Dear YYY:

This email is in response to your request for additional information
regarding the privacy notice that I previously sent to you. A new
California law (SB 1386) became effective on July 1, 2003. This
law requires California organizations to notify individuals if computer
systems under their control, that contain personal information, have
possibly been accessed by unauthorized people.

In XXX, an unknown individual "hacked" into a small
departmental system in the XXX department at UC Berkeley. This
system had access to some patron information. Although our
campus security team could not find any evidence that records
containing personal information were stolen, we felt that individuals
should be notified in keeping with the spirit of the new law and
general good practice.

Department security throughout the campus is being improved on
a regular basis, and we regret that there is even the small possibility
that your personal information may have been compromised. By
being aware of this possibility you can guard against any potential
misuse of your information.

The person who is responsible for the system involved in this
incident is XXX. If you need additional details, please contact him.

XXX@berkeley.edu
510-642-YYYY

Regards,

Jack McCredie
Associate Vice Chancellor, Information Technology
Chief Information Officer
209 Evans Hall
University of California, Berkeley
Berkeley, CA 94720-3812
510-642-4096