Click for Philadelphia, Pennsylvania Forecast


COUNCIL Committee on Communications

Report to University Council
of the Findings from a
One-Year Review of the
Policy on Privacy in the
Electronic Environment

January 25, 2002

Background: The development of an Electronic Privacy Policy for the University was a multi-year project that began with a subcommittee appointed in 1994-95. Under the guidance of Dr. Martin Pring (past chair, Communications Committee) this policy was approved and the final version was published in Almanac (September 19, 2000). Dr. Pring provided an accompanying article on "Electronic Privacy in Practice," which interpreted aspects of the policy. The policy deals with information created, stored or transmitted through University Electronic Data Systems. It defines specific circumstances under which electronic records may be reviewed and by whom. It defines different levels of expected privacy for Faculty, Staff and Students. The impetus for this policy was not related to specific activities at the University but rather by a number of instances of interception of personal employee e-mail communications by private sector corporate employers the development of surveillance programs that could potentially compromise the concept of academic freedom. In addition, with the increasing use of e-mail, many data system administrators were seeking guidance with respect to the privacy of a user's files and messages.

Scope of review: This review was undertaken at the end of the first year of the policy's approval. The review was limited to this Policy on Privacy in the Electronic Environment. This policy has been confused with the Policy on Acceptable Use of Electronic Resources (Adopted 7/1/97) and current activities concerning the Privacy of Personal Information. These address very different concerns and are distinct in scope and character from the Electronic Environment Privacy Policy.

Methods: The chair of the Communications Committee contacted, by e-mail, all of the officers having a stated role in the interpretation, enforcement and appeal from the application of this policy. Public notices of this review soliciting Community input were placed in the Daily Pennsylvanian and in Almanac (two notice placements in each). The Communications Committee meeting of November 2, 2002, was devoted to a review of this policy. David Millar (University Information Security Officer) and Robert Terrell, Esq. (Office of the General Council) were present at this meeting. The committee meeting of December 14, 2002, continued discussion related to the review.

Findings: 1) The key offices involved with the implementation and interpretation of this policy are Information Security and the General Council. The Office of Audit and Compliance, the University Ombudsman, the Division of Human Resources, and the Office of the Vice Provost of University Life have had minimal to no involvement with this policy during its first year. 2) In practice requests for access are routed through the Information Security Officer. Access requests from outside the University require a subpoena. 3) There have been relatively few cases involving this policy. There have been no requests to examine e-mail. Most of the requests have involved files or logs. 4) David Millar reviewed ten cases that fell under this policy. Two involved investigation of alleged criminal activity, three involved suspected violation of University Regulations, one required access in order to handle an emergency, and four were related to the need by the University of stored information required to conduct normal business. In several cases the owner of the information consented to access, in others Mr. Millar denied access based on the Electronic Privacy Policy. The Committee members present for this review felt that the decisions were appropriate and consistent with the guidelines. 5) Mr. Terrell noted that, in one or two cases, anonymous e-mail from within the University caused significant friction with the recipients of these messages who did not understand the open nature of the University. 6) The Policy creates a uniform standard throughout the University and both Mr. Millar and Mr. Terrell felt that this was most helpful to systems operators and other computer personnel. 7) The Policy has not been widely disseminated to students, faculty and many staff. However it is being used as part of the Information Technology Employee Orientation (per Mr. Millar)

Conclusions: The Electronic Privacy Policy has been in effect since mid September 2000. The committee could find no complaints concerning its implementation. The committee could find no significant University Community concern about the policy. The two major administrative groups that are involved with the implementation of this policy appear to be working well together and have a reasonably consistent outlook. Those involved with enforcing and interpreting the policy feel that it is providing useful guidelines toward determining who, and under what conditions, may have access to various electronic files and logs. The policy has not been widely disseminated and copies of the policy are difficult to find outside its publication in Almanac.

Recommendations: The committee recommends the following: 1) The policy be continued as is. 2) No significant revision is needed at this time. 3) Another review should be scheduled for 2004 (2 years from this review). 4) Steps should be taken to increase its availability and visibility. The committee has begun this process though committee member Amy Johnson, who is working to have this policy incorporated into the PENN BOOK, which will provide on line and printed copies of the Policy for students. Publication in the Faculty Handbook might also be of use and committee member, Martin Pring, has contacted Associate Provost Barbara Lowery about such inclusion.

--David S. Smith, Chair

2000-2001 Committee Members

Chair: David S. Smith (Anesth/Med); Faculty:Cristle Collins Judd (Music); Ellis Golub (Biochem/Dental); Steven Kimbrough (Oper & Info Mgmt); Martin Pring (Physiol/Med); Ann Rogers (Nursing); Dana Tomlin (Landscape Arch); Graduate/professional students: Jennifer Baldwin (GSFA); Aveek Das (GEP); Undergraduate students: Diana Elkind; Mariama Jerrel; PPSA: Valerie Sutton (Wharton); Helma Weeks (Commun/Vet sch); A-3: Rochelle Mitchell (General Counsel's Office); Ex-officio:Lori Doyle (Dir University Communications); Amy Johnson (Business Serv); Paul Mosher (Vice prov & Dir Libraries); Leroy Nunery (VP Business Serv); James O'Donnell (Vice Provost for ISC); Staff:Tram Nguyen

Almanac, Vol. 48, No. 21, February 5, 2002


February 5, 2002
Volume 48 Number 21

The first Neal Nathanson Lecture will be given next week by Dr. Stanley Prusiner, Nobel Laureate and Penn alumnus.
After four years at the helm of the College House Program, Dr. David Brownlee steps down as director and turns over the wheel to a fellow faculty master.
When is Spring Recess? Well, now it is Spring Break--at least on the Academic Calendar--to be consistent with Fall Break.
Mix more than a dozen committees, a multi-year timeline, five institutional goals, six academic priorities, and several organizational priorities and the result is a new Strategic Plan which will soon be published For Comment.
The Council Committee on Communications reports on its findings from a one-year review of the Policy on Privacy in the Electronic Environment.
Improving pedestrian safety is a multi-step challenge.
Environmental Health and Radiation Safety offers information, thermometer exchange, and training for employees who handle hazardous substances.
Researchers make discoveries concerning King Midas, kidney disease, Alzheimer's disease, immune system and major depressive disorder.
The University Research Foundation's latest awards go to 48 projects--from The Art of Urbanism in Feudal Aquitaine to Evaluating a Hospital Quality Improvement Model for Developing Countries.
Discounted tickets are available to attend Annenberg Center events and a Basketball Game at the Palestra.
Penn Public Safety Institute provides the community with a glimpse of police work from behind-the-scenes; the next program begins tomorrow. Apply now.