Information for Buyers and Customers

. For more information see Before Sourcing Technology or contact IT Policy at itpolicy@berkeley.edu.

Cloud computing, hosted solutions, etc.

亚洲城老虎机游戏网址Buyers, please inform your customers of the following when purchasing applications and services hosted outside of UC Berkeley:

In most cases, the vendor has access to your data, communications, account information, etc. Don’t expect that the vendor’s privacy, security, or business continuity protections will meet UC standards. Some ground rules and important pointers:

  • Don’t use external information systems or services for anything that you’re not prepared to disclose or lose. It is best to assume that whatever information goes to or through the service may become public. This includes records of activities of those using the service, such as who used the service, what they used it for and when, etc.
  • Check out the company’s privacy policy — there should be a link to it somewhere on their website. Know what the vendor is going to do with the information you and others provide. This includes who they may provide information to and who they will allow to access it. What permissions have you granted by accepting their agreement/Terms of Use?
  • Don’t use external information systems or services to collect without ensuring that all appropriate campus policies are met. Please contact IT Policy at itpolicy@berkeley.edu for more information.
  • Don’t expect to get your information back if the company has a disruption in service, is acquired, or goes out of business. Keep local copies/backups of any critical data or records just to be safe.
  • Don’t expect to be informed if law enforcement or the government requests or subpoenas information from the vendor or service provider. This is true even if a UC-approved agreement is in place. While some organizations will try to direct the requester to you/the University first, there is no guarantee that this will happen, and the vendor may even be forbidden from disclosing the request. This means that your privacy and the privacy of everyone using the product or service is dependent on the outside organization.