The University of California recognizes that principles of academic freedom and shared governance, freedom of speech, and the personal right to privacy hold important implications for the use of electronic communication and offers information privacy protections to students, faculty, and staff. Information service providers must take a broad view of their privacy and confidentiality responsibilities, such as minimizing review of electronic communication and other private personal information.
Full list of privacy criteria
- Does the provider abide by the ECP?
- Under what circumstances will the provider access email content or restrict service without the consent of the user?
- Under what circumstances will the provider allow third-parties (business partners, contractors, government officials, law enforcement) to access email content without the consent of the user?
- What administrative tools/access does the provider offer for the campus to access email content without the consent of the user?
- Is the use of these tools audited and reported to the campus?
- When the provider engages with third-parties to provide components of the email service are those third-parties’ security and privacy policies required to be “as stringent as” the provider’s?
- Will demographic or personal information ever be transferred to a third party without the express written consent of the University, including browsing preferences collected by cookies on advertisements?
- Are communications or stored email data mined or monitored by the provider?