ETAC provides guidance on:
Student Technology Fee (STF)
Supports technologies used by a significant portion of UCSB’s student population.
STF funding application generally submitted by a central campus pedagogy or IT unit (i.e., Office of Teaching and Learning, Instructional Development, Information Technology Services, Letters & Science Information Technology, Engineering Computing Infrastructure, etc.).
Hybrid, Online and Technology-Enhanced (HOT) Grants
Support educational technology implementations at smaller scale (i.e., within a course or a group of courses in a department), enhancements to existing uses of educational technologies, or educational technology experiments. HOT funding applications may be submitted any time.
HOT grants can be submitted by a faculty member, department, or other representative.
Note that these are distinct from online course grants.
Approval Process for HOT Grants
Data Security and Risk Management
Educational technologies that access and/or expose student or employee data must be assessed for compliance with University of California data security and risk management guidelines. Instructors or departments applying for HOT funding must determine what level of risk is associated with usage of the technology.
The UC uses the following scale to determine levels of risk:
Protection Leve
Potential Business Impact
Examples (not an exhaustive list)
P4 – High
Institutional Information and related IT Resources whose unauthorized disclosure or modification could result in significant fines, penalties, regulatory action, or civil or criminal violations. Statutory, regulatory and contract obligations are major drivers for this risk level. Other drivers include, but are not limited to: the risk of significant harm or impairment to UC students, patients, research subjects, employees, guests/program participants, UC reputation related to a breach or compromise, the overall operation of the Location or essential services. (Statutory.)
- Financial aid information.
- Certain types of Personally Identifiable Information (PII)
- Human subject research data with individual identifiers.
P3 – Moderate
Institutional Information and related IT Resources whose unauthorized disclosure or modification could result in small to moderate fines, penalties or civil actions. Institutional Information of which unauthorized use, access, disclosure, acquisition, modification, loss or deletion could result in moderate
- Student records (FERPA).
- Certain types of Personally Identifiable Information (PII) – not classified as P4.
- Research results and supporting data
P2 – Low
Institutional Information and related IT Resources that may not be specifically protected by statute, regulations or other contractual obligations or mandates, but are generally not intended for public use or access. In addition, information of which unauthorized use, access, disclosure, acquisition, modification or loss could result in minor damage or small financial loss, or cause minor impact on the privacy of an individual or group. (Internal.)
- Routine email not containing P3 or P4 information.
- Calendar information not containing P3 or P4 information.
- Meeting notes not containing P3 or P4 information.
- Research using publicly available data.
P1 – Minimal
Public information or information intended to be readily obtainable by the public, but whose integrity is important and for which unauthorized modification is the primary protection concern. IT Resources for which the application of minimum security
- Public-facing informational websites.
- Public event calendars.
- Hours of operation.
- Parking regulations.
- Press releases.
Any educational technology tied to student data (names, perm numbers, grades) is considered P3. Instructors/departments must submit Appendix DS in order to authorize the use of educational technologies determined to be P3 or P4.
Appendix DS is completed as part of the contract negotiation with the service vendor. If the vendor does not approve the terms in Appendix DS, the terms must be reviewed by the campus CISO.