University of California, Irvine
Department of Education
Systems and Data Security and Use Agreement
This document references the following documents. You are hereby advised to familiarize yourself with these documents as well as this document.
UC Business and Finance Bulletins
for Investigating Misuse of University Resources
IS-3, Electronic Information Security
RMP-2, Records Disposition Program and Procedures
RMP-4, Vital Records Protection Policy
RMP-7, Privacy of and Access to Information Responsibilities
RMP-8, Legal Requirements of Privacy of and Access to Information
RMP-9, Guidelines for Access to University Personnel Records by Government Agencies
UCI Administrative Policies & Procedures
Policy on Reporting Improper Activities
Section 714-15, Policy on Accessing University Administrative Information Systems
Section 714-16, Procedures for Accessing University Administrative Information Systems
Section 714-17, Using University Administrative Information Systems
Section 720-10, Information from Public Records (California Public Records Act) -- Guidelines
Section 720-11, Privacy of and Access to Information (Excluding Student Records) -- Guidelines
Section 800-15, Implementation Guidelines for the UC Electronic Mail Policy
The following terms may be used in this document. If so, there are in accordance with their definitions in BFB IS-3, Appendix A.
Business Continuity Plan
Disaster Recovery Plan (DRP)
Electronic Information Resource (EIR)
Electronic Information Resource Custodian (EIRC)
Electronic Information Resource Proprietor (EIRP)
Electronic Information Security Coordinator (EISC)
Intrusive Computer Software (ICS)
Furthermore, the following terms may also be used in this document and are define here:
Departmental Security Administrator (DSA): a departmental security administrator has the rights necessary to grant access to a predefined set of users at various levels to specified functions/applications of a university electronic information resource.
DoE: Department of Education, University of California, Irvine
LoginID: A unique identifier assigned to a user which, in conjunction with a valid password, provides access to specific functions/applications on a university EIR.
Sensitive Information: Sensitive information includes, but is not limited to, a person's name together with social security number, bank account number, and/or California Driver's License number, as defined by SB1396
UCInetID: A three to eight letter code, based on an individual's name, that uniquely identifies the individual at UCI. UCInetIDs are used to authenticate individuals as UCI affiliates for access to UCI electronic services. UCInetIDs are also the basis of an individual's information in the UCI online directory database, PH/QI, which defines who has access to UCI network resources and provides an e-mail address for everyone at UCI.
University Records: University records include, but are not limited to, private, confidential or sensitive information.
Systems and Data Security and Use Agreement
You must read and sign this document before any access will be given to any DoE or other university systems or information.
I, the undersigned employee, as an Authorized User of university EIRs and data, acknowledge that I have read, understand and agree to adhere to the following statements:
All LoginIDs in conjunction with valid passwords are considered equivalent to a signature. The Authorized User of a university LoginID is responsible for all entries made under their LoginID. Similarly, all email using a university LoginID constitutes a legal communication as if were a hand-written letter signed by the individual who sent it.
The Authorized User will maintain proper security by never providing anyone with access to or use of any university EIRs for any reason. If anyone without access needs access, they are to contact DoE IT support or the DoE DSA for access. This includes never revealing or sharing any LoginID (login or password) with anyone.
The Authorized User of the LoginID will use university EIRs only for legitimate and necessary business reasons for which they have been explicitly authorized. It is never permissible to casually view or browse any university records. Authorized users may access university EIRs and records only on a "need to know" basis. Users are not allowed to view or use university EIRs or records for any personal interest or advantage.
The Authorized User will maintain the privacy and confidentiality of all accessible data, personal, confidential, sensitive or otherwise, and understands that unauthorized disclosure of personal, confidential or sensitive information may constitute invasion of privacy and may result in disciplinary, civil and/or criminal actions.
The Authorized User will not store any Sensitive Information in any computer, unless the law requires it and such storage is approved by the DoE DSA. If Sensitive Information is stored, the Authorized User must secure and protect it according to current and applicable University policies, procedures and standards, including but not limited to encrypting the information.
Proper physical security of data must be maintained. All media must be locked away securely in desk drawers or file cabinets which lock. Users should logoff all EIRs when not present with the EIR or at a minimum lock the EIR while away. In general, EIRs should be powered down when the user leaves unless specifically instructed or given permission to do otherwise.
Data will be cleaned from all storage media before any part or whole of any storage media machine is disposed or salvaged. Re-formatting media to delete information is mandatory but considered insufficient. The media must be physically destroyed prior to disposal.
The Authorized User is expected to report any suspected violations of systems or data security or use to their supervisor or the department DSA. If illegal activity has been determined, all information and equipment will be turned over to campus police and/or legal authorities for prosecution to the full extent of the law.
The Authorized User is informed that, under existing California state law, any person who maliciously accesses, alters, deletes, damages or destroys any EIR, network, computer program or data shall be guilty of a felony.
The Authorized User is informed that references to personal, confidential or sensitive information in the UC Irvine Campus Policies and Procedures and in this document are for informational purposes and may not specify all the computer use standards, University policies and procedures, or state and federal laws by which the Authorized User is governed.
The Authorized User is informed that failure to comply with these policies, rules and regulations may result in disciplinary action, up to and including dismissal, as well as referral to law enforcement authorities.
Any violation of local, state or federal laws may carry the additional consequence of prosecution under the law, where judicial action may result in specific fines, imprisonment, costs of litigation, reimbursement for damages or both, or all the above.
The University will take the strongest actions possible in the case of any breach of these agreements.
As an Authorized User of university EIRs and data, I understand that all EIRs and data I use to perform my job duties are the property of the University of Califronia, Irvine. These EIRs and data include but are not limited to email on any university EIR. As such, the EIRs and data may be accessed at any time by University employees as required in the performance of their job duties. This includes but is not limited to the University and/or DoE technical staff, who in the performance of their job duties, may require access to my EIRs and data. Upon termination of any employee, it will be the responsibility of the technical staff and DSA to terminate access to my University EIRs and either reassign or delete all information on my University EIRs. The Authorized User is hereby advised that there should never be any personal use of University EIRs nor presence of personal information on any University EIRs.
By signing this agreement, you are acknowledging, that you have read this Systems and Data Security and Use Agreement in its entirety and agree to abide by it.