Guiding Principles for Personal Data

COMMITMENT TO PRIVACY

Privacy of individuals is essential to promoting the values of academic integrity, intellectual freedom, autonomy, and freedom of expression and association. Privacy is an integral part of the ethical treatment of individuals and institutional assets and serves as a basis for a respectful environment [1]. UC San Diego is strongly committed to maintaining the privacy and security of all data [2] that is entrusted to us, including the personal information [3] of faculty, students, alumni, staff, applicants, and research participants.

We commit to managing data as a strategic institutional resource and asset. Our data management strategies are intended to protect, and not restrict, the core academic values and processes of UC San Diego and increase the value of campus information resources through widespread and appropriate use. We recognize our responsibilities of stewardship for personal information and will only access it to support the campus education, service, and research missions, or for other legally required purposes. In order to balance the privacy and legal rights of individuals with the utility of the data in service of our mission, we commit to providing broad access to data consistent with the level of sensitivity of the data, roles and responsibilities of the users, appropriate and legitimate purposes for use, and level of training.

DATA PROTECTION PRINCIPLES

UC San Diego operates from a baseline of compliance with relevant laws and regulations. Various laws and regulations, such as FERPA and the Common Rule, protect personal data of individuals. Once legal requirements are met, the guiding principles balance the privacy of the individuals and security of institutional assets with the value of data. Most laws address the principles below. Even where laws and policies are silent, stewardship principles guide data handling practices. [4]

Personal data must be consistently protected throughout its lifecycle commensurate with its level of sensitivity and criticality to campus operations, regardless of where it resides, type of media, or what purpose it serves. Data collection, retention, use, and sharing practices should be transparent and provide essential protections for the privacy of individuals. When collecting, accessing, using, or disclosing personal data, we commit to the following data protection principles:

  • Transparency and individual rights: To the extent possible, we will empower individuals to participate and make choices about the use of their data. Except where prohibited by law, we will be transparent about our collection, use, disclosure, and maintenance of personal information by using privacy notices, statements of data protection practices, informed consent documents, or other similar information as appropriate. We understand that, with some exceptions, individuals have the right to access and inspect personal data UC San Diego maintains about them and understand the uses and disclosures of such data. [5]
  • Purpose specification and use limitation: To the maximum extent possible, we will specify and communicate the purpose of data use to the individual at the time it is collected or as soon as possible thereafter. We will handle personal data for the sole purpose of conducting the legitimate business of the University, consistent with the principles of justice, equity, and beneficence. We will specify and document our purpose for accessing and using personal data. In every endeavor, we must consider potential unintended consequences of data use, inquiry, and disclosure; we will be mindful of uses or disclosures that may cause harm or be surprising or alarming to individuals who have provided sensitive personal data, particularly if they may feel unexpectedly singled out. Where possible, we will select the most privacy-protective methods and procedures for accessing and using personal data.
  • Data minimization: We will collect no more personal information than necessary to serve the campus mission or as legally required. We will use de-identified, aggregated, masked, or otherwise anonymized data whenever possible. We will retain personal data no longer than necessary. [6]
  • Access control: We will provide authorized individuals access to information they need to carry out work responsibilities. We will follow appropriate approval processes to request access to data. We will limit access to personal data to those with a legitimate business or research purpose to conduct a properly assigned task, or as required by law. We will safeguard the personal data from inappropriate use through strong, documented administrative controls, particularly where technical controls are unavailable.
  • Security: We will secure University data at a level appropriate to its sensitivity and criticality to campus operations.
  • Data quality, accuracy, and integrity: To the extent practicable, we will ensure that personal data is accurate, relevant, timely, and complete. [7]
  • Due diligence: When transferring or providing access to personal data outside UC San Diego, or using a third party vendor/service provider to process personal data, we will assess the privacy, security, and legal status of the external entity prior to transfer or access.

DATA OWNERSHIP

Records and data collected or used under the auspices of the University or with University resources are not automatically owned by the individual users or researchers, even when stored on personal devices.

STATEMENT ON PURPOSE OF DATA USE

All personal data should be used for legitimate purposes only, and to the maximum extent possible, these purposes should be communicated to the individuals at the time of collection.  Some uses require additional approvals or procedures.  Having access to personal data does not confer authority to further disseminate or disclose that information or use it for other purposes.

  • Legitimate Purposes
    • Business or educational purpose

      Legitimate business/educational purpose means that 1) the information or record is relevant and necessary to the accomplishment of some task or determination, and 2) the task or determination is an employment responsibility for the Data User or is a properly assigned subject matter for the Data User. [8]  Examples of legitimate purposes include: 

      • Following up on research misconduct claims
      • Providing guidance to a student on her progress toward graduation
      • Evaluating an employee for a potential STAR award
      • Emailing alumni newsletters
      • Investigating illegal conduct [9]
      • Learner analytics to the extent that this purpose has been clearly communicated to the learner at the time of collection

      Personal data may not be used for:

      • Activities unrelated to the user’s assigned university roles and responsibilities, even if well-meaning
      • Marketing of services or products or other commercial purposes not under the auspices of the University without approval from the Chancellor [10]
      • Political campaign activities or electioneering in violation of University policies
      • Personal gain, curiosity, or concern, even if well-meaning, without consent
      • Unlawful activities
      • Uses that violate other University policies [11] [12]

      Based on the principle of data minimization, identifiable personal data should not be used where de-identified, aggregated, masked, or otherwise anonymized data is sufficient to accomplish the purpose

    • Human subjects research purpose:

      Access to personal data (including direct identifiers, indirect identifiers, potentially identifiable information, and small cell sizes) for human subjects research [13] purposes is only authorized with a current approval or exemption from the Institutional Review Board (IRB) [14] and, in some cases, the individual’s consent, in addition to documentation of privacy and security safeguards.

      The University encourages, and some sponsors require, researchers to provide access to research data for other researchers or to the public.  Researchers who handle personal, or otherwise regulated, data are encouraged to work with institutional officials – such as cognizant privacy officers, export control officials, and librarians – to determine how best to achieve open science goals.

SPECIAL CATEGORIES OF INFORMATION

Certain categories of information are governed by special laws and policies.  To the extent that there is a conflict between those laws or policies and this document, the law or policy will control.  The following are some categories of data specifically protected by law:

  • Social Security Numbers, national identification numbers, or driver’s license numbers [15]
  • Student (and applicant) information [16]
  • Information related to minors [17]
  • Health, genetic, mental health, and drug use information [18]
  • Personal data in human subjects research [19]
  • Financial and credit data [20]
  • Data about individuals in or from other countries [21]
  • Location data [22]
  • Device IDs and IP addresses [23]

ROLES AND RESPONSIBILITIES

Current data stewards are listed here.  The Campus Data and Analytics Governance Committee is currently revising this list and defining the roles of Data Trustees, Stewards, and Users.  In general, anyone that is granted access to any personal data must follow all laws, policies, and the above guidelines.


Definitions

Data User:  An individual who has been granted access to Data as part of his or her assigned duties, roles or functions. This access is granted solely for the conduct of University business.

Personal information/data:  Information that, alone or in combination with other data, potentially identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with or single out an individual a particular person or household.  Personal information includes, but is not limited to, the following:

  • Identifiers such as a real name, alias, postal address, telephone number, unique personal identifier, signature, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, statements made by or attributed to the individual, physical characteristics or description, or any other financial information, medical information, or health insurance information or other similar identifiers. 
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.
  • Biometric information.
  • Characteristics of protected classifications under California or federal law.
  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Geolocation data.
  • Audio, electronic, visual, thermal, olfactory, or similar information.
  • Professional or employment-related information.
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).
  • Inferences drawn from any of the information to create a profile about a person reflecting the person’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. 

Identifiable information may include data that has been stripped of direct identifiers but leads to a small population/cell size.  Personal information is used synonymously with “personally identifiable information,” “PII,” or “personal data”.

Research:  A systematic investigation, including research development, testing and evaluation, basic or applies research, designed to develop or contribute to generalizable knowledge.  Generally, research is in the public interest, adheres to all applicable ethics and privacy laws, and the results are anticipated to be widely shared. 

Human subjects research: Research about a living individual wherein an investigator (whether professional or student) conducting the research obtains 1) data through intervention or interaction with the individual, or 2) identifiable private information (i.e., personal information) from any source.