license numbers[15]
  • Student (and applicant) information[16]
  • Information related to minors[17]
  • Health, genetic, mental health, and drug use information[18]
  • Personal data in human subjects research[19]
  • Financial and credit data[20]
  • Data about individuals in or from other countries[21]
  • Location data[22]
  • Device IDs and IP addresses[23]

ROLES AND RESPONSIBILITIES

Current data stewards are listed here. The Campus Data and Analytics Governance Committee is currently revising this list and defining the roles of Data Trustees, Stewards, and Users. In general, anyone that is granted access to any personal data must follow all laws, policies, and the above guidelines.

Definitions

Data User: An individual who has been granted access to Data as part of his or her assigned duties, roles or functions. This access is granted solely for the conduct of University business.

Personal information/data: Information that, alone or in combination with other data, potentially identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with or singled out an individual, a particular person, or household. Personal information includes, but is not limited to, the following:

  • Identifiers such as a real name, alias, postal address, telephone number, unique personal identifier, signature, online identifier, Internet Protocol address, email address, account name, social security number, driver's license number, passport number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, statements made by or attributed to the individual, physical characteristics or description, or any other financial information, medical information, or health insurance information or other similar identifiers.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement.
  • Biometric information.
  • Characteristics of protected classifications under California or federal law.
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Geolocation data.
  • Audio, electronic, visual, thermal, olfactory, or similar information.
  • Professional or employment-related information.
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
  • Inferences drawn from any of the information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Identifiable information may include data that has been stripped of direct identifiers but leads to a small population/cell size. Personal information is used synonymously with "personally identifiable information," "PII," or "personal data".

Research: A systematic investigation, including research development, testing and evaluation, basic or applies research, designed to develop or contribute to generalizable knowledge. Generally, research is in the public interest, adheres to all applicable ethics and privacy laws, and the results are anticipated to be widely shared.

Human subjects research: Research about a living individual wherein an investigator (whether professional or student) conducting the research obtains 1) data through intervention or interaction with the individual, or 2) identifiable private information (i.e., personal information) from any source.

  • [1]University of California Policy (DRAFT) BFB-RMP-7.
  • [2]While these guidelines are centered on personal data, the stewardship principles apply to non-personal data assets of the university as well.
  • [3]See definitions section.
  • [4]University of California Policy PACAOS-130.11.
  • [5]University of California Policy APM-160 (academic appointees); HIPAA-6 (patients); PACAOS-130-40 (students); University of California, San Diego Policy and Procedure Manual 480-3 (records containing information about individuals).
  • [6]University of California Policy BFB-RMP-2; University of California Retention Schedule.
  • [7]University of California Systemwide Electronic Information Security Policy IS-3.
  • [8]University of California Policy PACAOS-130.291.
  • [9]University of California, San Diego PPM 135.5, Computing Services.
  • [10]All marketing must comply with relevant laws, regulations, and policies.
  • [11]University of California Electronic Communications Policy III.D.
  • [12]University of California Systemwide Electronic Information Security Policy IS-3.
  • [13]See definition.
  • [14]By law, research involving human subjects must be approved by the IRB, which is an independent committee that protects the rights and well-being of research subjects.
  • [15]Members of the UC San Diego community should not collect or use these as personal identifiers unless required by law. Access to these should be strictly limited to authorized individuals for documented purposes
  • [16]Student records, including access, use, and disclosure requirements, are governed by the Family Educational Rights and Privacy Act of 1974 (FERPA), the University of California Policy Applying to the Disclosure of Information from Student Records (PACAOS-130), and the UC San Diego Policy & Procedure Manual 160-2. Student data is also subject to the California Information Practices Act, AB 1584, and SB 178. Access to personal data contained in student records is appropriate where a member of the UC San Diego community has legitimate educational purposes for accessing particular records.
  • [17]Information related to minors is protected by a variety of laws, including the Children’s Online Privacy Protection Act (COPPA), Student Online Personal Information Protection Act (SOPIPA), AB 1442, and FERPA, if the minor is a student. Data related to minors must be access-controlled and any legitimate purpose for access must be sufficiently documented.
  • [18]Health information is highly regulated, and access typically requires authorization, authentication, and an audit log. With some exceptions, most access to health information is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the UCSDH Medical Center Policies.
  • [19]The Federal Policy for the Protection of Human Subjects (the Common Rule) governs privacy of research participants, including research use of data of individuals without interaction with the individual (e.g., databanks, student records). In addition, research participants may also be protected by HIPAA, FERPA, or state laws.
  • [20]Financial data of individuals, including tax documentation, credit card information, credit scores, loan information, or student financial aid data are governed by a variety of federal and state laws, which restrict their use. These include the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), and the FTC’s Red Flag Rule related to identity theft.
  • [21]Most countries have their own data privacy laws. One of the most wide-reaching regulations is the European Union’s General Data Protection Regulation (EU 2016/679), which applies to entities within the EU and outside the EU that provided goods or services or monitor the behavior of individuals within the EU. Law of other countries can be found here: https://globaltmt.bakermckenzie.com/global-privacy-matrix
  • [22]Newly passed laws increasingly cover location data, particularly when collected by an app, website, or device. The European Union’s General Data Protection Regulation (EU 2016/679) and California Consumer Privacy Act both cover this information.
  • [23]Newly passed laws increasingly cover device and browser information. The European Union’s General Data Protection Regulation (EU 2016/679) and California Consumer Privacy Act both cover this information.