Privacy Program

Privacy

The right to privacy is expressed in the California Constitution. The University of California similarly values privacy. Under the UC Statement of Privacy Values & Privacy Principles, privacy consists of (1) the individual’s ability to conduct activities without concern of or actual observation and (2) the appropriate protection, use, and release of information about individuals.

Data Privacy Day – January 28

In celebration of Data Privacy Day 2022, the UC campus privacy officers are hosting a Film Screening and Panel Discussion of the film, The Social Dilemma. You may either watch the film at home on Netflix or register for a free screening on the film on Friday, January 14, 2022 at 10am. Then, please join us as a panel of UC data and privacy experts discuss the film on January 28, 2022 at noon. For more information about this event, please visit the Data Privacy Day 2022 page of see the event details on the UCR Events Calendar.

In addition, the UC campus privacy officers have created the inaugural UC Data Privacy Award. The award will be given each year on January 28 to honor an employee or department that has demonstrated a commitment to UC's Privacy Principles during the previous year. To learn more about the award criteria and how to nominate an individual or department, please see the Data Privacy Award article on the UC IT Blog.

To learn more about Data Privacy Day, visit:
https://staysafeonline.org/data-privacy-day

Privacy Goals

The UC Riverside privacy goals are derived from the UC Privacy Principles and include:

Upholding academic integrity, intellectual freedom, and autonomy;
Committing to the privacy values while also respecting obligations relating to transparency, accountability, and individual choice;
Promoting stewardship of personal data handled by the campus;
Ensuring an appropriate level of privacy through policies and procedures, especially as interpretations of privacy change over time;
Raising awareness about privacy issues, laws and regulations.

Privacy Policies and Resources

In an effort to operationalize these privacy values and principles UCR and the UC System has developed policies and resources.

UC Resources
- Privacy Principles and Practices
- UC Electronic Communications Policy
- IS-3 Electronic Information Security
- BFB-RMP-7 Protection of Administrative Records Containing Personally Identifiable Information
- APM 160 Maintenance of, Access to, and Opportunity to Request Amendment of Academic Personnel Records
- PACAOS Section 130 – Policies Applying to the Disclosure of Information from Student Records
- For a more exhaustive list of system-wide policies and references, see UC Privacy Policies and Reference
- GDPR Resources
UCR Resources
- UCR Privacy Policy - relates to websites and web servers and content
- For health privacy matters, such as HIPAA-related information, see the UCR School of Medicine Compliance Office web page.
- For student record privacy matters, such as FERPA-related information, see the UCR Office of the Registrar web page.
- For research privacy matters, such as FAQs about GDPR, see the Office of Research Integrity web page.
- 400-32 Electronic Information Security Policy
- 400-31 Electronic Communications Policy (ECP) Overview and Implementation at UCR
- 400-35 Information Systems (Access, Use, and Security)
- 400-60 Notification of Security Breaches Involving Personal Information

Privacy Laws and Regulations

IAPP Comic: Prudence the Privacy Pro (Vol. 7 No. 3). Prudence laments at the Light House Coffee Shop about the length and complication of privacy notices. — IAPP Comic: Prudence the Privacy Pro (Vol. 7 No. 3)

Privacy laws and regulations, particularly related to data privacy, are relatively new and consistently evolving to keep up with new technologies and frameworks. Data privacy is not only concerned with keeping data confidential, but also with empowering individuals to understand what data are collected, how they are used, and to be a participant in that process where possible. UCOP provides information about the most important data privacy laws:

Health/Medical:
- Health Information Portability and Accountability Act of 1996 (HIPAA)
Students:
- Family Education Rights and Privacy Act (FERPA)
California specific laws:
- California Confidentiality of Medical Information Act (CMIA)
- California Information Practices Act of 1977
- California Consumer Privacy Act (CCPA) (Effective January 1, 2020)
Financial Information:
- Gramm-Leach-Bliley Act – Federal Trade Commission (FTC) Financial Privacy and Safeguarding Rules
European privacy regulations:
- European Union’s General Data Protection Regulation (GDPR)

Electronic Records Requests

The UC Electronic Communications Policy (ECP) specifies requirements for obtaining consent or authorization to access the electronic records of current employees and students and for using the “least perusal of contents and the least action necessary to resolve the situation.” UCR has established procedures for electronic records requests, including those that involve:

Access With Consent
Access Without Consent (AWOC)
Former Employee Requests, and
Data Preservation Requests.

For more information about these procedures, please visit the Data Request Procedures page.

Privacy Contacts

Contact the campus privacy official:
William (Bill) Kidder
Privacy Officer
Chief Compliance Office
william.c.kidder@ucr.edu
(951) 827-6231

Contact the UCR School of Medicine privacy official:
Paul Henry Hackman, J.D., LL.M., C.H.C.
Chief Compliance and Privacy Officer
School of Medicine Compliance
paul.hackman@ucr.edu
(951) 827-3257

All UC campuses have a dedicated privacy official. Find a list here of all UC Campus Privacy Officials.