PPM Logo

480 - Records Management

Section: 480-3
Effective: 02/01/2012
Supersedes: 12/28/1978
Review: TBD
Issuance Date: 02/01/2012
Issuing Office: IPA Coordinator

PPM 480-3 Policy [pdf format]
PPM 480-3 Exhibit A [pdf format]
PPM 480-3 Exhibit B [pdf format]
PPM 480-3 Exhibit C [pdf format]
PPM 480-3 Exhibit D [pdf format]
PPM 480-3 Exhibit E [pdf format]
PPM 480-3 Supplement I [pdf format]
PPM 480-3 Supplement II [pdf format]

RESPONSIBILITIES AND GUIDELINES FOR HANDLING RECORDS CONTAINING INFORMATION ABOUT INDIVIDUALS

  1. RELATED POLICIES

    1. UCSD Policy and Procedure Manual (PPM)

      100-5

      Protection of Human Subjects

      230-11

      Maintenance of, Access to, and Opportunity to Request Amendment of Academic Personnel Records

      230-29

      Policies and Procedures to Assure Fairness in the Academic Personnel Review Process

      480-1

      University Policy Regarding Records

      480-2

      Legislation Affecting University Records

      480-4

      Public Records

      480-5

      Guidelines for Access by Government Agencies to Records As Required by Consent Decree

    2. UCSD Policy and Procedure Manual/Staff Personnel Manual (PPM/SPM)

      250-605

      Staff Employee Personnel Records

    3. University of California Policies and UC San Diego Campus Regulations Applying to Campus Activities, Organizations, and Students

    4. Hospital Instruction Manual (HU)

      305.2

      Release of Medical Record Information

  2. BACKGROUND

    These guidelines should be interpreted to benefit the individual. Where discretion is allowed, the protection of privacy should override the option to disclose. These issues are often complex and frequently require legal interpretation by UC Counsel. To assist departments with record matters a Records Advisor has been appointed for each functional area on campus. See Supplement I for a listing of Records Advisors.

    These guidelines do not encompass student records as defined in the Family Education Rights and Privacy Act (FERPA). For information regarding access to student records, please refer to UC Policies and UCSD Campus Regulations Applying to Campus Activities, Organizations, and Students available in the Central University Library.

  3. DEFINITIONS

    1. Individual

      The term ``individual'' means a natural person acting in the person's individual and private capacity as opposed to public employment or business proprietorship.

    2. Person

      The term ``person'' means any natural person, corporation, partnership firm, or association.

    3. Data Subject

      The term data subject refers to an individual who is the subject of the record.

    4. Third Party

      The term ``third party'' means any individual or person other than the individual who is the subject of the record.

    5. Record

      The term ``record'' means any file or a grouping of information about an individual which is maintained by the University and that contains the individual's name or identifying number, symbol or other identifying particular.

    6. System of Records

      The term ``system of records'' means one or more records, which pertain to one or more individuals, which is maintained by the campus from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular.

    7. Disclosure

      The term ``disclosure'' means to release, transfer, disseminate, or otherwise communicate all or any part of a record orally, in writing, or by electronic or any other means to any person or entity.

    8. Amend

      The term ``amend'' means to change the record in any way.

    9. Confidential Information

      The term ``confidential information'' means any record pertaining to:

      1. The enforcement of criminal laws as its principal function if the information is:

        1. compiled for the purpose of identifying individual criminal offenders and alleged offenders,

        2. compiled for the purpose of a criminal investigation of suspected criminal activities, and

        3. compiled at any stage of the process of enforcement of the criminal laws, from the arrest or indictment stage through release from supervision and including the process of extradition or the exercise of executive clemency.

      2. Information consisting solely of written testing or examination material, or scoring keys used solely to determine individual qualifications for appointment or promotion in public service, or used to administer a licensing examination, or academic examination, the disclosure of which would compromise the objectivity or fairness of the testing or examination process.

      3. Information containing medical, psychiatric, or psychological material if a professional determines that disclosure of the information would be medically or psychologically detrimental to the individual. Such information shall, upon written authorization, be disclosed to a physician, psychiatrist or other licensed medical or psychological personnel designated by the data subject.

      4. Information consisting solely of investigative materials maintained by an agency for the purpose of investigating a specific grievance, complaint, or violation of state law, but only so long as an investigation is in progress and such investigative information has not been maintained for a period longer than is necessary to complete a criminal, civil, or administrative prosecution or initiate other remedial action.

        The source or sources of information used for an investigation under this section may be kept confidential so long as the confidentiality is necessary to protect its law enforcement activities.

      5. Records consisting of information used solely for the purpose of verifying and paying government health care service claims made pursuant to the Welfare and Institutions Code.

      6. Any information which is required by statute to be withheld from the individual to whom it pertains.

      7. Academic Personnel Review files, including letters of recommendation, and ad hoc committee reports, pending result of litigation.

    10. Nonpersonal Information

      The term ``nonpersonal information'' means:

      1. Information consisting only of names, campus addresses, campus telephone numbers, and other limited factual data which could not, in any reasonable way:

        1. reflect or convey anything detrimental, disparaging, or threatening to an individual's rights, benefits, privileges, or qualifications, and

        2. be used to make a determination that would affect an individual's rights, benefits, privileges, or qualifications.

      2. A campus telephone book or directory.

      3. A card catalog of any campus library, or the contents of any book listed within the card catalog.

      4. A mailing list consisting of campus addresses used exclusively to mail University or campus information.

      5. Records required by law to be maintained and used solely as a system of statistical records, as long as such records are not used in making any determination about an identifiable individual.

    11. Personal Information

      Any information in any record about an individual that is maintained by the University and is not included in the definitions of non personal and confidential in the above paragraphs.

  4. RESPONSIBILITIES

    1. Academic Personnel Office

      Process all requests related to the personnel records of persons holding appointment in an academic title. Requests will be processed in accordance with PPM 230-11, ``Maintenance of, Access to, and Opportunity to Request Amendment of Academic Personnel Records.''

    2. Staff Personnel Office

      Process requests for access to personnel files located in Staff Personnel Office. (See PPM 250-605.) Process requests from individuals to review refusals to amend staff personnel records. (See PPM 250-605.)

    3. Department

      1. Maintain accurate and up to date records.

      2. Serve as initial contact for individual seeking access or amendments to records.

      3. Contact Records Advisor when questions arise.

      4. Route requests for information from third parties to Records Advisor.

      5. Maintain a log of all third party disclosures. (See Exhibit D.)

      6. Upon receipt of a request to access records, ensure that all related records are identified and maintained for inspection. Destruction of records after receipt of a request is a violation of the Information Practices Act.

    4. University Employees

      Follow Code of Conduct in handling University Records containing information about individuals (See Supplement II).

    5. IPA Coordinator

      1. Conduct annual inventory of campus record keeping systems and report findings to Systemwide.

      2. Assist individuals in locating records containing personal information about themselves.

      3. Serve as consultant to Records Advisors and campus personnel regarding privacy laws as they relate to University records.

      4. Serve as Chair of Records Advisors Committee.

      5. Serve as the campus liaison with Systemwide offices including General Counsel.

      6. Upon request by an individual who is the subject of the record, assemble the Records Advisors Committee to review a refusal to amend records. (Personnel records and student records are excluded from this process.)

      7. Distribute information regarding privacy laws and policies throughout campus.

      8. Upon request from an individual who is the subject of the record, evaluate the confidential designation of information made by the Record Holder / department.

    6. Records Advisors

      1. Advise departmental personnel in matters relating to records particularly privacy of and access to information.

      2. Consult with campus IPA coordinator when questions or concerns arise.

      3. Serve on Records Advisors Committee.

      4. Ensure that information regarding privacy laws and policies / procedures are disseminated through area of responsibility and arrange for training of employees.

      5. Upon notification from IPA coordinator, review a refusal to amend records (personnel and student records are excluded).

      6. Review all requests for information from Third Parties.

    7. Vice Chancellors

      1. Appoint Records Advisor for area of responsibility.

      2. Maintain close communication with Records Advisor regarding matters involving privacy laws and policies.

      3. Vice Chancellor-Academic Affairs responds to requests from governmental agencies for access to academic personnel records.

      4. Vice Chancellor-Business & Finance responds to requests from governmental agencies for access to staff personnel records.

  5. COLLECTION OF PERSONAL INFORMATION BY UNIVERSITY DEPARTMENTS

    1.  Collect only information which is relevant and necessary to accomplish the purpose of the record keeping system. Information should not be collected to ``make it easier'' to do the job or because it ``would be good to have.''

    2.  Collect information directly from the individual who is the subject of the record. If that is not possible, record the source used to obtain the information.

    3.  When an individual is asked to complete a form collecting confidential or personal information about themselves, a written statement shall accompany the form. The statement must contain the following information:

      1. The name of the campus department requesting the information.

      2. The title, campus address and telephone number of the person responsible for the record keeping system.

      3. The University policy or other legal authority which authorizes the maintenance of the information being collected on the form.

      4. Whether submission of the information on the form is mandatory or voluntary.

      5. The consequences, if any, of not providing all or any part of the requested information.

      6. Describe the principal purpose or purposes for which the information being collected is to be used.

      7. The right of the individual who is the subject of the record to review records containing personal information maintained on him or her by the University. A simple statement such as: ``You have the right to review the record as it pertains to yourself'' is sufficient.

      8. List any known or forseeable disclosures which may be made to a governmental agency of the information being collected (if there are none, leave this point off the statement).

      A notification statement guide which is to be used to meet these requirements is attached as Exhibit A. This format has been approved by the Systemwide IPA Coordinator and General Counsel. Notification statements that vary from this form must be approved by the campus IPA Coordinator.

  6. MAINTENANCE OF PERSONAL INFORMATION

    Upon request, an individual who is the subject of the record shall be notified as to whether the University maintains a record about himself/herself. If it is found that records are maintained about the individual, the campus shall so inform the subject individual, provide the title and business address of the official responsible for the record, and refer the subject individual to these guidelines for access and appeal procedures. The Request for Records Access form, Exhibit B, is to be used for this purpose.

    1.  Departments shall control access to departmental records by means of a responsible Record Holder and internal procedures that ensure the security and confidentiality of records.

    2.  Rules of conduct have been established by the University and are included as Supplement II for the guidance of employees handling records.

    3.  The IPA Coordinator maintains an inventory of the physical location of records maintained by the University and the campus.

    4.  Record Holders/Departments shall follow established records management principles and these guidelines to ensure that records are accurate, relevant, timely and complete.

    5.  Unless specifically authorized by law, an individual's name and home address shall not be distributed for commercial purposes, sold or rented.

    6.  Upon written request of an individual, the campus must remove the individual's name and home address from a campus mailing list, unless the mailing list is used exclusively by the campus to contact that individual.

    7.  Record holders shall not modify or destroy information in order to avoid compliance with the Information Practices Act.

    8.  The requirements of the IPA are extended to any personal or confidential records maintained or operated for the University under contract. Some examples would be a record transcription service or a record storage facility.

  7. ACCESS TO PERSONAL INFORMATION BY SUBJECT INDIVIDUAL

    This section applies only to personal information and not confidential information. See Section III for definitions.

    1.  A Request for Records Access form, Exhibit B, is used to initiate the process.

      Requests may be directed to the Record Holder or the IPA Coordinator if there is a question as to the location of the information.

    2.  If a record cannot be located by reference to the individual's name, or when locating a record by name only would be an unreasonable administrative burden, more information may be required from the individual to aid in locating the record.

    3.  The identity of the person making the request for personal information must be verified. The more sensitive the information requested, the greater the need for proof of identity.

      A driver's license with a photograph is sufficient in most cases when an individual appears in person. Personal information should not be given over the telephone unless there is adequate assurance of the identity of the caller. Record Holders must not allow themselves to be pressured into providing personal information over the telephone where the identity of the caller is uncertain. If information is requested by mail, signature verification might be enough assurance or Record Holders may ask the individual to sign and return a Request for Records Access, Exhibit B.

    4.  When responding to a request for personal information, the Record Holder shall review the information and delete all confidential information including material related to the subject individual and personal information about other individuals that may be included. In cases involving a large volume of records (more than 30 pages), the Records Advisor should review the material prior to disclosure. If questions exist regarding deletions, contact the Records Advisor immediately.

    5.  Information, including letters of recommendation, compiled for the purpose of determining suitability, eligibility or qualifications for employment, reappointment, advancement, or promotion, and received with the promise that the identity of the source of the information would be held in confidence (or, if compiled prior to July 1, 1978, with the understanding that the identity of the source would be held in confidence) shall be released to the individual to whom the information pertains as follows:

      1. a copy of the material with deletions made to protect the identity of the source of the information; or

      2. in the case of academic personnel records, a comprehensive summary of the information. (See 160-20C of the APM and PPM 230-11.)

    6.  Full disclosure shall be made to the individual who is the subject of the record of any personal information (not confidential) that could reasonably in any way reflect or convey anything detrimental, disparaging, or threatening to the individual's reputation, rights, benefits, privileges, or qualifications, or be used by the campus to make a determination that would affect the individual's benefits, privileges, or qualifications.

    7.  If it is determined that information requested is confidential as defined in Section III, it shall not be available to the individual who is the subject of the record. The Request for Records Access form will be used to notify the individual who is the subject of the record of the decision within 30 calendar days of request.

      The individual directly affected by the confidential designation of the information may request a review of the designation. The Request for Records Access form is to be used for this purpose. The individual who is the subject of the record will be informed of the findings of such review within 30 calendar days from receipt of the request for review.

    8.  Records containing personal information shall be made available by appointment to the individual who is the subject of the record within 30 calendar days of the request for active records and within 60 calendar days of the request for inactive records. Appointments for review of records will be scheduled during normal UCSD business hours, 8:00 am to 4:30 pm. Appointments for review of records containing personal information may be scheduled for more than one time period when warranted by the volume of records to be reviewed, the work load and space limitations in the office of record and the subject individual's own schedule.

      If the individual, who is the subject of the record, is a University employee, the subject employee may schedule time off from work to review records containing personal information when the following criteria are met:

      1. Scheduled time off does not have a serious adverse effect on the employee's work unit.

      2. The supervisor has approved the time off.

      3. The use of overtime is avoided.

      Under no circumstances shall a supervisor willfully prevent an employee from scheduling an appointment to review records containing personal information within 30 days from receipt of request.

      Appointments for review of records containing personal information should be mutually acceptable to all involved. Disputes over scheduling appointments to review records should be referred to the campus IPA Coordinator for resolution.

    9.  The personal information in a record shall be presented in a reasonably comprehensible form; for example, microfiche data would have to be printed onto paper.

    10.  Records containing personal information about an individual may be disclosed to a duly appointed guardian or conservator. Records may be provided to a person representing the individual who is the subject of the record, provided that it can be proven with reasonable certainty that the person is the subject individual's authorized representative.

      Records containing personal information may be disclosed to a third party with the prior written voluntary consent of the individual who is the subject of the record, but only if consent has been obtained not more than 30 days before disclosure, or time limits have been specified.

    11.  If copies are requested, an exact copy of the record or any portion thereof shall be provided within 15 calendar days of the inspection date.

    12.  An individual who is the subject of the record may be charged for the cost of copying the records but not for any labor involved. The copy costs shall be paid prior to or at the time of delivery of copies. The first copy of an individual's own personnel file is to be provided without charge.

      There shall be no charge made for copies if the campus provides record copies in lieu of allowing access to actual records.

    13.  Records containing personal information or a true copy of the records shall be made available to the individual who is the subject of the record at a location near the subject individual's residence or by mail whenever reasonable. When the Record Holder has been asked to mail copies of documents, the copy costs (10\(ct/Page) may be recovered prior to mailing.

  8. AMENDMENTS TO RECORDS CONTAINING PERSONAL INFORMATION

    In processing amendments to records containing personal information, keep in mind that requests pertaining to staff personnel records are governed by PPM/SPM 250-605 and requests pertaining to academic personnel records are governed by PPM 230-11. Requests pertaining to other records are governed by this policy (student records are excluded).

    1.  If individuals believe that personal information in the records is not accurate, relevant, timely or complete and could negatively affect their status or rights, they are entitled to submit a request for amendment or correction of the record. The Request to Amend Records, Exhibit C, is to be used.

    2.  The Record Holder must notify the individual who is the subject of the record, within 30 days after receipt of the request, that corrections have been made as requested or that all or part of the request has been rejected. The reasons for refusing to amend the records, and the appeal process procedures must be provided to the individual. The Request to Amend Records form is to be used to make the notification.

  9. REVIEW/APPEAL FOR REFUSALS TO AMEND RECORDS CONTAINING PERSONAL INFORMATION

    The individual who is the subject of the record is entitled to request a review of the decision not to amend a record. See PPM/SPM 250-605 for staff personnel records and PPM\ 230-11 for academic personnel records. The following applies to requests for reviews pertaining to all other records (student records are excluded).

    1.  A written request for review must be sent to the campus IPA coordinator on the Request to Amend Records form, Exhibit C.

    2.  The campus IPA coordinator shall schedule a meeting of the Records Advisors Committee to consider the request.

    3.  Notice of the results of the review must be sent to the individual who is the subject of the record within 30 days after receipt of the request or within 60 days if circumstances make it necessary to extend the review period.

    4.  If the Committee concludes that all or part of the request for amendment or correction should not be granted, the notice must include a statement of reasons for the refusal.

    5.  The decision of the Committee is final.

    6.  An individual who is the subject of the record is entitled to file a statement of disagreement with the refusal to amend the record.

      1. The statement should be of reasonable length (usually not more than one or two pages).

      2. The statement should specify the corrections requested and reasons why each correction should be made.

      3. The statement will be filed with the record in dispute.

      4. A campus statement must be filed with the record in dispute as well. The Committee's notification to the subject individual may serve as the campus statement for the record.

      5. The two statements must be made available to persons or agencies to whom the disputed information was or is disclosed.

  10. DISCLOSURE OF PERSONAL INFORMATION TO OTHERS

    Disclosure of personal information is only permitted under very specific conditions which are described in this section. Whenever personal information is disclosed, a Notice of Redisclosure, Exhibit E, should be given to the requesting individual, agency, institution, University department or other third party.

    1. To University Officers, Employees, or Volunteers

      Disclosure is permitted if the personal information disclosed is relevant and necessary in the ordinary course of their official duties and is related to the purpose for which the information was acquired.

    2. To Governmental Agencies

      All requests from governmental agencies for access to personnel records must be referred to either the Vice Chancellor-\%Academic Affairs or the Vice Chancellor-\%Business & Finance. See PPM 480-5 for full details.

    3. To All Others (Third Parties)

      Disclosures of personal information about an individual to any other person must be approved by the appropriate Records Advisor. If it is determined that personal information cannot be released, written notification shall be sent to the third party indicating the reason(s) for the refusal. Exhibit B may be used for this purpose.

      One of the following conditions must be satisfied before the disclosure will be made:

      1. The individual who is the subject of the record must have given prior written voluntary consent not more than 30 calendar days before the disclosure or within time limits specified by said individual in the written consent.

      2. The individual who is the subject of the record has a duly appointed guardian or conservator, or is represented by another person, and it can be proven with reasonable certainty that such person is the individual's authorized representative.

      3. The personal information is available in accordance with provisions of the California Public Records Act. This includes information which is part of an individual's employment contract with the University. The following information shall be released upon request: The employee's date of hire, current job title, current rate of pay, organizational unit assignment, and current job description.

      4. The Records Advisor has received advance, adequate, written assurance that the personal information will be used solely for statistical research or reporting purposes, and the information is in a form that will not identify an individual.

      5. Transfer of the personal information is necessary for the transferee agency to perform its constitutional or statutory duties, and such use is compatible with a purpose for which the information was collected.

      6. The record is requested under a State or Federal law and is released to a governmental entity.

      7. The Records Advisor determines that compelling circumstances exist which affect the health or safety of an individual. A notice that the personal information has been disclosed will be sent to the last known address of the individual who is the subject of the record.

      8. The disclosure is pursuant to a subpoena, court order, or other circumstances where the University is required by law to release the personal information. Prior to disclosure the Records Advisor must make a reasonable attempt to notify the individual who is the subject of the record. In the case of medical records, a subpoena duces tecum issued and served by a private party or an agency of the Federal government must include a certificate signed by the subpoenaing party or his/her attorney saying that they have notified the individual to whom the subpoenaed records pertain that his/her records are being sought. the records pertain must accompany the subpoena duces tecum prior to disclosure.

      9. The disclosure is pursuant to a search warrant.

      10. The disclosure is to a law enforcement agency engaged in the investigation of unlawful activity, unless such disclosure is otherwise prohibited by law.

      11. The disclosure is to a department of the University or a non-profit educational institution conducting scientific research, provided the request for information has been approved by the appropriate Human Subjects Committee and includes assurances that personal or confidential information is needed; procedures are established to protect the confidentiality of the information; and the personal identity of the subject shall not be disclosed further.

      12. The disclosure is to a committee of the State Legislature or to a member of the State Legislature when they have the permission of the individual to whom the information pertains.

      13. If a department head wishes to provide an oral evaluation of an individual in response to specific job related questions from a perspective non-University employer, refer to Staff Personnel Policy 250-605.25.

      14. The disclosure is to another government agency responsible for enforcing a specific state law, and it is necessary to investigate a case.

      15. The disclosure is to the Office of Information Practices when it is investigating a complaint regarding an alleged violation of the IPA or performing its mediation functions, and it has received the written voluntary consent for such a transfer from the individual who is the subject of the record.

    4. Disclosure Log

      All disclosures of personal information to third parties are to be approved by the appropriate Records Advisor and recorded. Exhibit D, Disclosure Log, may be used for this purpose. The log forms may be kept with the individual record disclosed or may be kept as a separate record of disclosures made by the department. In either case, the Disclosure Log shall be made available for inspection by the individual who is the subject of the record. If the record of disclosures is kept as a separate file, one individual must not be given the record of disclosures made about other individuals. The Logs shall be retained for at least three (3) years after the disclosure was made.

  11. PENALTIES FOR VIOLATIONS OF LAW

    The IPA provides specific civil remedies and penalties for violations of the law. The complete text of the IPA is available from reference section of the Central Library. University employees acting in good faith, without fraudulent or malicious intent, are not individually liable for acts or omissions within the scope of their employment. The following will provide an overview of the types of penalties associated with improper handling of \%University records.

    1. Unauthorized Disclosures of Personal and/or Confidential Information

      Any person who intentionally discloses information not otherwise public which he or she knows or reasonably should know was obtained from personal or confidential information maintained by the University shall be subject to a civil action for invasion of privacy by the individual to whom the information pertains. In any successful action, the plaintiff may be awarded damages, a minimum of $2500 in exemplary damages, as well as attorney's fees and other costs of litigation.

    2. Obtaining Records Under False Pretenses

      Any person who willfully requests or obtains any record containing personal or confidential information from the University or campus under false pretenses shall be guilty of a misdemeanor and fined not more than $5,000 or imprisoned not more than one year or both.

    3. Violations of IPA by University Officers or Employees

      An officer or employee of the University who intentionally violates any provision of the IPA, or any rules or regulations adopted thereunder, shall be disciplined. Discipline will be commensurate with the severity of the consequences of the violation and the degree of intent or negligence of the employee. Discipline may include termination of employment.


EXHIBIT A

Notification Statement Guide

This guide is to be used to develop an appropriate notification statement when collecting personal information. It has been approved by general counsel and may not be changed without prior approval from the campus IPA Coordinator.



The State of California Information Practices Act of 1977, effective July 1, 1978, requires the University to provide the following information to individuals who are asked to supply information about themselves.

The principal purpose for requesting the information on this form is to

(be specific)
_____________________________________________________

Maintenance of this information is authorized by (state policy or list laws).

Furnishing information requested on this form is

mandatory, failure to provide such information
will delay or may even prevent completion of
the action for which the form is being completed.

OR

voluntary and there is no penalty for not completing this form.

Information furnished on this form may be used by various University departments for(list other uses)and will be transmitted to the State and Federal governments if required by law.

Individuals have the right of access to this record as it pertains to themselves.

The official(s) responsible for maintaining the information contained on this form is (are): Name and campus address, or title and campus address, of responsible officer.


EXHIBIT B

REQUEST FOR RECORDS ACCESS

The Above Form is in PDF Format

REQUEST FOR RECORDS ACCESS


EXHIBIT C

REQUEST TO AMEND RECORDS

The Above Form is in PDF Format

REQUEST TO AMEND RECORDS


EXHIBIT D

DISCLOSURE LOG

To be used to record disclosures of personal information made to all third parties.

The Form is available in PDF format.

DISCLOSURE LOG

EXHIBIT E

NOTICE ON REDISCLOSURE OF
PERSONAL INFORMATION

This is a sample statement that should be used to warn persons and agencies receiving personal information from University records.



This information has been disclosed to you from the files of
__________________________________________________________.
                                Name of Department or Unit



The intentional redisclosure of this information may subject you to a civil action under Section 1798.53 of the Civil Code for invasion of privacy by the individual to whom the information pertains.

You are advised to be certain of your authority to further disclose any of this information before doing so.


SUPPLEMENT I

ARCHIVISTS

DEPARTMENT

NAME
LOCATION
EXT
Campus
Linda Claassen
Central Library
C-075-S
42533

INFORMATION PRACTICES ACT COORDINATOR

NAME

LOCATION
EXT
Paula J. Johnson
108 University Center
42552

SUPPLEMENT II

RULES OF CONDUCT FOR UNIVERSITY EMPLOYEES
INVOLVED WITH INFORMATION REGARDING INDIVIDUALS

  1. Employees responsible for the collection, maintenance, use, and dissemination of information about individuals which relates to their personal life, including their employment and medical history, financial transactions, marital status and dependents, shall comply with the provisions of the State of California Information Practices Act. PPM 480-3 Privacy of Responsibilities and Guidelines for Handling Records Containing Information About Individuals, shall be used as a basic source of guidance in administering the Act's provisions.

  2. Employees shall not require individuals to disclose personal information which is not necessary and relevant to the purposes of the University or to the particular function for which the employee is responsible.

  3. Employees shall make every reasonable effort to see that inquiries and requests relating to personal records of individuals are responded to quickly and without requiring the individual to unnecessarily repeat his or her inquiry to others. In other words, reasonable efforts will be made to place the responsibility on the Department for responding to the individual after his/her initial contact.

  4. Employees shall assist individuals who seek information pertaining to themselves in making their inquiries sufficiently specific and descriptive so as to facilitate locating the records.

  5. Employees shall respond to inquiries from individuals, and requests from them to review, obtain copies of, amend, correct, or dispute their personal records in a courteous and business-like manner, and in accordance with PPM 480-3.

  6. Employees shall not disclose personal and confidential information relating to individuals to unauthorized persons or entities. The intentional disclosure of such information to such persons or agencies may be cause for disciplinary action.

  7. Employees shall not seek out or use personal or confidential information relating to others for their own interest or advantage. The intentional violation of this rule may be cause for disciplinary action.

  8. Employees responsible for the maintenance of personal and confidential records shall take all necessary precautions to assure that proper administrative, technical, and physical safeguards are established and followed in order to protect the confidentiality of records containing personal information and to assure that such records are not disclosed to unauthorized individuals or entities.