The UCO/Lick webserver mantains verbose logs that record webpage "hits." The contents of our access logs are as follows:

128.114.22.149 - - [06/Jul/2001:11:22:47 -0700] "GET /htdig/search.html HTTP/1.0" 200 898 
128.114.22.149 - - [06/Jul/2001:11:22:47 -0700] "GET /htdig/htdig.gif HTTP/1.0" 200 1822

These particular log entries show the requestor's IP address, the date the request was made, and the webpage that was requested. In this case, the IP address was my personal workstation (stonerose.ucolick.org), and the page requested was the old UCO/Lick search webpage, and its associated graphic.

This information could be used to track usage patterns of individual users within our webserver. Note that this does not cover any web usage outside the use of the UCO/Lick webserver; we do not log web usage beyond our own webserver.

Existing documentation:

The UCOP Electronic Communications Policy document, Section IV, Privacy and Confidentiality.

Specifically, we are interested in part C, Privacy Protections. The item 1c reads as follows:

"Electronically Gathered Data. Except when otherwise provided by law, users of University electronic communications systems and services shall be informed whenever personally identifiable information other than transactional information (see Appendix A, Definitions) will be collected and stored automatically by the system or service."

The linked appendix entry reads as follows:

"Transactional Information: Information, including electronically gathered information, needed either to complete or to identify an electronic communication. Examples include but are not limited to: electronic mail headers, summaries, addresses and addressees; records of telephone calls; and IP address logs."

UCOP's policy provides us with these two conclusions:

  1. We do not need to inform our users that any access on our webserver is logged, as the logs we maintain clearly fall under the "Transactional Information" category, which is exempted by the language from Section IV of the UCOP Electronic Communications Policy.

  2. There is no specific language related to the disclosure of Transactional Information.

With that in mind, UCO/Lick will follow this additional privacy statement:

Any analysis or publication of the Transactional Information (as defined in the UCOP Electronic Communcations Policy) contained in the log files generated by the UCO/Lick webserver shall not reproduce log content in such a way that allows the reader to determine which IP address(es) accessed which document(s).

--Kyle Lanclos
UCO/Lick NICS
July 9, 2001

AboutUs/Policy/WebLogs (last edited 2007-02-17 01:06:25 by KyleLanclos)