Library Policy on the Collection, Use, and Disclosure of Electronic Information
(last rev. September 22, 2008)
Freedom of speech and privacy are essential in maintaining and upholding academic freedom. The UC Berkeley
Library respects and upholds the privacy of transactions and communications, whether electronic, paper,
telephone, or face-to-face.
Access to personally identifiable information1 is restricted to Library staff who need it
to conduct Library business2. Personally identifiable information is never used for
commercial purposes and is never revealed to a third party except as required and authorized by policy or law. The
Library is supported in these practices by national, state and local laws, as well as by University policies.
Except as required by law, users of Library systems and services are informed whenever personally
identifiable information other than transactional information will be collected and stored automatically by the
system or service. The Library retains personally identifiable information only so long as it is required for
The Library does not routinely inspect, monitor, or disclose records of electronic transactions for other
than Library business purposes. The Library adheres to the University policy (Business and Finance Bulletin
that prohibits University employees and others from "seeking out, using, or disclosing" personally identifiable
information without authorization, and requires employees to take necessary precautions to protect the
confidentiality of personally identifiable information encountered in the performance of their duties or
Library Web Site
In the course of providing you with Web-based services, The Library collects and stores
certain information automatically through our Web site. We use this information on an aggregate
basis to maintain, enhance or add functionality to our Web-based services. It includes:
- your Internet location (IP address)
- which pages on our site you visit
- the URL of the Web page from which you came to our site
- which software you use to visit our site and its configuration
This type of data is not personally identifiable.
The Library's web site links to Internet sites and services outside the administrative domain
of the library. The UCB library does not govern the privacy practices of these external sites.
Users should read the privacy statements at these sites to determine their practices. When the
Library contracts with vendors for access to online content, every attempt is made to include
user information protections in the license agreement.
A "cookie" is information stored on your workstation by a Web server and used to customize your interaction with the
Web. Some cookies last only for the duration of the session, while others are persistent and reside on a computer's hard
drive until the user deletes them or the computer is refreshed. As a matter of policy, cookies are erased from UC
Berkeley Library public computers at the beginning of each day.
Accessing personally identifiable information for other than Library business
The Library shall only permit the inspection, monitoring, or disclosure of personally identifiable information for
other than Library business purposes: (i) when required by and consistent with law, University policy, or campus policy;
(ii) when there is substantiated reason to believe3 that violations of law or of
University, campus, or Library policies have taken place; or (iii) when failure to act might result in significant bodily
harm, significant property loss or damage, loss of significant evidence of one or more violations of law or of University
policies, or significant liability to the Library, University, or members of the University community.
When under the circumstances described above personally identifiable information must be inspected,
monitored, or disclosed, the following shall apply:
- Authorization. Except in emergency circumstances, such actions must be
authorized in advance and in writing by the University Librarian, or by an Assistant/Associate University
Librarian or Director designated by the University Librarian. Authorization shall be limited to the least
perusal of content and the least action necessary to resolve the situation.
- Emergency Circumstances. In emergency circumstances -- circumstances in
which delay might precipitate harm, loss, or liability as described in (iii) above -- any ADMIN member may
approve the least perusal of content and the least action necessary to resolve the emergency, immediately and
without prior written authorization, but appropriate authorization must then be sought without delay.
- Compliance with Law. Actions taken shall be in full compliance with the law and other applicable University
and campus policies. In particular, actions taken in regard to electronic communications, including e-mail,
shall comply with the provisions of the University of California Electronic Communications Policy
- Public Records. Records pertaining to the business of the Library, whether
or not created or recorded on Library equipment, are University records subject to disclosure under the
California Public Records Act, other laws, or as a result of litigation.
- Possession of University Records. Library employees are expected to comply with requests, properly vetted
through University policies and procedures, for copies of records in their possession that pertain to the
business of the University, or whose disclosure is required to comply with applicable laws, regardless of
whether such records reside on University electronic communications resources.
- Unavoidable Inspection. During the performance of their duties, personnel
who operate and support electronic communications resources periodically need to monitor transmissions or
observe certain transactional information to ensure the proper functioning and security of Library systems and
services. On these and other occasions, systems personnel might observe personally identifiable information.
Except as provided elsewhere in this Policy or by law, they are not permitted to seek out such information where
not germane to the foregoing purposes, or disclose or otherwise use what they have observed.
Such unavoidable inspection of personally identifiable information is limited to the least invasive degree of
inspection required to perform such duties. This exception does not exempt systems personnel from the
prohibition against disclosure of personal and confidential information.
Except as provided above, systems personnel shall not intentionally search electronic records or transactional
information for violations of law or policy. However, as required by Business and Finance Bulletin G-29,
Procedures for Investigating Misuse of University Resources, they shall report violations discovered
inadvertently in the course of their duties.
- Back-up Services. Operators of Library electronic systems shall provide
information about back-up procedures to users of those systems upon request.
1 Personally identifiable information is any information that can be directly or indirectly associated with
a known individual. For example, all information contained in personnel, patron, and circulation files is personally
2 Library business refers to activities involved in the provision, maintenance, and management of the
Library's systems and services to its patrons and staff. Circulating books and journals, enforcing Library contracts, and
troubleshooting problems with the Library's e-mail system are all examples of Library business. Trying to discover who
used a Library workstation to issue a harassing message would typically not be Library business, however.
3 Substantiated reason to believe requires reliable evidence, as distinguished from suspicion, rumor,
gossip, or other unreliable evidence.
** Many thanks to the UCLA and UCSD Library privacy statements from which we liberally borrowed.
Copyright © 2013
The Regents of the University of California. All rights reserved.
Last updated 01/09/13. Server manager: contact