As debate about the monitoring of online activities continues in the public sphere, a review of the University of Wisconsin’s information system privacy policies found administrators can only access student email after a written request is approved.
According to UW’s privacy policy, all computer and electronic files should be free from access by anyone but authorized users. The only exceptions are in cases of state open records law, other statutory or regulatory requirements and to protect the “integrity of the university,” state rights and property.
System administrators can also access student and staff email accounts to perform maintenance and respond to emergency situations such as viruses, according to the policies. System administrators can also access emails to protect the rights of individuals working in collaborative situations where information and files are shared.
The university’s Electronic Data Advisory Committee was created to handle and clarify privacy policies and confidentiality of electronic data as well as to handle procedures regarding accessing information.
UW’s policies and procedures state that intrusion into files requires careful consideration. Controllers or owners of files must be notified before they are accessed, and the university has an obligation to protect their integrity and rights, according to UW’s information technology policies.
“No one is just going to go digging,” Nancy Lynch, associate director of UW Office of Legal Affairs, said, adding appropriate legal and privacy procedures are always followed and that no one on campus is sitting and monitoring student email.
The policy states that Wisconsin Public Records Law protects the “vast majority” of emails but there are exceptions such as emails to members of the student government.
Lynch said the IT policies were made in 1991 and were last amended in 1999.
There are a variety of different reasons why emails may be accessed, but it is not a “regular practice,” Lynch said.
Brian Rust, UW Division of Information Technology spokesperson, said all of the university’s IT policies are reviewed and updated often and an emphasis is placed on privacy issues for students, faculty and staff.
Administrators and others can access student emails only after a written request for access and a thorough review is submitted to the university and approved, Rust said. Abuse and harassment are two acceptable reasons to file a complaint and request access to emails, he said.
Written requests for access to student and staff emails require many steps, Rust said. The university pays careful attention to make sure there is legitimate proof of wrongdoing, and copies of emails need to be produced before any action is taken, he said.
“All we do is manage the systems, access the emails for backup purposes for a short time. We wouldn’t just turn things over if you asked for it,” Rust said.
Victoria Galarnyk, a UW junior, was aware the university can access students’ university email accounts and said she was not surprised by any of the IT policies. She said she understood university intervention could be necessary and she trusted the appropriate procedures would be followed.