By MARTY LEVINE
How should the University maintain the privacy of employee communications on platforms outside of email, especially the material of former employees that may be needed by current employees?
The Senate Computing and Information Technology Committee, at its March 22 meeting, addressed the question asked by one of the committee’s representatives from Staff Council, Kenny Doty, online learning & technology services lead in the Swanson School of Engineering.
Doty noted that, according to Pitt’s current Computer Access and Use policy, the University “reserves the right, as owner of University electronic communications, ‘to access information on the system stored, sent, created or received by faculty, staff and students including electronic mail, as it deems necessary and appropriate.’ ”
This means that email accounts, in general, are “considered private and accessible only if needed by the University for official business, granted through a process that requires a request to University counsel prior to granting access …”
But today, he said, “University electronic communication has expanded beyond email to a mass of communication tools, both official (Teams, Groups, Microsoft 365 ‘productivity’ surveillance tools promoted as Microsoft Vive, document comments, Windows Telemetry including keystroke recording, browser usage and mouse activity, OneDrive, SharePoint …),” plus software from outside of Pitt such as Slack and Discord.
“What steps has the University taken to protect the privacy of University students, faculty and staff by limiting access to University communications in these various communication platforms to only those who require it for University business?” Doty asked. “Does the University and Pitt IT require the same process for accessing University communications through these platforms as it does University email? If not, why not? If not, who beyond the users themselves currently has access to these University communications, and what mitigations are in place to limit their misuse by users with privileged access to these systems?
“Is there a policy?” he added. “Should there be a policy? And if so, is it going to cover all electronic communication or just email, as it seems to now be set up?”
“We take our direction from the general counsel when there is a request for any type of information,” including from a law enforcement agency, said Chief Information Officer Mark Henderson. Several policies are in the works that govern computer-generated and stored information at Pitt, he said, including a new version of Computer Access and Use as well as a University Network Policy. But he is not aware of any policy covering these specific privacy concerns, he said.
Computer committee chair Ilia Murtazashvili, faculty member in the Graduate School of Public and International Affairs, said the committee will seek the general counsel’s advice on the issue before its next meeting so that members can begin to consider actions in response to Doty’s concern.
Marty Levine is a staff writer for the University Times. Reach him at email@example.com or 412-758-4859.
Have a story idea or news to share? Share it with the University Times.