[I am not a lawyer]
One thing to keep in mind too – in today’s world we
have lots of student privacy laws we have to worry about. Things like
FERPA require us to be very conscious of the data we keep about students.
Seemingly innocuous data containing student grades, or email addresses simply
in an email would require us to keep this data on preemies. This includes
data from student employees.
Another item to consider would be data that is considered
confidential to the university. Things like passwords to servers, access
codes to websites, security codes to buildings, or just private information
from vendors, etc. is all information that I’m sure the University wants
to keep.
I feel that anything I create in email is property of the
university. This would not be something I should expect to take with me.
[/Psudo Lawyer Talk]
-Nick
From: Kramer, Jack
[mailto:[log in to unmask]]
Sent: Wednesday, June 23, 2010 9:52 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Outgoing employee's email...
I
think the biggest concern with this whole thing is not just MSU policy but our
legal obligations as admins to preserve information that may be necessary for a
discovery process at a later date. There are several different laws that would
govern that and they all overlap in strange ways, especially in the realm of
higher ed. I think before we can really establish any kind of policy as a
community we need clear direction from counsel – we are, after all,
paying those attorneys the big bucks.
As far as privacy / publicity goes, there was a Supreme Court decision very
recently that dealt with a similar issue in California, where a police officer
was investigated for personal texts sent with an employer-provided device, even
though the police officer had agreed to pay for overage charges on the device.
The court found that the police department was legally allowed to request and
view the text messages sent through the device, no matter the content. This
will be especially relevant to us as we are technically employees of a local
unit of government (universities are organized as governments under state law)
and so are covered by the decision. The point I’m making is that our
students are paying for a bandwidth service — in effect, the university
acts as their ISP — and are covered under the laws that apply to that
situation. As employees, we are afforded no such privileges. An employee should
not consider their communications using employer-provided devices to be
private, personal property; rather, they should be considered a privileged use
of employer resources and information. At the end of the day, those
communications belong to the university and not the user. I see no reason why
this would not apply to student employees, nor do I see any reason why this would
apply to the private communications of a student who happens to also work for
the university. If drawing a distinctive line is worrisome, why not simply
provide email accounts to student employees? A secondary NetID is easily
purchased or an account can be established on an internal mail system.
Of course, none of that answers the more pressing questions of how we are
expected to archive emails, how long we must retain them, and what ability we
have (if any) to release emails to departing employees. A simple regulation
like those applying to retention of tax records would ease the burden
significantly. I know that I should be retaining 7 years of tax records in case
of an IRS audit — it’s a clear regulation easily discerned from the
law. What we need, as I said before, is clear direction from the general
counsel’s office before one of us finds themselves on the wrong end of a
legal discovery process.
----
Jack Kramer
Computer Systems Specialist
University Relations, Michigan State University
w: 517-884-1231 / c: 248-635-4955
> From: Alexander Hawley <[log in to unmask]">[log in to unmask]>
> Reply-To: Alexander Hawley <[log in to unmask]">[log in to unmask]>
> Date: Wed, 23 Jun 2010 09:13:40 -0400
> To: "[log in to unmask]">[log in to unmask]" <[log in to unmask]">[log in to unmask]>
> Subject: Re: [MSUNAG] Outgoing employee's email...
>
>> all MSU (non-student) e-mails ...
should be turned over to Archives for
>> preservation
>
> And employees who are also students?
>
> Student employees?
>
> So the day a student is hired fulltime the AUP switches from privacy to
> publicity? That's weird.
>
>
>> delete an email message
>
> Nightmare. I've seen some instructions for admins on how to silently
replicate
> all incoming & outgoing for this very purpose. Ouch.
>
> Or, better yet. Forward (do not keep copy) to Gmail or other.
>
>
> -AH