UCLA Policy 603 : Privacy of and Access to Information (Legal Requirements)
The University supports the principle that access to information concerning the conduct of business in a public university is a right of every citizen. It further supports the principle of securing to Individuals their fundamental rights of privacy regarding their access to and disclosures from Records which pertain to them.
This document explains the general legal requirements governing privacy of and access to information, and establishes campus procedures to implement requirements of the State of California Information Practices Act. The legal requirements apply to general University Records. They supplement established University student, academic, and staff personnel policies which govern maintenance and access to Records. Assistance in interpreting this policy is available from the Records Management Coordinator.
III. ACCESS TO UNIVERSITY RECORDS
A. California Public Records Act (Public Access to University Records)
1. Application to the University: The California Public Records Act provides that access to information concerning the conduct of the people's business is a fundamental and necessary right of every Person in this state; that public Records must be open to public inspection during regular office hours; and that every citizen has the right to inspect any public Record except as provided in the Act.
2. Records Not to be Made Public: The following are not public Records under the California Public Records Act:
a. Any Record for which it can be demonstrated that the public interest served by not making the Record public clearly outweighs the public interest served by disclosure of the Record.
b. Preliminary drafts, notes, or intra-University memoranda not retained by the University in the ordinary course of business, provided that the public interest in withholding such material clearly outweighs the public interest in disclosure.
c. Records pertaining to pending litigation to which the University is a party.
d. Records or complaints to, or investigations conducted by, the campus Police Department or other agencies for correctional or law enforcement purposes.
e. Test questions, scoring keys, and other examination data.
f. Real estate appraisals, engineering feasibility estimates and evaluations, relative to the acquisition of property, or public supply and construction contracts, until all of the property has been acquired or contract agreement obtained.
g. Library and museum materials acquired and presented solely for reference or exhibition.
h. Any Record, the disclosure of which is exempted or prohibited pursuant to provisions of federal or state law, including provisions of the evidence code relating to the physician-patient, psychotherapist-patient, lawyer-client, and official confidence privileges.
i. Personnel, medical, or similar files, the disclosure of which would constitute an unwarranted invasion of Personal privacy.
B. Federal Privacy Act of 1974, Public Law 93-579
1. Application to the University : The Federal Privacy Act is designed to safeguard the rights and privacy of Individuals from the encroachments of Federal agencies in maintaining Records on Individuals. Except with respect to social security numbers, it applies to the University only in the relatively few instances when the University enters into a contract (not a grant) with a Federal agency and in which the University agrees to undertake the design, development, or operation of a System of Records on Individuals which accomplishes a function of the Federal sponsoring agency. Additional information may be obtained from the Office of the Records Management Coordinator, the General Counsel's Office, or the Office of the Campus Counsel.
2. University Use of Social Security Number : The Federal Privacy Act does pertain to the University in relation to use of the social security number. Rules for collecting social security numbers and sample wording to be used are set forth in UCLA Policy 602 Section IV.
IV. ACCESS TO PERSONAL DATA
State of California Information Practices Act of 1977 (Privacy of and Access to University Records Pertaining Specifically to Personal Data)
A. Definitions of Personal Data:
The Information Practices Act guarantees Individuals access to personal files maintained on them, with certain limitations, and sets forth provisions to govern the collection, maintenance, accuracy, dissemination and disclosure of information about them. Special procedures for providing access to and protecting the privacy of University Records containing personal data are required by the State of California Information Practices Act of 1977. All University Records which fall within the definitions of Personal Information and in Attachment B are covered by this Act including, but not restricted to personnel, business and financial, gift and endowment, alumni, patents, publication, medical, library and research Records, and excluding only those student Records which are specifically exempted from the law (see UCLA Policy 220 and references in Attachment A). Please note that the Information Practices law is not confined to what are traditionally referred to as Personnel Records.
Individual: A natural Person acting in his or her Individual and private capacity.
Person: Any natural Person, corporation, partnership, firm or association.
Record: A grouping of information about an Individual which is maintained by the Individual's name or by some identifying number or symbol or other identifying particular assigned to the Individual.
System of Records: One or more Records, which pertain to one or more Individuals, which are maintained by the campus from which information is retrieved by name of an Individual or by some identifying number, symbol, or other identifying particular assigned to the Individual.
Personal Information: Any information in any Record about an Individual which is maintained by the University and is not included in the definitions in Attachment B of confidential information (e.g., criminal law enforcement Records, written testing materials, some medical Records, etc.) or non-Personal Information (e.g., Individuals' names, campus phones or addresses, some statistical Records required by law, etc.).
Examples of Personal Information include but are not limited to home telephone numbers, citizenship, birthdates, social security numbers, education Records, business and financial transactions, medical and employment histories. (Note that an Individual's home address may be disclosed after the Individual has had the opportunity to request nondisclosure but does not so request.)
B. Collection of Material Maintained (Privacy Notices on Forms)
The campus will collect information to be maintained in a Record directly from the Individual to whom it relates to the greatest extent practical. If information is collected from another source, a Record of the source will be maintained in a readily accessible form. Only that information pertaining to Individuals which is relevant and necessary to accomplish a purpose of the University or is otherwise required or authorized by law shall be maintained. (Refer to UCLA Procedure 603.1, Section III.A.)
C. Access to Records
1. General Requirements :
a. Each Individual shall have the right to inquire and be notified as to whether the University maintains a Record about himself or herself.
b. When an Individual asks a department whether or not it holds Records pertaining to the Individual, the department's response shall include the location of the Record, responsible custodian, and shall include an explanation of procedures to contest the Records' contents.
c. The campus shall develop procedures whereby Individuals, including but not limited to University employees and officials, Individuals not employed by the University, governmental agencies, corporations, partnerships, firms, and associations, can appeal a University decision regarding Personal and confidential information.
d. Information provided by the University will be in a form reasonably comprehensible to the general public.
e. The campus may not disclose any Personal or confidential Information which it maintains on an Individual unless allowed under the guidelines contained in Attachment C.
2. Specific Requirements for access to Personal Information by the Individual subject of the Record, by University employees or officials, or by others are contained in Attachment C.
3. Locating the Record for Access:
If the campus cannot locate a Record by reference to the Individual's name only or when locating a Record by name only would be an unreasonable administrative burden, the campus may require the Individual to give additional identifying information to aid in locating the Record.
D. Recording of Access to Records
The campus shall maintain Records of disclosure of Personal Information which are made without the subject's request:
Pursuant to a determination by the University that compelling circumstances exist which affect the health or safety of an Individual.
Pursuant to any subpoena, court order, search warrant or other compulsory legal process; to a law enforcement agency when required for an investigation of criminal activity.
To a governmental agency as required by law or to fulfill a constitutional or statutory duty, unless a notice of the type of disclosure has already been provided at the time of collection.
Refer to UCLA Procedure 603.1, Section III.B.
The campus may charge a fee per page for copies of any Records requested. The fee may be requested in advance and an extra charge may be levied to reflect the actual cost to the University in the event that Records need to be abstracted. Charges for student transcripts may be at the prevailing national rate. No charge shall be made for the first copy of a staff employee's own Record.
F. Amendments and Corrections to a Personal Record
The campus shall permit an Individual to request in writing an amendment of a Record and shall, within 30 days of the date of receipt of such request:
Make each correction and inform the Individual of such corrections; or
Inform the Individual of its refusal to amend the Record. (Refer to UCLA Procedure 603.1, Section III.C).
G. Records Systems Procedures
Procedures for the collection and maintenance of information in each Records system shall be established and contain safeguards and rules of conduct (see Attachment D).
Once a year, the campus shall send to Systemwide Administration, for transmittal to the State Office of Information Practices, as is required by law, information compiled from each campus office by the Office of the Records Management Coordinator, (Refer to UCLA Procedure 603.1, Section III.D).
I. Civil Remedies and Penalties
The Information Practices Act of 1977 makes available to Individuals various civil remedies. These apply if the University fails to comply with an Individual's lawful request to inspect Personal Information or maintain Records in such way as to comply with the Information Practices Act. (Additional information is available from the Office of the Records Management Coordinator).
/s/ Morabito, Sam
Administrative Vice Chancellor