Access Without Consent to Electronic Communications Records
A. Authorization
An electronic communication holder's records may be inspected, monitored, or disclosed without the consent of the individual but with the approval of the authorizing Vice Chancellor (see Appendix A, Definitions) under the following conditions:
- When required by and consistent with law
- When there is a substantiated reason to believe that violations of law or University policies have taken place (see Appendix C, policies relating to non-consensual access)
- When there are compelling circumstances (see Appendix A, Definitions)
- Time-dependent, critical operational circumstances (see Appendix A, Definitions)
Electronic communication records that have been subpoenaed will be disclosed, as appropriate, with the approval of Campus Counsel.
B. Procedures
Before accessing an electronic communication without consent, the form UCSF Tracking Form for Access Without Consent to Electronic Communication Records must be completed. The completion of this form documents that proper procedures have been followed before an electronic communication is accessed without the consent of the electronic communication holder.
B.1 Access Without Consent
The procedures below define the requirements for authorizing the inspection, monitoring, or disclosure of electronic communication records without the consent of the electronic communication holder.
Overall Requirement
For any request for access without consent, the form UCSF Tracking Form for Access Without Consent to Electronic Communication Records must be completed. This form is used to document the review process for all access without consent. Without completion of this form, access without consent cannot be granted under any circumstances.
Request for Access to Electronic Communication Records
- The person requesting access to the electronic communication record(s) will complete the Requestor section of the form, UCSF Tracking Form for Access Without Consent to Electronic Communication Records and send it to the department head of the affected electronic communication holder. If the requestor is a department head, then the request must be sent to the department head's supervisor.
- The department head will complete the Department Head section of the UCSF Tracking Form for Access Without Consent to Electronic Communication Records. If the Department Head approves the request, s/he will send the form to Campus Counsel for further authorization. If the Department Head does not approve of the request, the denial will be indicated on the form, and returned to the requestor.
- Campus Counsel will complete the Campus Counsel section of the UCSF Tracking Form for Access Without Consent to Electronic Communication Records. If Campus Counsel approves the request, that will be indicated on the form, and the form will be sent to the appropriate Vice Chancellor. Staff requests will be sent to Steve Barclay, Vice Chancellor of Finance and Administration; Academic appointee and student requests will be sent to Dorothy Bainton, Vice Chancellor of Academic Affairs. Denied requests will be returned to the Department Head, who will communicate the denial to the requestor and send a copy of the tracking form to ITS Information Security Services, UCSF Box 0704.
- The authorizing Vice Chancellor will complete the Vice Chancellor section of the UCSF Tracking Form for Access Without Consent to Electronic Communication Records. Approved requests will be sent to the Department Head, who will ensure that the records are accessed as requested. The Access to the Requested Electronic Communication Record section of the form will be completed once access to the records has been completed. Denied requests will be returned to the Department Head, who will communicate the denial to the requestor and send a copy of the tracking form to ITS Information Security Services, UCSF Box 0704.
The completed form must be sent to ITS Information Security Services, UCSF Box 0704, for summary reporting.
B.2 Emergency Circumstances
In emergency circumstances (see Appendix A, Definitions), records may be inspected, monitored, or disclosed without the prior consent of the authorizing Vice Chancellor. The least perusal and the least action necessary to resolve the emergency may be taken immediately without consent; however, proper authorization must then be sought and documented without delay. The form UCSF Tracking Form for Access Without Consent to Electronic Communication Records must be used to document the post-authorization of emergency access to electronic communication records without prior consent of the individual. The procedures below define the requirements for authorizing the inspection, monitoring, or disclosure of electronic communication records under emergency circumstances:
- The department head will seek the approvals of Campus Counsel and the authorizing Vice Chancellor, which will be documented by their signatures in the appropriate sections of the UCSF Tracking Form for Access Without Consent to Electronic Communication Records
- When the electronic communication records are accessed, that access will be documented in the Access to the Requested Electronic Communication Record section of the UCSF Tracking Form for Access Without Consent to Electronic Communication Records.
- If it is lawful to do so, the department head will notify the electronic communication holder that the record(s) have been inspected, monitored, or disclosed.
The completed form must be sent to ITS Information Security Services, UCSF Box 0704, for summary reporting.
C. Recourse After Inspection, Monitoring, or Disclosure Without Consent
Under both the normal and emergency procedures defined above, the electronic communication holder may appeal the decision of a department head or the authorizing Vice Chancellor through UCSF personnel procedures.
D. Annual Reporting
ITS Information Security Services will annually produce a report of summary non-consensual access statistics with no information about individual cases, and shall be posted on the web so the data will be available to the University community and the public. See Attachment 2, page 7 for UC reporting requirements.
|
home
about its