The following report of the University Council Committee on Communications is on the agenda for discussion at Council Wednesday, March 20.
Privacy of Institutional Data
Information about individual students, faculty, and staff (as well as former students, faculty, and staff) must be maintained by the University to support its mission. It is University policy that such information be collected, stored, and used only for appropriate, necessary, and clearly-defined purposes. Access to such information must be controlled and safeguarded in order to ensure privacy. The ease and flexibility, and transparency, with which electronic information can be accessed, linked and displayed can set the stage for abuse of privacy. When systems are designed, upgraded or integrated, the application steward (the primary business sponsor of the application), working together with the data steward (the individual with primary responsibility for the data) should address the issues of confidentiality and privacy, and the need for informed consent to the release of personal information. Inadequate attention to the issues of privacy of personal information will be subject to sanctions.
When personal information is solicited from a member of the University community, that person should be informed of the purpose for requesting such information, the intended use of the information, and the consequences, if any, of not supplying it. In addition, the University collects personally identifiable information about members of this community in the course of its routine operations (e.g. computer logins, building access via PennCard). Such collection should be well- publicized and University community members should be informed about the intended use of the information, safeguards against unauthorized access, and their options, if any, to prevent its collection. All information provided by or collected about University community members should, when individually identifiable, be used only for the stated purpose(s).
To the extent that it is consistent with the privacy of others, with the University's policies on confidentiality of student and employee records, and with the traditional confidentiality of faculty peer review and evaluation, an individual should be provided the means for seeing and obtaining copies of records about him or her maintained by the University, as well as for challenging the accuracy and completeness and the propriety of the use of such records.
Persons with responsibility for records containing personal information should exercise diligence to ensure accuracy and completeness. Safeguards must be provided to protect personal information against accidental or intentional misuse or improper disclosure within or outside the University. Misuse or improper disclosure of such information may lead to sanctions against the responsible individuals.
The educational records of current and former students are subject not only to the policies stated in this document but also to the University's policy on the confidentiality of student records.
When records containing personal information are no longer needed, the records should be appraised to determine whether they should be destroyed or archived with appropriate protection of privacy under the Protocols for the University Archives and Records Center.
Privacy of Personal Electronic Information
Any information created or controlled by individuals is personal (with the exception of records generated or received by administrative officers of the University relating to their official duties, which are institutional). All such information is personal not only when it is unique, but also when copies have been shared with other individuals or when it has been obtained from or copied to public or institutional data. Personal electronic information includes electronic mail, files and directories of messages and files. When this information has not been intentionally made publicly accessible it is private. The privacy of the original extends to any copies made in backing up any system on which it is stored, temporarily or permanently.
Faculty members, staff and students are afforded the same protection against the intentional invasion of the privacy of their personal electronic information stored on their own equipment or residing on or transmitted over University equipment as over the contents of an on-campus office or dormitory room. This information may not be searched without the same level of authorization as for physical searches of comparable on-campus facilities. The rights to privacy and due process must be observed.
Restrictions on access to staff members' electronic information may be less severe because such information is used in carrying out the individual's job. In the event of absences, material related to that job may be needed by others and it should be assumed that the supervisor may authorize access. This does not provide the supervisor with blanket permission to view all of the staff member's electronic information. Departments should inform their staff members which information may be accessed in their absence and the level of privacy afforded such information. In the event of suspected misconduct, care must be taken to obtain the same level of authorization to view personal electronic information as would be required for gathering tangible evidence.
Faculty or staff members or students leaving the University have the same privacy rights over personal electronic information remaining at the University as they enjoyed prior to their departure.
Exceptions In the case of court orders, subpoenas, or other requirements with the force of law, institutional data containing information about an individual or personal electronic information may be released. That individual should be notified of the request and consequent release of information as soon as possible within the constraints of the order or subpoena, and the required information should only be released by an authorized officer of the University. The Director of Internal Audit may access institutional data or personal electronic information in the course of an investigation carried out under the guidelines laid out in the Policy on Safeguarding University Assets.
The University will reject all other requests from individuals and extramural organizations-- government, professional associations, business enterprises, etc.--for the release of institutional data containing personally identifiable information, for purposes not foreseen and made clear at the time that it was collected. Requesters will be informed that release of such information is contrary to this policy. At its discretion the University may offer to the requester to seek the permission of the individuals affected for the release of the requested information and to release only that for which such permission is granted.
The Office of the Vice Provost for Information Systems and Computing, or designate, shall work to increase the awareness of issues of electronic privacy and of measures that individuals can take to increase their privacy, and to support and coordinate the provision and use of such measures.
The following guidelines for the implementation of this policy will be expanded as necessary to clarify its interpretation and requirements.
Postmasters are individuals who have the specific duties of enabling undeliverable mail to reach its destination, handling other delivery problems, and answering user questions about mail travel. Users should be assured that the privacy of mail sent to postmasters is protected to the fullest extent possible consistent with the proper discharge of their job responsibilities (see III below).
Postmasters at the University of Pennsylvania shall adhere to the following standards:
System administrators should keep confidential the content of any electronic mail message or personal file that they accidentally or necessarily see in the course of performing their duties.
A copy of this document together with explanatory and illustrative materials should be distributed to each system administrator when he or she assumes such a position and annually thereafter. Receipt of this information should be acknowledged. Failure to maintain the standards specified in this document may result in sanctions.
Council Committee on Communications
Chair: James O'Donnell (classical studies)
Co-Chair: Ira Winston (SEAS computing)
Dennis DeTurck (mathematics)
Alan Filreis (English)
Steven Kimbrough (operations and information management)
Mark Liberman (linguistics)
John Lubin (management)
Martin Pring (physiology/medicine)
Burton Rosan (microbiology/dental)
Carol Meisenger (publications)
Jennifer Conway (Leonard Davis Institute)
Gene Haldeman (undergraduate admissions)
Gregory Smith (Wharton)
Venkat Krovi (SEAS Ph.D.)
David Shapiro (Col/Wharton '97)
Amy Stover (Col '98)
One graduate/professional student to be named
Barbara Beck (news and public affairs)
Paul Mosher (Libraries)
Steven Murray (business services)
Peter Patton (information systems and computing)
March 19, 1996
Volume 42 Number 24
Return to Almanac's homepage.
Return to the index for this issue.