UCI Information Security and Privacy Policies

Laws and Regulations

FERPA: Federal Family Educational Rights and Privacy Act of 1974

HIPAA: The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules

Payment Card Industry (PCI): PCI SSC Data Security Standards Overview

Gramm-Leach-Blilely: UCOP Gramm-Leach-Bliley (GLB) Act Complianc (pdf)

Information Security Policies and Guidelines

The University of California is committed to high standards of excellence for protection of information assets and information technology resources that support the University enterprise.

University of California UC Irvine

Privacy Policies and Guildines

The University of California offers information privacy protections to students, faculty, and staff. Campus service providers must take a broad view of their privacy and confidentiality responsibilities, such as minimizing invasion into private lives. The University recognizes that principles of academic freedom and shared governance, freedom of speech, and privacy hold important implications for the use of electronic communications.

Administrators, programmers, etc. may not examine or disclose electronic communications records, or their content, without the holder's consent. Proper approval must be obtained to access electronic communication records without user consent. University policy requires that its employees take necessary precautions to protect the confidentiality of personal information encountered either in the performance of their duties or otherwise.

See: UCI Privacy Policies

Involuntary Disconnection

(excerpt taken from Sec. 800-13: UCInet Guidelines - C-4)

To assure the integrity of UCInet, it may be necessary for OIT to disconnect a host, a group of hosts, or a network that is disrupting network service to others. This includes hosts involved in network security problems, such as those used by unauthorized parties to attack other systems on UCInet or on the Internet. If the situation allows, OIT will make an attempt to contact the local network administrator or owner of the host or hosts involved. If those individuals are not available, the disconnection may proceed without notification.

With regard to security issues, a disconnection might be a "partial" one that isolates the host from attacking hosts, or from off-campus access in general. A host that has been compromised by unauthorized parties may need to stay disconnected until the host's operating system can be updated and all changes made by the attacker reversed.