UC IRVINE ADMINISTRATIVE POLICIES AND PROCEDURES

Business and Financial Affairs

Information Access and Disclosure

Sec. 720-11: Privacy of and Access to Information (Excluding Student Records) - Guidelines

Responsible Office: Public Records Office
Revised: March 2016

References / Resources

Contact: Information Practices Coordinator in the Public Records Office at (949) 824-2312 or pra@uci.edu

The Information Practices Act requires that protection of the individual's right to privacy be given consideration in all aspects of the University’s business. The Information Practices Coordinator at UCI provides assistance in determining whether or not material should be released. Additional information about the safeguarding of personal information or the appropriateness of maintaining or disclosing any information may be obtained from the campus Information Practices Coordinator in the Public Records Office by phone (949) 824-2312, fax (949) 824-4350, or e-mail: pra@uci.edu.

A. Information Practices Act

Special procedures for providing access to and protecting the privacy of University records containing personal data are required by State of California Information Practices Act of 1977 (IPA). All University records are covered by the Information Practices Act including but not restricted to personnel, business, financial, gift, endowment, alumni, patent, publication, medical, library, and research records, excluding only those student records which are specifically exempted from the law.

B. Responsibilities of Information Practices Coordinator

  1. Develop and update, as necessary, campus guidelines for maintenance and disclosure of personal and/or confidential information, and inform campus administrators of changes to related systemwide policies and procedures.
  2. Provide technical and practical assistance to the campus on matters related to access to and disclosure of information maintained in University files.
  3. Track disclosures of records containing restricted personal information as required by law.
  4. Assist the campus by reviewing privacy notification statements on forms used to collect personal or confidential information.
  5. Assist individuals to find those records which may contain personal information about themselves.
  6. Receive and coordinate requests made under the Information Practices Act for records containing confidential personal information, requests for the review of a determination that certain information is exempt from access, requests for the amendment of a particular record, and requests for the review of a determination by the University regarding the amendment of a particular record.

C. Responsibilities of the Unit Head and/or Department Chair

  1. Ensure that personal or confidential information is collected only to the extent necessary and relevant to accomplish the University's purposes, and is maintained in an accurate, timely, and complete manner. Information may be used only for the purpose for which it was originally collected.
  2. Receive and direct requests for the disclosure of information to the Information Practices Coordinator or the appropriate official, as necessary. Coordinate with the campus Information Practices Coordinator as appropriate to ensure that such requests are met in accordance with the provisions of applicable laws and University policy and within the specified time periods.
  3. Receive requests to amend files and records and take appropriate action as required under the Information Practices Act. Contact the Information Practices Coordinator in the Public Records Office to coordinate an appropriate response.
  4. Maintain records of disclosure in compliance with the requirements of the Information Practices Act.
  5. Identify those records that are covered by the provisions of the Information Practices Act, review all forms for compliance with the law, and ensure that all necessary information is included on a privacy notice attached to the form or printed thereon when required.
  6. Monitor the transfer or release of records outside the University to ensure that no information is transferred unless such transfer is compatible with the purposes of meeting the reporting requirements of the Information Practices Act.
  7. Provide information as requested by the campus Information Practices Coordinator for the purpose of meeting the reporting requirements of the Information Practices Act.
  8. Coordinate with the campus Information Practices Coordinator as appropriate to ensure compliance regarding any access to information issues.

D. Responsibilities of the Assistant Vice Chancellor-Academic Personnel

  1. Design and revise as necessary campus policies and procedures governing development, operation, disclosure and maintenance of academic and staff personnel records and inform all campus administrators of such policies and procedures.
  2. Provide guidance to departments/units in responding to requests for academic and staff personnel records and disclosures therefrom.
  3. Receive, and if necessary, direct requests for the disclosure of information to the Information Practices Coordinator or the appropriate official. Coordinate with the campus Information Practices Coordinator as appropriate to ensure that such requests are met in accordance with the provisions of applicable laws and University policy and within the specified time periods.
  4. Coordinate with the campus Information Practices Coordinator as appropriate to ensure compliance regarding any access to information issues.

E. Responsibilities of Vice Chancellors and Deans

  1. Ensure that the provisions of RMP-7 and the Information Practices Act are implemented by the departments/units within their areas of responsibility.
  2. Disseminate information concerning state and federal laws and University and campus policies and procedures to the appropriate persons in the individual departments/units.
  3. Ensure the establishment and maintenance of departmental record systems; review and monitor the procedures followed by the departments in responding to requests for access to information about individuals.
  4. Coordinate with the campus Information Practices Coordinator as appropriate to ensure compliance regarding any access to information issues.

F. Privacy Notices

The privacy notice may be attached to forms or incorporated in the body of a form. Under certain circumstances and with prior consultation with the Information Practices Coordinator, one comprehensive notice may be used to meet this requirement for a package or a series of closely related forms. Notices shall be approved by the Information Practices Coordinator prior to release.

G. Use of Social Security Number

In accordance with the Federal Privacy Act of 1974, a Federal Privacy Notice must be printed on every form which asks for an individual's social security number.

H. Directories and Mailing Lists

The University's obligation to promote its purposes and communicate efficiently with employees, students, and others on University business may make it necessary to produce and maintain directories and mailing lists which include individuals' names, campus or business addresses and telephone numbers, and certain types of personal information.

RMP-12 describes the types of mailing lists and directories the University maintains, clarifies the circumstances under which personal information may or may not be included in them, and establishes guidelines for subsequent distribution and use.