University policy and state and federal laws recognize the individual's right to privacy, as well as the public's right to know about the governance of public institutions.
The UC Berkeley Privacy Office within the Office of Ethics, Risk and Compliance Services and Information Security and Policy within the Office of the Chief Information Officer are responsible for establishing campuswide privacy and information security programs (respectively) to guide campus units in achieving compliance with policies and laws regarding privacy issues and the protection of information maintained by the campus.
The disclosure of information from student records is governed by the Federal Family Educational Rights and Privacy Act (FERPA), coordinated by the Registrar acting as the FERPA Compliance Officer. UC Berkeley policy governing disclosure of information from student records can be found on the Campus Policy web site. More information can be found on the Registrar's web site.
UC Business and Finance Bulletin RMP-8, "Legal Requirements on Privacy of and Access to Information" classifies information as confidential, confidential academic review records, personal, and non-personal. These classifications are used to clarify access rights of the individual to whom records pertain and third party disclosure rights. Everyone has a right of access to non-personal information, which may be considered equivalent to public information. Full access to personal information is provided to the individual to whom the information pertains, but very limited disclosure of it is allowed to other persons or agencies. Confidential information is generally not accessible even to the individual to whom it pertains.
University policy prohibits campus employees and others from seeking out, using, or disclosing personal information except within the scope of their assigned duties. Administrative officials are responsible for confidential records, and for ensuring that their employees take the necessary precautions to protect the confidentiality of personal information encountered in the performance of their duties or otherwise.
Campus departments or units who provide online services must comply with all applicable University regulations and laws governing personal privacy and the confidentiality of information. In addition, those departments or units who collect data via web site interfaces must adhere to the provisions of the Privacy Statement for UC Berkeley Websites. The privacy statement notifying users as to the types and uses of data that is gathered must be posted on each web site.
Summaries of, and links to, selected privacy and confidentiality regulations are included in the Guide to Selected Privacy and Confidentiality Regulations.