Technology at Berkeley Site Navigation:
Campus Online Activities Policy
Supersedes: E-Berkeley Policy for Campus Online Activities
Responsible executive: UC Berkeley Chief Information Officer (CIO) Shel Waggener
Responsible office: Office of the CIO: Security, Privacy, and Policy
Contact: Berkeley Campus IT Policy Manager Karen Eft, itpolicy@berkeley.edu
The University of California, Berkeley, recognizes the value and potential for faculty, students, and staff to use University electronic resources to enhance learning, research and public service. The information technology explosion has greatly expanded opportunities for innovative means to conduct campus activities, and the campus community must be mindful that these expanded opportunities will require a new sense of stewardship regarding the projection of the online image of the campus. The use of campus electronic resources under University jurisdiction must comply with University of California policies, rules, and regulations, as well as local, state, and federal laws. The University of California Electronic Communications Policy (ECP) (http://www.ucop.edu/ucophome/policies/ec/) governs all electronic communications, whether by the Web or other developing media. The Berkeley Campus Computer Use Policy (http://technology.berkeley.edu/policy/usepolicy.html) governs all campus computing and networking activities.
This Berkeley Campus Online Activities Policy establishes policy and offers guidelines where existing policies do not specifically address issues particular to the use of electronic resources. It also clarifies the applicability of law and of other University or Campus policies to online activities. Where possible, this Policy defers to other existing policies. Policies of particular importance in this area include the ECP and the Computer Use Policy which outline relevant information to guide UC Berkeley departments and individuals in creating their online presence.
Where the authorized officials to approve processes for topics included in this Policy have been identified, this document provides links to that information. When the identities of authorizing campus officials are known for activities included in the scope of this Policy, links to that information are provided. Also see the campus Guide to Administrative Responsibilities from the Controller's Office, for a broader range of information about campus authorizations and responsibilities.
This policy applies to all electronic resources owned or managed by the Berkeley campus and all electronic resources provided by the campus through contracts and other agreements. For example, any website using the Berkeley.EDU domain is governed by this Policy.
Campus students, faculty, staff, and others affiliated with the University (including those in program, contract, or license relationships with the campus) may be eligible to use campus electronic communications resources or services. Individual members of the UC Berkeley Community are eligible to establish a UC Berkeley electronic identity (CalNet ID) and to register subdomain names in UC Berkeley's Internet domain Berkeley.EDU. The CalNet Gateway website provides guidance for the acquisition of a CalNet ID. Policy and procedures governing registration in Berkeley.EDU are contained in the Campus Domain Name System (DNS) Service Policy (http://net.berkeley.edu/policy_review/DNS.new.shtml).
Eligibility to use campus services for any campus participant shall be determined by the appropriate authorizing official (see Criteria for Inclusion in the CalNet System, http://technology.berkeley.edu/policy/calnet/eligibility.html). A CalNet ID is only a means to verify a campus identity. It is not the sole means of determining permission to access specific services. Access to any Berkeley Campus service shall be determined by the provider of each resource or service by means of additional authorizing mechanisms. All use of Berkeley Campus online services is subject to compliance with applicable laws and University and campus policies.
Affiliate organizations covered by the University Policy and Administrative Guidelines on Support Groups, Campus Foundations, and Alumni Associations (http://www.ucop.edu/ucophome/policies/support/) are eligible to register in Berkeley.EDU) (http://www.net.berkeley.edu/hostmaster/). Other affiliate groups who want to register in Berkeley.EDU domain must have a formalized agreement with an authorized campus official, and the agreement must include authorization for use of the Berkeley Campus facilities, name, or other resources. Student organizations are granted a range of campus electronic communications resource privileges. Consult Campus Life and Leadership for more information on the application of this policy to online student organization activities. See Berkeley Campus Regulations Implementing University Policies (http://uga.berkeley.edu/uga/regs.stm), Sections 211 and 212.
Programs offered to non-affiliated individuals or entities are not eligible to register in Berkeley.EDU. These programs for non-affiliates must independently register their name in a domain other than Berkeley.EDU, for example, .org. In very rare instances, if there is a compelling strategic argument to register these programs in Berkeley.EDU, approval must be granted by the Chancellor or the appropriate delegated authority, such as the Campus Technology Council (CTC). See Requests for Exceptional Registration in Berkeley.EDU (http://technology.berkeley.edu/policy/exception.html) for procedures for submitting exceptional requests.
Individuals and organizations that have no affiliation with the campus may not use the Berkeley.EDU domain name for their resources. Also see the section on Use of University Name.
Berkeley campus departments or units who provide online services ("technology service providers") must comply with all applicable University regulations and laws governing personal privacy and the confidentiality of information. Some state and federal laws preserve the confidentiality of identified classes of information (e.g., student educational records, personal employment information, or proprietary commercial software); records that do not fall under established legal protections are subject to public disclosure under law. Some specific guidelines include the following:
Technology service providers must take a broad view of their privacy and confidentiality responsibilities, such as minimizing invasion into private lives and avoiding risks to health and safety. For example, the online publisher of a class roster who wishes to include student pictures and contact information must get permission from each student, and also must limit access to class members only, using password protection or other technologies.
For more information see the Guide to Selected Privacy and Confidentiality Regulations (http://technology.berkeley.edu/policy/privacy-guidelines.html) and the UC Protection of Personal Information website (http://www.ucop.edu/irc/itsec/infoprotect.html). For additional assistance with privacy regulations, contact one of the Campus Privacy and Confidentiality Resource Contacts listed in Appendix A of this Berkeley Campus Policy on Online Activities.
Users of campus online resources should familiarize themselves with associated rights and risks regarding privacy and confidentiality. A good source for such information is the University of California Electronic Communications Policy Attachment 1: "User Advisories" sections: III. Privacy Expectations, IV. Privacy Protections, and V. Privacy Limits. Some factors that should limit users' expectation of privacy include:
Technology service providers who collect data via website interfaces must adhere to the provisions of the Privacy Statement for UC Berkeley Websites (http://technology.berkeley.edu/policy/privacy-statement.html) and must post a privacy statement to notify users regarding the types and uses of data that is gathered. Online service providers may further refine the standard campus privacy statement to include additional privacy provisions, but may not reduce the level of their activities' compliance.
The disclosure of information about students is governed by the Federal Family Educational Rights and Privacy Act (FERPA) and in part by the State of California Education Code. The University of California Policies Applying to the Disclosure of Information from Student Records (http://www.ucop.edu/ucophome/uwnews/aospol/toc130.html) and Berkeley Campus Policy Governing Disclosure of Information from Student Records (http://uga.berkeley.edu/uga/disclosure.stm) provide guidance in complying with these laws.
Use of the University name is regulated by the State of California Education Code 92000 (http://www.leginfo.ca.gov/calaw.html).
The Berkeley Policy on the Use of the University's Name, Seals, and Trademarks (http://businessservices.berkeley.edu/HtmFiles/OMBOCampusPolicy.htm) clarifies that the name "University of California" and all abbreviations thereof may not be used to imply, either directly or indirectly, the University's endorsement, support, favor, association with, or opposition to an organization, product, or service without appropriate authorization. A January 22, 1998 Campus directive highlights provisions from that policy. The University Electronic Communications Policy, Section III.D states that:
References or pointers to any-non-University entity contained within University electronic communications shall not imply University endorsement of the products or services of that entity.
When an electronic communication might give the impression that the author's endorsement represents an endorsement by the University, the communication must include an explicit disclaimer. An appropriate disclaimer is:
Links on these pages to commercial sites do not represent endorsement by the University of California or its affiliates.
The University's names, seals, and trademarks convey the University's reputation of excellence. The campus community must exercise care in the use of these symbols in order to preserve their integrity and value as emblems of our institution. Use of the official seal of the Campus implies institutional support; therefore, it may only be used as authorized in the Berkeley Policy cited above. Consult the Office of Marketing and Business Outreach (OMBO) for information on appropriate use of Berkeley trademarks and logos, particularly if they are intended for use in a commercial context, such as when promoting any products or services. Specific restrictions are outlined in OMBO's UC Berkeley Trademark Guidelines and Requirements.
Display of non-Berkeley marks on campus websites must ensure compliance with any trademark and copyright rights of their owners. (See the section of this Policy regarding Sponsorship, advertising, or other forms of acknowledgement.)
UC Berkeley's Internet domain Berkeley.EDU is considered a campus trademark and any links to commercial entities or announcement of promotional activities on Berkeley.EDU websites must conform with the following:
Commercial information may be published on campus websites in conjunction with University support programs that are allowed under University regulations or consistent with the business mandate of the campus department. Examples of acceptable promotional strategies for these activities include:
Acknowledgement of non-University entities may take the following form: "We wish to acknowledge the following sponsors …" and may include the following:
Links on campus websites that lead to off-campus, commercial, locations should be formatted so as to indicate separation from the campus. For example, it is advisable that any commercial links should open (or "spawn") a separate new browser window when they are clicked on.
All income produced from electronic promotional activities is subject to University procedures ensuring full compliance with the Unrelated Business Income Tax (UBIT) law.
Agreements with and use of commercial service providers for online services must be consistent with University policy and the primary education, research, or public service goals of the department's, organization's, or individual's (faculty or staff) website. For example, these agreements cannot be used for personal financial gain (except as permitted under applicable academic personnel policies). The considerable opportunities for developing both informal and formal arrangements with commercial entities can challenge campus webmasters' ability to conform with established University controls. Relationships with vendors that result in a significant "visible presence" for a commercial entity on a department or individual website should be reviewed by the appropriate campus oversight office. Decisions regarding appropriateness shall be based on standards defined in existing University and campus policies and regulations. Consult with the Berkeley Campus Business Contracts Office (BCO) (http://businessservices.berkeley.edu/HtmFiles/BCHome.htm) to ensure that agreements with and use of commercial service providers for the conduct of online activities conform with University and campus policies.
The BCO is delegated the authority to execute various service agreements between campus units and external entities, and their review must be included for any contracts negotiating online service agreements with third-party vendors. This pertains to click agreements as well as standard written agreements or contracts. In particular, in order to ensure appropriate protection of University records, agreements that involve external hosting of University records must receive campus review and approval. The BCO uses the following criteria to escalate reviews through departmental approval structures:
In compliance with UCOP's Business and Finance Bulletin IS-10 on Systems Development Standards, the Campus Technology Council (CTC) is tasked with reviewing systems that take more than one year to develop and implement, cost more than $100,000, or meet certain other criteria. See the CTC website at http://technology.berkeley.edu/planning for more details.
The campus encourages the use of electronic communications to share information and knowledge in support of the University's mission of education, research and public service and to conduct the University's business. The Electronic Communications Policy (ECP) governs all electronic communications; it also provides User Advisories regarding User Responsibilities, Privacy Expectations, Privacy Protections, Privacy Limits, and Security Considerations. This Berkeley Campus Online Activities Policy augments the ECP with the following policy provisions:
To facilitate effective communications on campus:
Contact email address entries and updates are accomplished through the campus CalNet online directory (https://calnet.berkeley.edu/directory/update/).
To minimize the impact of email traffic on the campus community and to avoid placing undue burden on computing and networking systems, large-scale campus electronic mailings should be restricted to the following circumstances:
Official campus mailings must be approved by an authorized campus official for the organizational unit or the target audience. Individuals who are included in distribution lists for official campus notifications do not have the option to have their address removed from the list. All campus electronic mailings are subject to regulations governing privacy, such as limits on the use of directory information. Campus email address lists may not be distributed to off-campus entities.
Any electronic mailings that are large enough to negatively affect network or systems performance must be coordinated through Information Systems and Technology (IST). For help in assessing the potential impact of your mailing on network performance, or to request assistance, contact consult@berkeley.edu.
Campus electronic mailings may not be used to advertise or solicit commercial activities or services, except that:
See "Guidelines for Complying with Federal Anti-Spam Law", available as a PDF document from the University of California Office of the President Information Resources & Communications website: IT Policies at UC (http://www.ucop.edu/irc/policy/). Also see the Sponsorship, advertising, or other forms of acknowledgement section of this Policy.
The University of California Copyright Education Web Site (http://www.universityofcalifornia.edu/copyright/) provides a rich resource on copyright-related issues.
A copyright notice should be posted on campus websites to clarify who owns the work, emphasize that the University (or other affiliated owner) asserts copyright ownership, and encourage contact by those who wish to use the material. Also, it is helpful for sites to provide permission notices that describe the conditions for use of online works by others. For additional information and examples of copyright notices and permission statements, see Copyright Notices on Campus Websites (http://technology.berkeley.edu/policy/copyright/notice.html).
U.S. Copyright law and University policy govern the creative works of faculty, students, and staff posted on campus electronic systems. Creators of works are advised to familiarize themselves with University and campus copyright policy and guidelines when posting materials on campus websites. See the University of California Policy on Copyright Ownership (1992) (http://www.ucop.edu/ucophome/uwnews/copyr.html) and University of California Policy and Guidelines on the Reproduction of Copyrighted Materials for Teaching and Research (1986) (http://www.ucop.edu/ucophome/uwnews/copyrep.html) for the full text of University policy.
The University of California Standing Committee on Copyright (http://www.ucop.edu/copyright/) is charged to align University copyright policy and management with the goals of the academic mission in the context of continuous and rapid change. Refer to their website for current UC policy on ownership of course materials, particularly those in digital form.
Creators must secure appropriate permission when including copyrighted or trademarked material, such as text, logos, photographic images, video, sound, or graphic illustrations. Fair Use provisions allow use of copyrighted material without the authorization from the copyright owner for limited purposes, such as criticism, comment, news reporting, teaching, scholarship, or research. For more information see OTT's website: "What is Fair Use" (http://www.ucop.edu/ott/faculty/crothers.html#fair)). Information Resources & Communications at the University of California clarifies its position with respect to digital copyright at the "Digital Copyright Protection at the University of California" website (http://www.ucop.edu/irc/policy/copyright.html). Instructions for submitting Digital Millennium Copyright Act (DMCA) allegations of copyright infringement for UC Berkeley online locations to the UC Berkeley DMCA designated agent are available online at http://technology.berkeley.edu/policy/copyright/dmca.details.html.
Only authorized UC Berkeley community members, after securing authorized approval, are permitted to capture in electronic form instructionally-related materials, such as lectures, PowerPoint presentations, and class room discussion. Instructors and website developers must comply with existing policies relating to instruction (http://www.berkeley.edu/catalog/policies/). Developers of course websites must take appropriate measures to protect against claims of copyright infringement, such as password-protecting those parts of the site that contain copyrighted material in order to limit access to class participants.
Links to several sites offering additional copyright guidance are listed at Copyright Information Resources (http://technology.berkeley.edu/policy/copyright/).
The Educational Technology Services unit (http://ets.berkeley.edu/) may be able to assist campus faculty and academic support staff with copyright questions regarding use of online technology for teaching and learning.
The Campus strongly encourages the creation of a technical framework that offers a frictionless environment supporting integration, communication, collaboration, and compatibility of technology-enabled learning and business systems. To meet this goal, UC Berkeley has adopted an enterprise-wide, component-based technical framework to facilitate the integration of and access to enterprise and departmental applications and data in the campus environment.
CalNet is a unified directory service and authentication infrastructure intended to provide campus departments with a centralized means by which they can validate users who need or wish to access departmental applications. See the CalNet Gateway website for complete information, including CalNet Policies for users, deputies, developers, and data owners (https://calnet.berkeley.edu/policies.html).
Application developers wishing to use CalNet infrastructure data must register in the CalNet administrative system. This registration should occur after specific data and technical needs have been identified. See "How to incorporate CalNet services into your application" from the CalNet Information for Application Developers website (http://ldap-project.berkeley.edu).
The Campus Data Management, Use, and Protection (DMUP) Policy (http://dataintegration.vcbf.berkeley.edu/DMUP.htm) describes proper management, use, and protection of data. The DMUP Policy outlines responsibilities of Data Proprietors, Data Custodians, Data Integrators, and Data Users. The campus Data Stewardship Council serves as a resource to the campus community in the area of data management, advising the campus regarding data access and protection issues.
The University of California is committed to taking concrete steps to ensure that our Websites and online resources are accessible to people with disabilities. The federal Americans with Disabilities Act (ADA) of 1990 and other federal and state laws, as well as the University of California Guidelines Applying to Nondiscrimination on the Basis of Disability, require that persons with disabilities have equal opportunity to enjoy campus programs, activities, and benefits. The UC Electronic Communications Policy Implementation Guidelines state that "Operators of University electronic communications resources should coordinate with campus officers responsible for implementation of the American with Disabilities Act to ensure that persons with disabilities have access to these resources." (Attachment 2, section II.B.6 "Accessibility".) For more information about legal or policy requirements, contact Academic Compliance & Disability Standards at: (510) 642-2795, acads@berkeley.edu.
Some common techniques to make websites more accessible are available at the campus Webnet group's Website Accessibility site (http://webnet.berkeley.edu/accessability.php). Standards for web accessibility have been developed by the federal Access Board Section 508 standards (applicable to federal agencies), and these Section 508 standards have been organized into a helpful checklist by Web Accessibility in Mind (WebAIM). More indepth guidelines are available from the World Wide Web Consortium (popularly known as "W3C"), known for its W3C's Web Accessibility Initiative (WAI). For assistance with campus online resource accessibility technology contact webaccess@lists.berkeley.edu.
The Information Technology Architecture Committee (ITAC) (http://technology.berkeley.edu/architecture/itac/) has collected a set of Enterprise Architecture Documents (http://socrates.berkeley.edu:4259/eberk.detail.html ) that discuss the framework and the rationale for UC Berkeley's Enterprise architecture. This enterprise architecture is based on operational and technical principles that are described in the ITAC reports as well as the UC-wide report: UC 2010: A New Business Architecture for the University of California , July 2000 (http://uc2010.ucsd.edu/nbarch/index.htm ). Starting in 2007, ITAC will develop a set of high-level architectural roadmaps that will serve as guidelines and frameworks to use in evaluating future technology investments and initiatives campuswide.
Campus units are urged to evaluate the applications and services they intend to implement to determine whether their technical choices will facilitate the systems' compliance with the Berkeley Campus architectural framework. The ITAC maintains Enterprise Architecture Guidelines to aid in such evaluations. The Campus Technology Council may require an architectural review by the ITAC for proposed applications or technology investments that will have critical impact on the Berkeley Campus online environment.
In order to provide its constituency with secure yet open electronic communications, the campus must protect the physical and logical integrity of its networks, computers, software and data. There are a variety of potential security threats to these resources, including unauthorized intrusions, malicious misuse, or inadvertent compromise.
Campus departments, units, or groups must establish appropriate security guidelines, standards, or procedures that pertain to electronic information resources under their purview. Activities outsourced to off-campus entities must comply with the same security requirements as in-house activities.
Policies and guidelines related to campus IT security include:
All websites under campus jurisdiction (i.e., on UC Berkeley servers or commercial servers funded by campus budgets) must display the following information on at least one page (preferably the first page) of the site:
The date of last revision should be included on a website when the timeliness of the content information is pertinent to the usability of the information. For example, any reference information, procedures, policies, or other material that could be subject to frequent changes should include the date.
Also, a copyright notice should be included on campus websites. For additional information and examples of copyright notices and permission statements, see Copyright Notices on Campus Websites ( http://technology.berkeley.edu/policy/copyright/notice.html). See the “Copyright” section of this Policy for general copyright information.
A campus department or unit may establish additional local policies and guidelines governing content and style of websites under its jurisdiction. Guidance in this regard is available from resources such as:
Registration through the UC Berkeley Web Registry (http://www.berkeley.edu/registry/update/) is required in order for a site to be linked from the Berkeley Home Page. This registration is available to campus departments or units that are part of the campus organization, or to programs or groups that have formalized agreements with the campus or have been officially designated as Support Groups, Campus Foundations and Alumni Associations (http://www.ucop.edu/ucophome/policies/support/supppol.html).
The locations of links from the Berkeley Home Page are determined by the Public Affairs Office in consultation with the applicant. All registered sites must comply with the UC Berkeley Web Registry Terms and Conditions (http://www.berkeley.edu/registry/update/terms_update.html). Registration of a site requires submission of site name and URL, site description and keywords, and contact information for the site's publisher.
Course websites are published through the Online Schedule of Classes (http://schedule.berkeley.edu/). Several Learning Management Systems, i.e., centralized online repositories of online course data, with built-in tools for developing, administering, and publishing course websites, are currently supported by UC Berkeley. For more information see the campus ETS Web Services site (http://ets.berkeley.edu).
Student organization sites should be registered through Campus Life and Leadership's Student Organizations Registry (http://www.uga.berkeley.edu/osl/studentorganizations.asp?id=1063).
The University of California, Berkeley supports the concept of faculty, staff, and students creating personal websites that provide information relevant to the individual's role at the campus. Any uses of the University name or marks are subject to restrictions on Use of the University name and seal (see that section in this Policy).
Sites on University servers may not be used to promote personal business or to provide personal financial gain, except as permitted under applicable academic personnel policies. (See Section N of the Business and Finance Bulletin 29 - Management and Control of University Equipment, http://www.ucop.edu/ucophome/policies/bfb/bus29.html.)
Personal sites shall not give the impression that they are representing, giving opinions, or otherwise making statements on behalf of the University or any unit of the University unless appropriately authorized (explicitly or implicitly) to do so. Where appropriate, an explicit disclaimer shall be included unless it is clear from the context that the author is not representing the University. An appropriate disclaimer is:
The opinions or statements expressed herein should not be taken as a position of or endorsement by the University of California, Berkeley.
Personal sites may not be registered with the UC Berkeley Web Registry (http://www.berkeley.edu/registry/update/).
Violations of University policies governing the use of University electronic resources may result in restriction of access to University information technology resources. In addition, disciplinary action may be taken under other University policies, guidelines, implementing procedures, or collective bargaining agreements, up to and including dismissal. Any restrictive action must follow standard University procedures that assure due process.
Submit any questions regarding possible violation of policy or law to either the appropriate authority as defined under Appendix B, "Responsible Entities" (http://technology.berkeley.edu/policy/DRAFT/proceds-responsible.html) and "Resource Offices" (http://technology.berkeley.edu/policy/DRAFT/proceds-responsible.html#ofcs) or to itpolicy@berkeley.edu. See Responding to Inappropriate Use of Computing and Network Resources (http://technology.berkeley.edu/policy/abuse.html).
Questions about this Policy may be addressed to itpolicy@berkeley.edu.
Updates approved by the Campus Technology Council August 20, 2007
APPENDICES:
RELATED POLICIES