Chapter 17: Records/Paperwork Access and Management
Revised November 2011
Chapter 17-100: Introduction
The management of University records is subject to federal and State laws. These impose simultaneous and sometimes conflicting obligations. Generally these laws require the University to disclose records to the public (Freedom of Information Act, California Public Records Act), yet simultaneously require protection (nondisclosure) of certain records or selected parts of records. Decisions regarding disclosure or nondisclosure of University records must be made in compliance with federal and State laws.
The primary written University guidance relating to the management and disposition of University records is contained in the "RMP" Series--Records Management and Privacy. (See Section 17-999).
This Chapter supplements the RMP Series with respect to the University's contract and grant administration function and summarizes the key guidelines regarding disclosure and nondisclosure for the convenience of the Contract and Grant Manual user. When making disclosure or nondisclosure decisions, reliance should be first on the RMP Series, and then on consultation with the campus Coordinator of Information Practices and/or General Counsel's Office, as needed.
17-110 Access to Records
This Manual section provides general guidance about some typical records access issues involved with contract and grant administration.
17-111 Access by Funding Agencies to Contract and Grant Records
Extramural awards may contain provisions outlining the nature and extent of the sponsor's right to examine contract or grant records. For federal grants and cooperative agreements, the relevant provisions are contained in 2 CFR Part 215.53, Uniform Administrative Requirements for Grants and Agreements with Institutions of Higher Education, Hospitals, and Other Non-Profit Organizations (OMB Circular A-110), “Retention and Access Requirements for Records.” (See Section 17-F04). Federal contracts will usually be governed by Federal Acquisition Regulation (FAR) clause 52.215-2, Audit and Records - Negotiation . In general, these federal grant and contract provisions give authorized representatives access to all records directly pertinent to the sponsored agreement for a period up to three years after final payment or closeout. State agreements usually allow the Auditor General access to agreement records up to three years after final payment, if the State agency follows the State Contracting Manual, Chapter 9.16, Retention of Contract Records.
Access provisions in sponsored agreements that are broader than the above federal or State rules should not be accepted without first consulting with the campus Coordinator of Information Practices. If longer retention rates are accepted, the appropriate campus parties responsible for the documents involved would need to be informed.
Additional guidance may be found in Business and Finance Bulletin RMP-9, Guidelines for Access to University Personnel Records by Governmental Agencies. The following summary is intended to provide only a general overview of the contents of the RMP-9; for details, please refer to the Bulletin.
The guidelines contained in RMP-9 relate to various kinds of personnel records, namely, those designated as confidential, those designated as non-personal, and those designated as personal. Confidential records (e.g., medical, psychological, or investigative information about an individual) are defined in Section VII.B.1. of RMP-8, Legal Requirements on Privacy of and Access to Information. Non-personal information (e.g., an individual's name, date of hire, current position, etc.) are defined in Section VII.B.3. of RMP-8. Personal information (e.g., an individual's birthdate, citizenship, Social Security number, etc.) is defined in RMP-8, Section VII.B.4.
RMP-9 also provides guidance on how to respond if a representative of a governmental agency requests access to personnel records, including those that are confidential, personal, or non- personal. Non-personal information may be made available upon request. However, because of the sensitivity of confidential and/or personal information and the University's policy of protecting individual rights of privacy, the University takes the position that confidential and/or personal information will only be released if the requesting agency has, and can provide evidence that it has, statutory right to review these kinds of records (or, in the case of personal information, if the individual to whom the information pertains has authorized release). The requesting agency must also agree to appropriately maintain confidentiality.
17-112 Access by the Public to Unfunded Extramural Proposals
It is the University's position that the public generally does not have a right to inspect unfunded extramural proposals. Disclosure of unfunded proposals might jeopardize favorable action on the proposal because other institutions or individuals might discover and use unique or innovative ideas or processes contained in such proposals and acquire unfair competitive advantages, thus threatening the success of the University proposal. For further guidance, see the summary of the California Public Records Act and University Implementation in Section 17- S01.
For coverage on the public's right to obtain copies of University extramural proposals in the possession of federal agencies, see Section 17-F03, Federal Freedom of Information Act.
17-113 Access by the Public to Extramural Awards
The contents of the award file generally are available for inspection under the California Public Records Act. However, when extramural award records are released to a member of the public, care must be taken to ensure that those sections of the award file that include "confidential" or "personal" information (as defined in RMP-8, Legal Requirements on Privacy of and Access to Information, and regulated under the State of California Information Practices Act of 1977), proprietary information, or any other information that cannot be disclosed pursuant to State or federal law are not released. This is particularly true when the project involves the use of human subjects. See Sections 17-S01 and 17-S02 for further guidance.
For coverage on the public's right to obtain copies of University extramural award records in the possession of federal agencies, see Section 17-F03.
17-114 Access by the Public to Contract and Grant CGX Reports
Campuses are authorized to make available for inspection upon request reports produced in the Corporate Contracts and Grants System (CGX) listing proposals submitted by and awards made to The Regents (10-420 CGX System). An aggregate listing of contracts and grants from extramural sources is available for inspection at the Office of the President, Office of Research Policy Analysis and Coordination (RPAC). The contracts and grants are listed by sponsor and by campus. RPAC can help identify which campus holds a particular contract or grant and provide a contact point on the campus.
17-115 Access by University Employees to University Records
Access by employees of the University to extramural proposals, extramural awards, and Contract and Grant CGX reports is governed by the same guidelines as set forth for the general public in Sections 17-112, 17-113, and 17-114, respectively, with two exceptions. First, pursuant to Section 1798.24(d) of the State of California Information Practices Act of 1977, disclosure of "confidential" and "personal" information is permissible to:
Those officers, employees, attorneys, agents or volunteers of the University if the disclosure is relevant and necessary in the ordinary course of the performance of their official duties and is related to the purpose for which the information was acquired. Secondly, disclosure of information in such records may be required under the State of California Information Practices Act of 1977 to the employees about whom the information pertains. See Section 17-S02 for further guidance.
17-120 Privacy of Records
Primary University guidance concerning privacy of records is contained in RMP-8, Legal Requirements on Privacy of and Access to Information. The two main statutes dealing with privacy of records are the California Public Records Act (see Section 17-S01) and the California Information Practices Act of 1977. (See Section 17-S02.) RMP-8, Section VI, deals with the California Public Records Act, which is intended to ensure "access to information concerning the conduct of the people's business." Subsection VI.C. lists the types of records that are exempt from disclosure under the Act, including "preliminary drafts, notes, or inter-agency or intra-University memoranda which are not retained by the University in the ordinary course of business, provided that the public interest in withholding those records clearly outweighs the public interest in disclosure."
In addition, the Act addresses the confidentiality of University employee home addresses and telephone numbers, and computer software. With respect to the latter, "computer software developed by the University is not itself a public record....However, the public record status of information is not affected merely because it is stored in a computer--such information shall be disclosed."
It is noted that "although the statutory exemptions from disclosure allow the University to deny disclosure, they do not require non-disclosure." Because decisions concerning privacy of University records and contractual obligations affecting the privacy of University records must be made pursuant to various applicable laws, including the California Public Records Act, such decisions must be made on a case-by-case basis and coordinated with the campus Coordinator of Information Practices, as necessary.
RMP-8, Section VII outlines the provisions of the California Information Practices Act of 1977 (IPA). The IPA is an omnibus-type statute that is intended to balance the competing interests of access to public records held by the State government and the right to privacy of individuals.
The IPA originally defined three categories of information (confidential, personal, and nonpersonal) for which different standards of privacy and access were established. Recent amendments to the IPA have altered or deleted these three categories. Nevertheless, University policy continues to classify information as confidential, personal, or nonpersonal. In addition, University policy establishes a special category of confidential academic review records. These categories are defined in RMP-8, Section VII.B.
Individual rights of privacy are thus protected by University guidelines that call for the safeguarding and appropriate treatment of personal and/or confidential information (including confidential academic review records).
17-130 Attorney-client Privilege for General Counsel Opinions
Contract and Grant Officers request legal opinions from the Office of the General Counsel. The attorney-client privilege applies to opinions and other correspondence transmitted in confidence between the Office of the General Counsel and University employees. From time to time, Contract and Grant Officers, as well as other University employees, provide copies of such correspondence to others, including persons outside the University. It should be understood that when such correspondence is disclosed to third parties, the attorney-client privilege normally is lost. Thus, if an adversarial situation develops, the loss of the attorney- client privilege could have undesirable legal consequences for the University.
Contract and Grant Officers, as well as other University employees, should consult with the Office of the General Counsel before releasing legal opinions to third parties.
17-140 Classified Information and Records
Policy coverage and guidance concerning classified information and records are discussed in Chapter 20 of this Manual.
Chapter 17-200: Non-administrative, Research Records
This section concerns records that are writings prepared, owned, used, or retained by the University relating to the non-administrative, intellectual conduct of research. Such records include, but are not limited to, unpublished research notes and data, preliminary research reports or summaries, and unfunded extramural proposals. (See Section 17-112.) In accordance with Academic Personnel Manual Section 020, University Regulation Series No. 4, Special Services to Individuals and Organizations, "Notebooks and other original records of research are the property of the University."
Should a request be made for access to such records under the California Public Records Act (see Section 17-S01), a decision regarding the applicability of the Act to such records must be made on a case-by-case basis in coordination with the campus Coordinator of Information Practices.
In turn, the campus Coordinator of Information Practices may consult as needed with the Office of the General Counsel.
Chapter 17-300: Administrative Records
The University's administrative records management program is outlined in the RMP Series of the Business and Finance Bulletins. Following are some of the topics covered in that Series that would be of interest to Contract and Grant Officers:
- 1. RMP-1, Section IV- B, Ownership Statement quotes the following University Policy on Ownership of Administrative Records, issued October 31, 1969: With respect to [administrative records of] all of its officers and employees, including members of the faculty, whose regular or occasional performance of administrative duties puts them in possession of files, records, or documents pertaining to such duties, such files, records, or documents, including but not limited to correspondence, reports, writings, and other papers, records, maps, tapes, photographic files and prints, magnetic and punched cards, discs and drums, are the property of The Regents of the University of California, and, as such, may not be permanently removed from the University nor destroyed except in accordance with disposition schedules established by the Records Management Committee.
- 2. RMP-2, Records Retention and Disposition: Principles, Processes and Guidelines, addresses the development and maintenance of the University Records Disposition Schedules Manual, which is the primary reference source for information on retention periods for all University records.
- 3. RMP-5, Records Retention Program for Financial Documents Pertaining to Federal Awards to the University is discussed below in Sections 17-310 through 17-312.
- 4. RMP-8, Legal Requirements on Privacy of and Access to Information, is discussed in Section 17-120.
- 5. RMP-9, Guidelines for Access to University Personnel Records by Governmental Agencies, is discussed in Section 17-111.
17-310 Records Disposition Schedules for Contract and Grant Documents
The University's disposition schedules for contract and grant related records are set forth in the University Records Disposition Schedules Manual, Section I.D., Contracts, Grants, and Agreements (Extramural) for Research, Training & Public Service. These schedules present the name or description of the record; establish the Office of Record for the document; and set the schedule for disposition in years. Guidance on Retention and Disposition Requirements for Administrative Records Relating to Research, published on the OP RPAC web site, provides a comprehensive listing of records retention and disposition requirements for all research-related records including those for animal and human subjects, conflict of interest, misconduct, environmental health and safety, etc.
17-311 Office of Record
For extramural awards and proposals and for basic agreements, the Office of Record has been established as the "Contract and Grant Office (campus or OP) with operational responsibility." This designates the office at the operational level, i.e., the appropriate campus, OP or Laboratory Contract and Grant Office or, for certain agricultural programs, the Vice President--Agriculture and Natural Resources. This has the effect of assigning Office of Record responsibility to the office with day-to-day administrative responsibilities. Under this procedure, a campus or Laboratory Contract and Grant Office would be the Office of Record for an award document even though an acceptance or execution by the President and/or Officers of The Regents was required under specific Regental authorization.
17-312 Retention Period
The following retention requirements apply to the Office of Record copy of a contract and grant record. The retention period for other copies is generally 0-5 years.
a. Awards.
For all extramural contracts (including interagency agreements and project orders under basic agreements), grants (including private), and cooperative agreements (including private), the prescribed retention period for the Record Copy is the longer of: six years after expiration/termination; resolution of any litigation, claim, or audit; or the period stated in the award document. Other copies should be retained for a period of 0-5 years.
Federal and State of California funding agencies usually require records retention for three years (occasionally four years) measured from "final payment" for contracts and measured from "submission of final expenditures report" for grants. However, because it is administratively unreasonably burdensome for Accounting offices to notify the appropriate Office of Record when final payment or submission of the final expenditures report occurs for every extramural award, the retention period for extramural award records is measured from expiration/termination of the extramural award (a much easier point in time to assess) forward six years. It is presumed that six years from expiration/termination will more than accommodate the three or four years from final payment or submission of the final expenditures report retention period imposed by extramural sponsors.
For those rare awards where the retention period set forth in the award document exceeds that shown in the University Records Disposition Schedules Manual, award documents must be retained in accordance with the requirement specified in the award document. Additionally, when litigation, claims, or audits are initiated prior to the end of the records retention period, records must be retained until final resolution.
b. Proposals.
For proposals to extramural sponsors, the retention period varies in accordance with the disposition of the proposal. A pending proposal must be retained until a decision is made to fund, reject, or withdraw the proposal. When a proposal is rejected or withdrawn, the records may be discarded immediately or may be retained up to two years after rejection or withdrawal. When a proposal is funded, the proposal records become part of the award records and are governed by the award's disposition schedule.
c. CGX Advice Forms.
Forms used to input proposal or award information into the Corporate Contracts and Grants System (CGX) may be disposed of once the information has been entered into the CGX system. They should not be retained beyond three years.
d. CGX Report Records.
A series of quarterly, annual, and "upon request" reports are produced based on data compiled from the campus CGX Advice Forms. The retention periods for the record copy of most of the quarterly reports is "until superseded by next quarterly report," with the exception of "Contract & Grant Proposals (sorted by campus-sponsor-department)" which is 5 years for the record copy, and "Summary Report of Contract and Grant Awards" which is 10 years for the record copy.
The retention period for the record copy of all annual reports is 10 years, except for the "Annual Comparison of Award Amounts" which is 2 years. The office of record for all these reports is OP RPAC.
The retention period for all "upon request" CGX reports is 0-2 years and the office of record is the requesting office. For further information, see the "Contract and Grant Reports--Computer Generated" section of the University Records Disposition Schedules Manual.
17-320 Records Related to Human and Animal Research Subjects
Policy coverage and general guidance concerning retention of records related to human research subjects and related Institutional Review Board (IRB) records are presented in Chapter 18, Section 18-272, of this Manual.
Policy coverage and general guidance concerning retention of records related to animal research subjects and related Animal Research Committee (ARC) records are presented in Chapter 18, Section 18-465, of this Manual. Retention and disposition requirements of records relating to animal and human subject research is published on the OP RPAC UC Research Policies and Guidance website under “Guidance on Retention and Disposition Requirements for Administrative Records Relating to Research.”
17-330 Vital Records
17-331 Definition
Business and Finance Bulletin RMP-4, Vital Records Protection, Section II, defines a vital record as:
A record is vital when the re-establishment of an authentic replacement of a lost or unavailable record would be impossible or prohibitively difficult and, thus, abridge, jeopardize, or otherwise affect a significant right of an individual, a significant right or asset of the University, or the performance of an essential function of the University so adversely that extraordinary precautions are required to preserve and protect effectively that record from both normal and unusual hazards, present and potential.
17-332 Vital Contract and Grant Records
No contract and grant records have been pre-identified as vital records in the University Records Disposition Schedules Manual. However, it is the responsibility of an individual department to review its inventory of records in relation to the "Criteria for Identification of Vital Records" set forth inRMP-4, Vital Records Protection, to identify records that are vital and to advise the Records Management Coordinator at that location of the identity of the vital record and the type of protection given to it (seeRMP-4, Section VI, Selection of Methods of Protection).
17-340 Microfilm
Pursuant to Business and Finance Bulletin RMP-6, Microfilm Guidelines, it may be appropriate to produce and/or maintain University records on microfilm. It should be noted that microfilmed records are subject to all legal and policy restrictions concerning access to and privacy of records and to the University Records Disposition Schedules Manual. Before any contract or grant records are produced or converted to microfilm, the University's Microfilm Guidelines in RMP-6 should be considered.
Chapter 17-400: Minimizing Externally Imposed Paperwork Burdens
Paperwork burdens imposed on the University's administrative systems by external sponsors through contract and grant terms and conditions should be minimized.
Paperwork burden is the total time, effort, and cost required to satisfy an information collection requirement or request. The burden goes beyond the effort required to complete a particular form, and includes the effort required to review and understand the requirement or request, to develop systems for collecting and locating materials or information, to carry out inspections or observations to obtain information, to organize and format information, to maintain, update, report, and store the information, and to review the accuracy of information. Such burdens appear not only as clearly identified reporting requirements, but as regulatory requirements to develop and maintain information systems.
17-410 Contract and Grant Officer Responsibility to Minimize Externally Imposed Paperwork Burdens
It is the responsibility of Contract and Grant Officers:
a. to be aware that externally imposed paperwork burdens, as defined in Section 17-400, are a significant consideration in carrying out their duties in various procurement and assistance processes;
b. to minimize such burdens imposed upon the University and its personnel by external sponsors; and
c. to preclude the imposition through extramural awards of any such burdens with which the University is unable or unwilling to comply.
In order to carry out these responsibilities, Contract and Grant Officers should review all documents related to proposed procurement or assistance awards to determine the extent and acceptability of the related paperwork burden, and as appropriate, exercise all reasonable efforts and rights available to the University to minimize such burdens. (See Section 17-F01.)
In addition, OP RPAC responsibility for reviewing and developing responses to
Federal Register items, described at
Chapter 10-413 of this
Manual, includes consideration of the related federal paperwork burdens.
Chapter 17-999: Related University References
Business and Finance BulletinRMP-1, University Records Management Program
- Business and Finance Bulletin RMP-2, Records Retention and Disposition
- Business and Finance Bulletin RMP-3, Forms Management Guidelines
- Business and Finance Bulletin RMP-4, Vital Records Protection
- Business and Finance Bulletin RMP-5, Records Retention Program for Financial Documents Pertaining to Federal Awards to the University
- Business and Finance Bulletin RMP-6, Microfilm Guidelines
- Business and Finance Bulletin RMP-7, Privacy of and Access to Information Responsibilities
- Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information
- Business and Finance Bulletin RMP-9, Guidelines for Access to University Personnel Records by Governmental Agencies
- Business and Finance Bulletin RMP-10, Instructions for Responding to a Subpoena
- Business and Finance Bulletin RMP-11, Student Applicant Records
- Business and Finance Bulletin RMP-12, Guidelines for Assuring Privacy of Personal Information in Mailing Lists and Telephone Directories
- Academic Personnel Manual Section 020, University Regulation Series No. 4, Special Services to Individuals and Organizations
- Records Disposition Schedules Manual
External Requirements Federal
17-F01 Federal Paperwork Reduction Act - 44 U.S.C. Chapter 35;
Implementing Regulation
5 CFR Part 1320
Purpose
The primary purpose of the Federal Paperwork Reduction Act (FPRA) includes:
(1) minimize the paperwork burden for individuals, small businesses, educational and nonprofit institutions, Federal contractors, State, local and tribal governments, and other persons resulting from the collection of information by or for the Federal Government;
(2) ensure the greatest possible public benefit from and maximize the utility of information created, collected, maintained, used, shared and disseminated by or for the Federal Government;
(3) coordinate, integrate, and to the extent practicable and appropriate, make uniform Federal information resources management policies and practices as a means to improve the productivity, efficiency, and effectiveness of Government programs, including the reduction of information collection burdens on the public and the improvement of service delivery to the public;
………
(8) ensure that the creation, collection, maintenance, use, dissemination, and disposition of information by or for the Federal Government is consistent with applicable laws, including laws relating to--
(A) privacy and confidentiality, including section 552a of title 5;
(B) security of information, including the Computer Security Act of 1987 (Public Law 100-235); and
(C) access to information, including section 552 of title 5;
Applicability
This Act applies generally to all federal executive and military agencies and departments. Government-owned contractor-operated facilities are specifically exempt.
The Act covers all "collection of information" activities when an agency obtains or solicits information from ten or more persons. Collection of information activities include federal agency requirements or requests which:
(A) means the obtaining, causing to be obtained, soliciting, or requiring the disclosure to third parties or the public, of facts or opinions by or for an agency, regardless of form or format, calling for either--
(i) answers to identical questions posed to, or identical reporting or recordkeeping requirements imposed on, ten or more persons, other than agencies, instrumentalities, or employees of the United States; or
(ii) answers to questions posed to agencies, instrumentalities, or employees of the United States which are to be used for general statistical purposes; Such requirements or requests include:
--written forms, schedules or questionnaires;
--regulations, policy statements or instructions;
--contracts, agreements, RFPs, procurement requirements; or
--oral communications.
See 5 CFR Part 1320.3 for specific applicability and exceptions. LEAD AGENCY Office of Management and Budget
Summary of Provision
Agencies shall not engage in a collection of information without obtaining an OMB approval and displaying a currently valid OMB control number and expiration date. Control numbers must be displayed on all federal forms and in federal regulations that include a collection of information requirement. (If the collection falls outside the scope of the FPRA because it is directed to nine or fewer persons, potential respondents must be so informed.) To obtain OMB approval, the collection must:
(1) be the least burdensome necessary for the proper performance of the agency's function;
(2) be not duplicative of information otherwise accessible to the agency; and
(3) have practical utility. “The agency shall also seek to minimize the cost to itself of collecting, processing, and using the information, but shall not do so by means of shifting disproportionate costs or burdens onto the public.”The public shall have opportunities to participate in and provide comments during the OMB collection of information clearance and approval process. UNIVERSITY IMPLEMENTATION Contract and Grant Manual, Sections 17-400 and 17-410.
External Requirements Federal
17-F02 Federal Privacy Act of 1974
Implementing Regulations
OMB Privacy Guidance
OMB Circular No. A-130, Management of Federal Information Resources, Appendix I, "Federal Agency Responsibilities for Maintaining Records About Individuals"
FAR Part 24, Protection of Privacy and Freedom of Information, and FAR Clauses 52.224-1, Privacy Notification, and 52.224-2, Privacy Act Individual federal agency regulations
Purpose
The Federal Privacy Act of 1974 is intended to assure that personal information about individuals collected by federal agencies is limited to what is authorized and necessary and is maintained in a manner that precludes unwarranted intrusions upon individual privacy.
Lead Agency
Office of Management and Budget
Summary of Provisions
Records under Federal Contracts:
a. Applicability
The applicability provision of the Federal Privacy Act for federal government contractors is the definition of “record” in 5 USC 552(a), which includes:
(2) "record" and any other term used in this section in reference to information include
(A) any information that would be an agency record subject to the requirements of this section when maintained by an agency in any format, including an electronic format; and
(B) any information described under subparagraph (A) that is maintained for an agency by an entity under Government contract, for the purposes of records management.
Subsection (m) of the Act stipulates that “systems of records operating under contract or, in some instances, State or local governments operating under Federal mandates by or on behalf of the agency ….to accomplish an agency function are subject to provisions of Section 3 of the Act.”
When an agency provides by a contract for the operation of a system of records by or on behalf of the agency to accomplish an agency function, the agency applies the requirement of this section to be applied to such system.
OMB Privacy Guidance, which provides federal agencies with implementing guidelines for the Federal Privacy Act, clarifies the Act's applicability language as follows:
Not only must the terms of the contract provide for the operation (as opposed to design) of such a system, but the operation of the system must be to accomplish an agency function. This was intended to limit the scope of coverage to those systems actually taking the place of a Federal system which, but for the contract, would have been performed by an agency and covered by the Privacy Act.
Additional information and background regarding the applicability of the Privacy Act to the University is provided via RPAC Contract and Grant Memo.
b.Summary of Provisions
For those federal contracts to the University that are covered by the Federal Privacy Act, the Act's requirements and standards are lengthy and complex. Contracts and Grants Officers should work closely with their local Coordinators of Information Practices to assess and understand the applicable provisions of the Privacy Act on a case-by-case basis.
For your information, provisions of the Federal Privacy Act generally concern:
(1) identification of systems of records and assessment of the appropriateness of information contained in such records,
(2) public notification of the existence and description of systems of records,
(3) the appropriate sources of information about individuals and the individuals' right to know the source of information,
(4) requirements to inform individuals about their rights and obligations when collecting information from such individuals,
(5) disclosure and protection of records on individuals, (6) maintenance of records on disclosure,
(7) accuracy and fairness of information in records,
(8) access to and correction of records by the individual about whom the record pertains,
(9) obligation to notify record reviewers of amendments to or disputes about records,
(10) flow down of Privacy Act provisions to subcontractors,
(11) records' employee training, and
(12) civil and criminal sanctions for violations of provisions.
c. Primary University Responsibility
Contract and Grant Officers should not accept any contract provision that requires the University to comply with the provisions of the Federal Privacy Act of 1974 in accordance with the University's policy implementation as discussed in the following Section.
The Office of General Counsel is responsible for reviewing any contract document that includes provisions of the Federal Privacy Act.
More generally, the responsibility to assure that the University comply with general requirements of the Federal Privacy Act, when it is applicable, is shared by numerous University personnel at all levels. An overview of such responsibilities is presented in Section 17-S01.
d. University Implementation
In general, primary University guidance regarding the Federal Privacy Act is found in Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information. Additional procedural guidance for Contract and Grant Officers is provided via Contract and Grant Memo.
Any contract provision making the University subject to the Federal Privacy Act of 1974 is unacceptable unless the Statement of Work sets out in specific terms that the University assumes a function of the Federal sponsoring agency in designing, developing, or operating a system of records on individuals. If it has been determined that the University is indeed undertaking in a contract an obligation to operate on behalf of a Federal agency a "system of records to accomplish an agency function," the inclusion of a Federal Privacy Act clause would thereby become acceptable in principle. Such a clause should, however, also contain language that limits the obligation of the University, in complying with the Federal Privacy Act, to the scope and terms of the contract being entered into. It is important to avoid language that would extend the University's agreement to the terms of the Federal Privacy Act beyond the scope of work of the contract. In addition, it is desirable that the contract language clearly specify measures required of the University to comply with the privacy of information requirements.
Any contract that does include a Federal Privacy Act clause should be submitted to the Office of the General Counsel for review prior to execution (see Chapter 13, Section 13-332, of this Manual).
Social Security Numbers:
a. Applicability
The Federal Privacy Act does pertain to the University in relation to use of social security numbers.
Provisions of the Federal Privacy Act regarding use of social security numbers are summarized in Section III of Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information.
While the Federal Privacy Act does limit the University's authority to require employees to disclose to the University their social security numbers and limits the University's use of those numbers, the Act does not prohibit the University from disclosing social security numbers in its records to governmental agencies that have a statutory right to obtain them. These agencies should offer evidence of the law upon which they rely.
c. Primary University Responsibility
The responsibility to assure that the University complies with the social security number related provisions of the Federal Privacy Act is shared by numerous University personnel as outlined in Business and Finance Bulletin RMP-7, Privacy of and Access to Information Responsibilities. An overview of the assignment of these responsibilities is presented under Primary University Responsibility, Section 17-S01.
d. University Implementation
The University has issued its implementation of the Federal Privacy Act regarding the use of social security numbers in Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information. In addition, Exhibit A to RMP-8 provides three sample Federal Privacy Notices for use by University personnel when requesting social security numbers under various circumstances as prescribed by the Federal Privacy Act
Implementing Regulation
5 USC 552
Purpose
The Freedom of Information Act (FOIA) provides for public access to records of federal agencies. Under the FOIA, federal agencies must make agency records available to the public, unless the records fall into certain narrow exemptions.
Applicability
a. General
The provisions of the federal FOIA apply to records of federal agencies. Regarding the applicability of FOIA provisions to grantee records, the U.S. Supreme Court in Forsham v. Califano, 587 F.2d 1128 (D.C. Cir. 1978) held that:
Written data generated, owned, and possessed by a privately controlled organization receiving Federal study grants are not agency records within the meaning of the Act when copies of those data have not been obtained by a Federal agency subject to the FOIA. Federal participation in the generation of the data by means of a grant from HEW does not make the private organization a Federal 'agency' within the terms of the Act....
Grants of federal funds generally do not create a partnership or joint venture with the recipient, nor serve to convert the acts to governmental acts absent extensive, detailed, and virtually day-to-day supervision. Thus, records held by a grantee are not generally subject to the FOIA. Even records held by the recipient of a federal cooperative agreement are generally not covered by the FOIA, since the requisite "extensive, detailed, and virtually day-to-day supervision" of the federal agency over the recipient, which may require that recipient records be considered agency records, is usually not present.
However, any University record actually transferred to a federal agency becomes an agency record subject to the FOIA. Such University records in the possession of a federal agency would, therefore, be available for public access. The FOIA, however, does authorize (though does not mandate) agencies to withhold certain agency records that fall into the FOIA's exemption categories.
b. Extramural Sponsored Projects Proposals
University proposals submitted to extramural federal sponsors become agency records under the FOIA. Federal agencies may, however, apply FOIA Exemption 4 to such proposals (or to portions of such proposals), thus protecting them from public access.
Exemption 4 of the Act concerns matters that are "trade secrets and commercial or financial information obtained from a person and [that are] privileged or confidential."
c. Extramural Awards
Award documents in the custody of a federal agency are subject to the FOIA. Agencies typically do not consider such documents protected under Exemption 4 of the FOIA and routinely release such documents to the public upon request.
Implementing Regulation
Each federal agency has developed its own implementing regulations.
Summary of Provisions
University records are not directly covered by the FOIA. Generally, the Act provides for public access to federal records, comparable, but not identical in its coverage to public access requirements of the California Public Records Act (see Section 17-S01).
Primary University Responsibility
Contracts and Grants Officers must be aware that any records transferred to a federal agency will be available for release to the public under the FOIA and, even though the records may fall under a FOIA exemption, federal agencies are not precluded from disclosing exempted records. Interpretations of exemption criteria may vary from agency to agency. More generally, the responsibility to ensure that the University protects its records from inappropriate release under the FOIA is shared by numerous University personnel at all levels. An overview of such responsibilities is presented under Primary University Responsibility, Section 17-S01.
University Implementation
Because University records are not directly covered by the FOIA, no specific University implementation has been issued.
External Requirements Federal
17-F04 2 CFR 215, Uniform Administrative Requirements for Grants and Agreements with Institutions of Higher Education, Hospitals, and Other Non-Profit Organizations (OMB Circular A-110), Section 215.53, Retention and Access Requirements for Records
Purpose
The purpose of OMB Circular A-110, Section 215.53, is to set forth criteria and procedures to be followed by federal sponsoring agencies in requiring recipients to maintain and retain grant and cooperative agreement records.
Applicability
The standards promulgated in Section 215.53, are applicable to all federal agencies in their administration of grants to, and other agreements with, public and private institutions of higher education, public and private hospitals, and other quasi-public and private non-profit organizations. The term "other agreements" does not include procurement contracts, but does include cooperative agreements.
Summary of Provisions
The following is the complete text of Section 215.53, Retention and Access Requirements for Records:
215.53 Retention and access requirements for records.
(a) This section sets forth requirements for record retention and access to records for awards to recipients. Federal awarding agencies shall not impose any other record retention or access requirements upon recipients.
(b) Financial records, supporting documents, statistical records, and all other records pertinent to an award shall be retained for a period of three years from the date of submission of the final expenditure report or, for awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, as authorized by the Federal awarding agency. The only exceptions are the following.
(1) If any litigation, claim, or audit is started before the expiration of the 3-year period, the records shall be retained until all litigation, claims or audit findings involving the records have been resolved and final action taken.
(2) Records for real property and equipment acquired with Federal funds shall be retained for 3 years after final disposition.
(3) When records are transferred to or maintained by the Federal awarding agency, the 3- year retention requirement is not applicable to the recipient.
(4) Indirect cost rate proposals, cost allocations plans, etc. as specified in paragraph Sec. 215.53(g).
(c) Copies of original records may be substituted for the original records if authorized by the Federal awarding agency.
(d) The Federal awarding agency shall request transfer of certain records to its custody from recipients when it determines that the records possess long term retention value. However, in order to avoid duplicate recordkeeping, a Federal awarding agency may make arrangements for recipients to retain any records that are continuously needed for joint use.
(e) The Federal awarding agency, the Inspector General, Comptroller General of the United States, or any of their duly authorized representatives, have the right of timely and unrestricted access to any books, documents, papers, or other records of recipients that are pertinent to the awards, in order to make audits, examinations, excerpts, transcripts and copies of such documents. This right also includes timely and reasonable access to a recipient's personnel for the purpose of interview and discussion related to such documents. The rights of access in this paragraph are not limited to the required retention period, but shall last as long as records are retained.
(f) Unless required by statute, no Federal awarding agency shall place restrictions on recipients that limit public access to the records of recipients that are pertinent to an award, except when the Federal awarding agency can demonstrate that such records shall be kept confidential and would have been exempted from disclosure pursuant to the Freedom of Information Act (5 U.S.C. 552) if the records had belonged to the Federal awarding agency.
(g) Indirect cost rate proposals, cost allocations plans, etc. Paragraphs (g) (1) and (g) (2) apply to the following types of documents, and their supporting records: indirect cost rate computations or proposals, cost allocation plans, and any similar accounting computations of the rate at which a particular group of costs is chargeable (such as computer usage chargeback rates or composite fringe benefit rates).
(1) If submitted for negotiation. If the recipient submits to the Federal awarding agency or the subrecipient submits to the recipient the proposal, plan, or other computation to form the basis for negotiation of the rate, then the 3-year retention period for its supporting records starts on the date of such submission.
(2) If not submitted for negotiation. If the recipient is not required to submit to the Federal awarding agency or the subrecipient is not required to submit to the recipient the proposal, plan, or other computation for negotiation purposes, then the 3-year retention period for the proposal, plan, or other computation and its supporting records starts at the end of the fiscal year (or other accounting period) covered by the proposal, plan, or other computation.
Primary University Responsibility
The Office the General Counsel, Office of Public Records, publishes guidance on access to University records. Each campus and LBNL has Information Practices Coordinators responsible for guidance and responses to records requests to campuses. OP Information Technology Services is responsible for University policies on records management and privacy.
University Implementation
University records retention requirements are contained in the Records Disposition Schedules Manual.
External Requirements State
17-S01 California Public Records Act
Implementing Regulation
State of California Government Code 6250 et seq.
Purpose
The California Public Records Act declares that access to information concerning the conduct of the people's business is a fundamental and necessary right of every person in the State. Unless exempted, public records are open to inspection at all times during the regular office hours, and are subject to inspection and copying by every person except as provided in the Act (Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information).
Applicability
The California Public Records Act applies to the University.
Summary of Provisions
a. The California Public Records Act defines public records as:
any writing containing information relating to the conduct of the public's business prepared, owned, used, or retained by any state or local agency regardless of physical form or characteristics.
……………………
"Writing" means any handwriting, typewriting, printing, photostating, photographing, photocopying, transmitting by electronic mail or facsimile, and every other means of recording upon any tangible thing any form of communication or representation, including letters, words, pictures, sounds, or symbols, or combinations thereof, and any record thereby created, regardless of the manner in which the record has been stored.
The Act provides that such records are open to inspection at all times during the office hours of the University and every person has a right to inspect any public record, with some exceptions as discussed below.
b. Right to Copy of Public Records; Time Limits
The following coverage is from Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, Section VI.B.2.
Any person may receive a copy of any identifiable public record or copy thereof. The University is required to determine within 10 days after receipt of a records request whether or not to comply with the request and to notify the person making the request of such determination and the reasons therefore. In unusual circumstances, as specified below, the time limit may be extended by written notice to the person making the request. The notice will set forth the reasons for the extension and the date on which a determination is expected to be dispatched. No notice shall specify a date that would result in an extension for more than 10 working days. "Unusual circumstances" means:
(1) The need to search for and collect the requested records from field facilities or other establishments that are separate from the office processing the request.
(2) The need to search for, collect, and appropriately examine a voluminous amount of separate and distinct records that are demanded in a single request.
(3) The need for consultation, which shall be conducted with all practicable speed, among two or more components of the University having substantial subject matter interest therein.
c. Denial of Request for Records
The following coverage is from Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, Section VI.B.3.
Any notification of denial of any request for records shall set forth the names and titles or positions of each person responsible for the denial.
d. Fees for Copies
The following coverage is from Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, Section VI.B.4.
A fee may be charged for copies of records, or information produced therefrom, covering the direct costs of duplication.
e. Records Exempt from Disclosure Requirements
Business and Finance Bulletin RMP-8, Section VI.C., provides a summary of those types of records for which there are statutory exemptions from the California Public Records Act disclosure requirements. The following exemptions may be of particular interest to Contracts and Grants Officers:
Preliminary drafts, notes, or inter-agency or intra-University memoranda not retained by the University in the ordinary course of business, provided that the public interest in withholding those records clearly outweighs the public interest in disclosure.………………….
The University may withhold any records for which it can be demonstrated that the public interest served by not making the record public clearly, not minimally, outweighs the public interest served by disclosure of the record. The interest of the public and not just the interest of the University is to be considered. Generally speaking, campus Information Practices Coordinators and/or the Office of the General Counsel should be consulted to determine whether or not in fact a public interest argument can be defended in relation to a particular record. It should be noted, however, that under the Act, once the University discloses a public record that is otherwise exempt from the provisions of the Public Records Act to any member of the public, that disclosure generally shall constitute a waiver of the exemptions for that document or type of document.
Lead Agency
The State of California Office of the Attorney General
Primary University Responsibility
The responsibility to assure that the University complies with the complex and broad requirements of the California Public Records Act is shared by numerous University personnel as outlined in Section IV of Business and Finance Bulletin RMP-7, Privacy of and Access to Information Responsibilities. OP Information Technology Services has universitywide policy responsibility for records and information practices, including records retention and destruction, privacy of information, and access to information. Policy development is coordinated by the University Records Management Committee.
The Office of the General Counsel (OGC) provides guidance, as appropriate, on overall records privacy and access policy and procedural guidance to campuses, LBNL, and Office of the President, as well as liaison with the State Office of Information Practices. Within OGC, the Office of Public Records oversees disclosure of Office of the President records’ requests. As stated in RMP-7,
(1) Chancellors, Laboratory Director, the Executive Vice President—Business Operations, and the Vice President--Agriculture and Natural Resources are responsible for ensuring that departments and other units under their respective jurisdictions comply with all records privacy and access requirements. To facilitate this responsibility, and because of the complexity of the task of implementing access and privacy requirements and the likelihood of lawsuits if requirements are not met, each of these officers appoints an administrator as Coordinator of Information Practices.
(2) The local Coordinators of Information Practices are responsible for developing privacy and access guidelines, and for providing technical and practical assistance to all offices at their location. To assure that local records procedures and practices are consistent with University policies and federal and State laws, the Coordinators are responsible for liaison with the Office of the President Coordinator of Information Practices and Special Projects.
Business and Finance Bulletin RMP-7, Privacy of and Access to Information Responsibilities, provides a detailed listing of specific responsibilities of local Coordinators.
University Implementation
The basic University implementation of the California Public Records Act is issued in Section VI of Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information.
See additional coverage on University implementation of the Act specific to research administration in Section 17-112 on public access to extramural proposals; Section 17-113 on public access to extramural awards; and Section 17-114 on public access to Contract and Grant CGX reports.
External Requirements State
17-S02 California Information Practices Act of 1977 (IPA)
Implementing Regulation
State of California Civil Code Section 1798, et seq.
Purpose
The IPA is an omnibus-type statute that is intended to balance the competing interests of access to public records held by the State government and the right to privacy of individuals.
Applicability
The IPA applies to all information about an individual collected and maintained by State agencies, including the University. It does not, however, apply to student records, i.e., those records pertaining to an individual directly in his or her capacity as a student (see Business and Finance Bulletin RMP-11, Student Applicant Records).
Summary of Provisions
The IPA provisions are outlined in Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information.
The IPA originally defined three categories of information (confidential, personal, and nonpersonal) for which different standards of privacy and access were established. Recent amendments to the IPA have altered or deleted these three categories. Nevertheless, University policy continues to classify information as confidential, personal, or nonpersonal. In addition, University policy establishes a special category of confidential academic review records.
a. Confidential Information
See Section VII.B.1. of Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information, for a list of the kinds of information that are considered confidential.
b. Confidential Academic Review Records
The University has defined a special category of information pertaining to confidential academic review records. This category pertains to academic evaluations and letters of recommendation. Access to this type of information is specially controlled both for the individual to whom the information pertains and to all third parties. Academic Personnel Manual Sections 160-20-c and160-20-d define these access rights.
c. Nonpersonal information
is limited factual data which could not, in any reasonable way, reflect or convey anything detrimental, disparaging, or threatening to an individual's reputation, rights, benefits, privileges, or qualifications. The University has determined that the following information about University employees is nonpersonal:
(1) Name.
(2) Date of hire or separation.
(3) Current position title.
(4) Current rate of pay.
(5) Organization unit assignment, including office address and telephone number. (6) Current job description.
(7) Full time or part time, and career, casual or probationary status.
(8) Additional employment information may be required to be released to the public as determined by the General Counsel and the Senior Vice President--Business and Finance.
Non personal information is available to any person upon request as well as to the individual about whom the information pertains. (See Sections VII.B.3. and VII.G.1. of Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information.)
d. Personal information is information, except that which is determined to be confidential, confidential academic, or nonpersonal as discussed above, that identifies or describes an individual and the disclosure of which would constitute an unwarranted invasion of personal privacy, including, but not limited to:
(1) Birthdate
(2) Citizenship
(3) Social security number
(4) Home address and telephone number
(5) Income tax withholding
(6) Staff performance evaluations or letters of corrective actions
(7) Spouse's or other relatives' names
Generally, personal information is not available to the public upon request, nor to University employees who do not have a need for such information, but is available to the individual to whom the information pertains.
Lead Agency
California Office of Privacy Protection
Primary University Responsibility
The responsibility to assure that the University complies with the requirements of the IPA is shared by numerous University personnel as outlined in Business and Finance Bulletin RMP-7, Privacy of and Access to Information Responsibilities. An overview of the assignment of these responsibilities is presented under Primary University Responsibility, Section 17-S01.
University Implementation
The basic University implementation of the State of California Information Practices Act of 1977 is issued in Section VII of Business and Finance Bulletin RMP-8, Legal Requirements on Privacy of and Access to Information. Additional guidance is contained in Business and Finance Bulletins RMP-9, Guidelines for Access to University Personnel Records by Governmental Agencies; RMP-11, Student Applicant Records; and RMP-12, Guidelines for Assuring Privacy of Personal Information in Mailing Lists and Telephone Directories.
University of California Academic Personnel Manual, Section 160, Academic Personnel Records/Maintenance of, Access to, and Opportunity to Request Amendment of, and Appendix A, Supplemental Information Regarding Academic Policy Including Interpretive Material Regarding the Need for 'Confidential Academic Review Records' and Provisions for Procedural Safeguards Designed to Assure Fairness in the Academic Personnel Process.
University of California Personnel Policies for Staff Members, 80.
Staff Personnel Records.
