Skip to Navigation
University of Pittsburgh
Print This Page Print this pages

March 21, 2013

Harvard case raises email privacy

Just how private is your email?

That question is in the news following the revelation that Harvard administrators searched the email accounts of resident deans in an effort to discover who leaked information to the media in the wake of a campus cheating scandal.

A statement released last week by Harvard administrators clarified that the email review was conducted amid concern that student confidentiality may have been breached and that it consisted only of a subject-line search done with the approval of the university’s general counsel.

At Pitt, there must be a legal reason, approved by the Office of General Counsel, for emails to be released to a third party. Jinx Walton, Pitt’s chief information officer and Computing Services and Systems Development (CSSD) director, said, “The University doesn’t permit fishing expeditions or letting people go sort through someone’s email,” adding that on occasion CSSD gets requests from departmental colleagues for access to a departed or vacationing employee’s email.  “That doesn’t happen,” she said, adding that those individuals are directed to contact the general counsel’s office to make their request.

Walton said, “Everyone knows they shouldn’t assume privacy in email,” adding that the University does have a stated process outlining the conditions under which a third party would have access to emails. “I’m comfortable with the very professional way the University handles this,” she said.

Pitt email policy is summed up in University Policy 10-02-05, which states, in part, “University-owned computing equipment, networks, services and resources, including electronic mail and other forms of electronic communication, are provided for the purpose of conducting University-related activities and are therefore considered University property. The University, as owner of such property, has the right to access information on the system stored, sent, created or received by employees, including electronic mail, as it deems necessary and appropriate.  As such, employees should not expect individual privacy in the system.”

Walton had no specific numbers on how frequently requests are made to access Pitt emails: “It’s not particularly common.”

CSSD guidelines ( outline how third-party requests for access to emails are handled.

CSSD states it “will only provide access to electronic mail messages stored on central University e-mail servers to individuals other than the person to which a specific mailbox is assigned upon receipt of written approval from the University Office of General Counsel. Units must contact the Office of General Counsel directly to secure such authorization. Upon receipt of written authorization by the Office of General Counsel, CSSD will transfer the requested email messages to compact disc (CD) media that will be provided to the Office of General Counsel or to the party that General Counsel designates to receive those messages. It should be noted that electronic mail messages may only be stored centrally for a limited time period, generally thirty (30) days, and may be overwritten in the normal course of business. This general provision may be overridden by a specific request for document retention from the Office of General Counsel, where, for instance, litigation has ensued.”

Walton confirmed that email is retained for 30 days for disaster recovery purposes. The University takes a snapshot of all email boxes daily; whatever is in an individual’s email folders  — including the deleted items folder — is included in that snapshot. After 30 days, that day’s snapshot is overwritten, making it impossible to restore messages after that point.

—Kimberly K. Barlow

Leave a Reply