BUSINESS
AND FINANCIAL AFFAIRS
Information Access and Disclosure
Sec. 720-11: Privacy of and Access to Information (Excluding Student Records)
- Guidelines
Responsible
Office: Institutional Research
Revised: February 2006
RMP-7,
Privacy of and Access to Information Responsibilities RMP-8,
Legal Requirements on Privacy of and Access to Information RMP-12,
Guidelines for Assuring Privacy of Personal Information in Mailing Lists and
TelephoneDirectories
UCI Administrative Policies
& Procedures
Section
720-10, Information from Public Records (California Public Records Act)
- Guidelines
Contact: Information
Practices Coordinator at (949) 824-7151
The Information Practices Coordinator at UCI provides assistance in determining
whether or not material should be released. If there is a doubt as to the appropriateness
of maintaining or disclosing any information, contact the Office of Institutional
Research (OIR) by phone (949) 824-7151, fax (949) 824-4350, or e-mail: pra@uci.edu.
A. Information Practices Act
Special procedures for providing access to and protecting the privacy of University
records containing personal data are required by State of California Information
Practices Act of 1977 (IPA). All University records which fall within the
stated definitions (see RMP-8,
VII, A) are covered by the Information Practices Act including but not restricted
to personnel, business and financial, gift and endowment, alumni, patents, publication,
medical, library and research records, and excluding only those student records
which are specifically exempted from the law. Note that the law is not confined
to what are traditionally referred to as personnel records.
The Information Practices Act is indicative of legislative
concern with protection of the privacy interests of an
individual about whom records are maintained. These
procedures, therefore, should be interpreted liberally to
the benefit of the individual. Where discretion is allowed,
the protection of privacy should override the option to
disclose.
It may be desirable to consult the
individual before releasing information about the individual
in situations other than routine inter-University transfers
of information.
B. Responsibilities of Department Chair/Unit Head
Ensure that personal or confidential information is collected only to the
extent necessary and relevant to accomplish the University's purposes, and
is maintained in an accurate, timely, and complete manner. Information may
be used only for the purpose for which it was originally collected.
Receive requests for disclosure of information and ensure that such requests
are met in accordance with the provisions of University policy and within
the specified time periods. (Academic personnel records designated "confidential"
according to University academic personnel policy are available only through
the office of the Assistant Vice Chancellor-Academic Personnel.)
Receive requests to amend files and records and take appropriate action
as required under the provision of RMP-8,
VII, K.
Maintain records of disclosure in compliance with the requirements of RMP-8,
VII, C.
Identify those records that are covered by the provisions of RMP-8,
VII, D, review all forms for compliance with the law, and assure that
all necessary information is included on a privacy notice attached to the
form or printed thereon when required.
Monitor the transfer of records outside the University to ensure that no
information is transferred unless such transfer is compatible with the purposes
of meeting the reporting requirements of the Information Practices Act.
Provide information as requested by the campus Information Practices Coordinator
for the purpose of meeting the reporting requirements of the Information Practices
Act.
Charge a fee of 10 cents per page for copies of any records requested.
If a department, for its own convenience, provides record copies in lieu of
allowing access to actual records, a charge may not be made. Only charges
over $10 may be billed through the use of a University invoice. Cash received
may be deposited in the Cashier's Office by the refund of expense procedures.
C. Responsibilities of Vice Chancellors and Deans
Ensure that the provisions of RMP-7
are implemented by the departments/units
within their areas of responsibility.
Disseminate information concerning state
and federal laws and University and campus
policies and procedures to the appropriate
persons in the individual
departments/units.
Ensure the establishment and maintenance
of departmental record systems; review and
monitor the procedures followed by the
departments in responding to requests for
access to information about individuals.
D. Responsibilities of Assistant Vice Chancellor-Academic
Personnel, and Information Practices Coordinator
Design and revise as necessary campus
policies and procedures governing
development, operation, disclosure and
maintenance of academic and staff
personnel records and inform all campus
administrators of such policies and
procedures.
Provide guidance to departments/units in
responding to requests for academic and
staff personnel records and disclosures
therefrom.
E. Responsibilities of Information Practices Coordinator
Develop and update, as necessary, campus guidelines
for maintenance and disclosure of personal and/or confidential information, and
inform campus administrators of changes to related systemwide policies and procedures.
Provide technical and practical assistance to the
campus on matters related to access to and disclosure of information maintained in
University files.
Gather data; prepare and file
all reports as required by law.
Assist the campus by reviewing privacy notification statements
on forms used to collect personal or confidential information.
Assist individuals to find those records
which may contain personal information
about themselves.
Receive formal complaints from individuals
other than University employees who are
dissatisfied with actions or decisions of
University officials, and direct the individual
to the appropriate office for
review of the disputed actions or
decisions of the University officials.
F. Privacy Notices
The privacy notice may be attached to forms or incorporated in the body
of a form. Under certain circumstances and with prior consultation with the Information
Practices Coordinator, one comprehensive notice may be used to meet this requirement
for a package or a series of closely related forms. Sample
notices may assist departments in designing required notices. Notices shall
be approved by the Information Practices Coordinator prior to release.
G. Use of Social Security Number
A Federal Privacy Notice must be printed
on every form which asks for an individual's social security number.
Additional information may be obtained from either the campus Information Practices
Coordinator, 949-824-7151, the University Coordinator of Information Practices,
or the General Counsel's Office.
H. Directories and Mailing Lists
The Information Practices Act requires that protection of the
individual's right to privacy be given consideration in all aspects of
University business.
The University's obligation to promote its purposes and communicate
efficiently with employees, students, and others on University business
makes it desirable to produce and maintain directories and mailing lists
which include individuals' names, campus or business addresses and
telephone numbers, and certain items of personal information about those
individuals.
RMP-12 describes
the types of mailing lists and directories the University
maintains, clarifies the circumstances under which personal information may or may
not be included in them, and establishes guidelines for subsequent distribution and use.