COUNCIL From the Communications Committee

A Revised Proposal for discussion at the February 9 Forum


Important Note:

The Proposed Privacy Policy which appears below has been modified. The most recent version of this policy, For Comment, may be seen at Almanac Between Issues, May 18, 2000.

 The Revised Proposed Privacy Policy below is for discussion at the University Council Open Forum on Wednesday, February 9. It has been modified from the version discussed at Council on January 19 [] on the basis of questions raised at that meeting and several subsequent messages to me (whose authors I thank) and meetings. The major substantive changes are:

  • II. B. Faculty has been rewritten to remove some ambiguities.
  • II. D. Students has been modified to include a clearer statement of standards of cause and substantially broadened notification provision.
  • II. E. Multiple Affiliation has been added to address such cases, for example students who are also employed by the University.
  • It is suggested in the Appendix that those who wish to avoid accidental disclosure of their e-mail use encryption.

It is our intention that when the policy, modified further if necessary, is published for promulgation it be accompanied by an article that expands on various issues related to the policy. This article has not yet been drafted, but our plans for it include the following headings:

  • Reiterate risks of accidental disclosure of e-mail and advice.
  • Encourage use of encryption to protect e-mail from accidental disclosure.
  • The pros and cons of using a commercial Internet Service Provider rather than the University.
  • Best practices for access to e-mail during employee absence/illness.
  • Recommended practices when password-protected screen-savers are used.
  • An example of how to handle the need to access files in someone's e-mail account. (for System Administrators)
  • But what if I come across something illegal in the course of my normal duties? (You have an obligation to report it.)
  • How do I know if I'm authorized?

Suggestions for additional topics that should be included will be welcomed.

--Martin Pring, Chair, Council Committee on Communications

Revised Proposed Policy on Privacy in the Electronic Environment

(Revised February 4, 2000)

I. Preliminary Observations

The University affirms that the mutual trust and freedom of thought and expression essential to the academic mission of a university rest on an expectation of privacy, and that the privacy of those who work, study, teach, and conduct research in a university setting will be respected. The University recognizes that as faculty, staff and students create, use and store more information in electronic form, there is growing concern that information the user or creator considers private may be more vulnerable to invasion than information stored in more traditional media. This policy is intended to highlight some general principles that should help to define the expectations of privacy of those in the University community. While no document addressing the fluid issue of technology can be exhaustive or inflexibly dictate outcomes in all circumstances, this policy attempts to articulate current practices and provide guidance, so that individuals may make informed and appropriate decisions concerning their various interactions in the electronic environment.

Before addressing these issues, it should also be noted that in carrying out their operations, various departments of the University accumulate information about members of its community, e.g., for purposes of payroll, employment or enrollment. Data are also created, though not necessarily compiled or retained on a personally identifiable basis, as an incident to the use of technology, e.g., the charging of purchases on Penn Card or the borrowing of library books. The University does not condone disclosure or release of such personal information stored or transmitted through University systems, except for legitimate University purposes as outlined in this policy.

Those responsible for maintaining the University's computers and electronic networks have an important and special responsibility to recognize when they may be dealing with sensitive or private information. They may access such information without obtaining higher level approval, but only when necessary to fulfill their official responsibilities, and they are expected to carry out their duties in ways that are not unreasonably intrusive. They will be subject to disciplinary action if they misuse their access to personally identifiable data or to individuals' personal files, e-mail and voice mail or otherwise knowingly act in ways counter to University policies and applicable laws.

Finally, this policy should be understood in light of the many other University policies and laws that bear on individuals' rights to privacy and the institution's responsibilities with respect to information in its possession about individuals. Examples of applicable laws include the Family Educational Rights and Privacy Act of 1974 (the "Buckley Amendment"), the Electronic Communications Privacy Act of 1986, and medical records regulations promulgated under the Health Insurance Portability and Accountability Act of 1996. Examples of applicable University policies include the Acceptable Use Policy for the Electronic Environment, Administrative Computing Security Policy, Policy for Closed Circuit Television Monitoring and Recording of Public Areas for Safety and Security Purposes and policies on Records Confidentiality and Safeguarding University Assets.

II. Policy on Information Created, Stored or Transmitted Through University Electronic Media

A. In General:

The University provides computers, computer and e-mail accounts, networks and telephone systems to faculty members, staff and students for the purpose of furthering the University's academic mission and conducting University business. While incidental and occasional personal use of such systems, including e-mail and voice mail, is permissible, personal communications and files transmitted over or stored on University systems are not treated differently from business communications; there can be no guarantee that such personal communications will remain private or confidential (see Appendix).

As is the case for information in non-electronic form stored in University facilities, the University's need for information will be met in most situations by simply asking the author or custodian for it. When questions arise about access, review or release of information, the University commits to treat electronic information no differently from non-electronic information. However, the University reserves the right, in cases when it is appropriate, to access, review and release electronic information that is transmitted over or stored on University systems.

For example, properly authorized University officials including the Office of Audit and Compliance and the Information Security Officer may access e-mail, voice mail or computer accounts in cases of alleged research misconduct, plagiarism, harassment, violations of law or University policies, when necessary to maintain the integrity of University computing systems or to comply with judicial or regulatory mandates.

B. Faculty:

The University has the utmost respect for the freedom of thought and expression that are at the core of Penn's academic mission. Whenever possible, therefore, the University will resolve any doubts about the need to access a University computer or other systems in favor of a faculty member's privacy interest. There are situations, however, in which the University or others legitimately may require access to information that is created, stored, transmitted or received by members of the faculty through the University's facilities. In such cases, computer files, e-mail and voice mail created, stored, transmitted or received by faculty will be afforded the same level of privacy as the contents of their offices. The Policy on Safeguarding University Assets governs access to faculty records in connection with investigations carried out by the University's Office of Audit and Compliance, and provides for prior consultation with the Provost and Faculty Senate and for notifying the subject of a search of any files or materials taken during an investigation. Except as may otherwise be dictated by legal requirements, the procedures outlined in that policy will be followed with respect to a faculty member's computer files, e-mail or voice mail in connection with other investigations or proceedings.

C. Staff:

It is generally not University policy to access staff members' electronically stored information. As noted above, the University's need for information will normally be met by asking an employee for it. Properly authorized University officials, including supervisors acting with the consent of their management, may, however, access, review and release the contents of staff computer files, e-mail or voice mail transmitted over or stored on University systems when, for example, an employee is absent or has left the University and the information is not available elsewhere, or in other situations in which it is necessary if the ordinary business of the University is to proceed. In more complicated situations--where, for example, a supervisor believes University resources are being misused--he or she should consult with senior administrators, the Division of Human Resources, or the Office of General Counsel concerning the Policy on Safeguarding University Assets.

D. Students:

Students are provided e-mail and computer accounts for use primarily in connection with their academic activities. While the University does not generally monitor or access the contents of a student's e-mail or computer accounts, it reserves the right to do so. However, access to and disclosure of a student's e-mail messages and the contents of his or her computer accounts may only be authorized by the Dean of the student's School or his/her designate, the Office of Student Conduct, the Office of General Counsel, or the Office of Audit and Compliance, upon a good faith belief that such action serves a legitimate University purpose. Ordinarily, a student will be notified of access to, or disclosure of the contents of his or her account

E. Multiple Affiliation:

Some individuals have multiple University affiliations (e.g. students employed by the University). When the need for access to information arises from a particular status, the provisions above for that status will be applied. In other cases, the provisions for the individual's primary status will be applied.

III. Violations of this Policy

Members of the University community who believe that this policy has been violated with respect to their privacy should attempt initially to resolve the issue within their unit or department, if necessary with the mediation of the leadership of their representative assembly or the University Ombudsman. Others who become aware of violations of this policy should report them to the University Information Security Officer, Office of General Counsel, Division of Human Resources or the Office of Audit and Compliance. Those who violate this policy may be subject to disciplinary procedures up to and including dismissal.

Appendix: Special Note on E-mail Privacy

Despite the best intentions of users and the University or other system operators, it is difficult, if not impossible, to assure the privacy of e-mail. E-mail is not a good medium to use for sensitive matters that you would not want disclosed. There are numerous ways that plain text e-mail may be disclosed to persons other than the addressee, including:

  • Recipient's address is mistyped; message is sent to someone else.
  • Recipient forwards e-mail to someone else.
  • Intruders break into e-mail system and read/disclose messages.
  • Despite owner's belief that s/he deleted it, e-mail continues to exist on computer hard drive or a copy is archived on tape backup; disclosure of such copies may be required in connection with judicial or administrative proceedings or government investigations.
  • E-mail is observed as it travels over public networks like PennNet and the Internet.

In addition, e-mail users may want to consider routinely or periodically deleting old messages, and encrypting personal messages. Systems administrators should consider shorter retention of backup tapes, consistent with data integrity requirements.

Posted 2/4/99