pdf iconPrint
UCLA Procedure 603.0 : Attachment D

Records Systems: Safeguards and Rules of Conduct for University Employees Involved with Information Regarding Individuals

As specified in the Information Practices Act of 1977, procedures for the collection and maintenance of information in each records system shall include:

Safeguards established to ensure the security and confidentiality of the records, and to control access to the records.

Rules of conduct for employees responsible for the collection, maintenance, and disclosure of information in the records, or for the design of record systems (as summarized in items 1-8 below):

  1. Employees responsible for the collection, maintenance, use, and dissemination of information about individuals which relates to their personal life, including their employment and medical history, financial transactions, and marital status and dependents, shall comply with the provisions of the State of California Information Practices Act. The legal requirements summarized in UCLA Policy 603, shall be used as a basic source of guidance in administering the Act's provisions.
  1. Employees shall not require individuals to disclose personal information which is not necessary and relevant to the purposes of the University or to the particular function for which the employee is responsible.
  1. Employees shall make every reasonable effort to see that inquiries and requests relating to personal records of individuals are responded to quickly and without requiring the individual to repeat unnecessarily his or her inquiry to others. In other words, reasonable efforts will be made to place the responsibility on the department for responding to the individual after his/her initial contact.
  1. Employees shall assist individuals who seek information pertaining to themselves in making their inquiries sufficiently specific and descriptive so as to facilitate locating the records.
  1. Employees shall respond to inquiries from individuals, and requests from them to review, obtain copies of, amend, correct, or dispute their personal records in a courteous and businesslike manner, and in accordance with UCLA Policy 603.
  1. Employees shall not disclose personal and confidential information relating to individuals to unauthorized persons or entities. The intentional disclosure of such information to such persons or agencies may be cause for disciplinary action.
  1. Employees shall not seek out or use personal or confidential information relating to others for their own interest or advantage. The intentional violation of this rule may be cause for disciplinary action.
  1. Employees responsible for the maintenance of personal and confidential records shall take all necessary precautions to assure that proper administrative, technical, and physical safeguards are established and followed in order to protect the confidentiality of records containing personal information and to assure that such records are not disclosed to unauthorized individuals or entities.

Information on the physical location of the records, and on the retention periods for the records.

Processes for:

  1. Maintaining accurate, relevant, timely and complete records.
  1. Ensuring that an individual's name and home address are not distributed for commercial purposes, sold or rented by the campus unless specifically authorized by UCLA Policy 311, (Access to and Use of University Mailing Lists). Upon written request of any individual, the campus will remove that individual's name and home address from a campus mailing list, unless the mailing list is used exclusively by the campus to contact that individual.
  1. Ensuring that no information is modified or destroyed in order to avoid compliance with the Information Practices Act of 1977.

Extension of the requirements of the Information Practices Act to any personal or confidential records maintained or operated for the University under contract.