Access to Electronic Communications falls under the systemwide UC Electronic Communications Policy (UCECP) and our local Implementation of the Electronic Communications Policy (IECP). Designed to protect the privacy of the members of the UC community, the policy also ensures continuity of access to records when an employee is absent – unexpectedly or otherwise. Departments may ensure continuity of access to records by seeking consent from employees to access business records. Per policy, consent is not always required to obtain University records, however. Please see section III.F of the IECP for more information regarding access without consent. If you need to access an employee’s electronic resources without consent, please fill out the access without consent form and return to the campus privacy officer prior to access. If you have any questions about the UCECP, the IECP, or access requests, please contact the campus privacy officer.
Data Access Transparency
The Electronic Communications Policy requires all UC campuses to publicly report the number of requests and approvals for non-consensual access to UC Santa Barbara electronic communications (including, but not limited to, email, calendar, online document collaboration, online files, and individual computing devices – including cell phones). All such requests are handled in accordance with the ECP and UC Santa Barbara’s Implementing Guidelines. Under the ECP, consent of the record holder is always required except for the following, limited circumstances:
- Required by and consistent with law1;
- Substantial reason to believe that violations of law or of specific University policies have taken place2;
- Compelling Circumstances3; OR
- Time Dependent, Critical Operational Circumstances4
"Non-Consensual Access Requests" counted in this transparency report include formal requests for non-consensual access, as well as requests from those who asked about access, but did not submit a formal request. "Non-Consensual Access Requests Granted" figures do not include incidents that were eventually resubmitted as consensual access requests or withdrawn. The report does not reflect routine security monitoring conducted by UC Santa Barbara or by the UC Office of the President.
The report is silent on "requests" required by law that are imposed with a gag order. The University will have no knowledge of requests imposed with a gag order that are delivered directly to vendors.
Non-Consensual Access to Electronic Communications at UC Santa Barbara July 1, 2018-June 30, 2019
| Student | Faculty | Staff | Total | |
|---|---|---|---|---|
| Total Non-Consensual Access Requests | 0 | 0 | 1 | 1 |
| Total Non-Consensual Access Requests Granted | 0 | 0 | 1 | 1 |
| Access Taken Under ECP Emergency Circumstance | 0 | 0 | 0 | 0 |
| Requests Granted Where ECP Not Applicable5 | 0 | 0 | 0 | 0 |
| Requests Granted Under ECP | 0 | 0 | 1 | 1 |
| Granted Under ECP: - Required by and Consistent with Law |
0 | 0 | 0 | 0 |
| Granted Under ECP: - Violation of Law or Policy |
0 | 0 | 1 | 1 |
| Granted Under ECP: - Compelling Circumstances |
0 | 0 | 0 | 0 |
| Granted Under ECP: - Time-Dependent, Critical Operational Circumstances |
0 | 0 | 0 | 0 |
Non-Consensual Access to Electronic Communications at UC Santa Barbara July 1, 2017-June 30, 2018
| Student | Faculty | Staff | Total | |
|---|---|---|---|---|
| Total Non-Consensual Access Requests | 1 | 0 | 2 | 3 |
| Total Non-Consensual Access Requests Granted | 1 | 0 | 0 | 1 |
| Access Taken Under ECP Emergency Circumstance | 0 | 0 | 0 | 0 |
| Requests Granted Where ECP Not Applicable6 | 0 | 0 | 0 | 0 |
| Requests Granted Under ECP | 1 | 0 | 0 | 1 |
| Granted Under ECP: - Required by and Consistent with Law |
0 | 0 | 0 | 0 |
| Granted Under ECP: - Violation of Law or Policy |
1 | 0 | 0 | 1 |
| Granted Under ECP: - Compelling Circumstances |
0 | 0 | 0 | 0 |
| Granted Under ECP: - Time-Dependent, Critical Operational Circumstances |
0 | 0 | 0 | 0 |
1 Includes access compelled by a search warrant, subpoenas, or other court order.
2 Substantial Reason is defined as a having reliable evidence indicating that a violation of law or of one of the University Policies listed in Appendix C, Policies Relating to Access Without Consent, probably has occurred, as distinguished from rumor, gossip, or other unreliable evidence.
3 Compelling Circumstances are those situations in which failure to act might result in significant bodily harm, significant property loss or damage, or loss of significant evidence of one or more violations of law or University policies listed in Appendix C, Policies Relating to Access Without Consent, or significant liability to the University or members of the University community.
4 Circumstances in which failure to act could seriously hamper the ability of the University to function administratively or to meet its teaching obligations, but excluding circumstances pertaining to personal or professional activities, or to faculty research or matters of shared governance.
5 After separation from the University or death, the former account holder is no longer considered the “record holder” and ECP procedures are not applicable. However, the campus still seeks to limit access to only the minimum amount of information necessary.
6 After separation from the University or death, the former account holder is no longer considered the “record holder” and ECP procedures are not applicable. However, the campus still seeks to limit access to only the minimum amount of information necessary.