The University is obligated by law and as a steward of the public trust to protect confidential information, such as patient medical records, employee personal information, and research participant data. At times, technical methods for protecting data, such as scanning or filtering e-mail, conflict with University principles expressed in the Electronic Communications Policy (ECP), such as the affirmation that the University does not monitor electronic communications without the holder's consent. Given this conflict and our obligations, the University must develop and issue clear guidance about data protection and legal compliance in the context of individual privacy and freedom of expression.

– Mark G. Yudof
UC President