Estimated read time: 4 minutes
Note: This post pertains to email privacy policies at the University of Michigan. If you are not part of the UMich community we hope that this post will give you some ideas for questions that you can ask of your CIO or Privacy Officer.
After receiving questions from the University community about the privacy of University email accounts, the Hub thought it would be a good time to review some aspects of email privacy and security, and how these affect students and instructors here at UM-Dearborn.
Hub Instructional Designer Sarah Silverman spoke with UM-Dearborn Chief Information Officer Carrie Shumaker and Svetla Sytch, U-M Assistant Director of Privacy and IT Policy for Information Assurance, about what students and instructors should know about their university-provided email accounts.
Sarah: Thanks for taking the time to talk with us! My first question is prompted by some recent discussions I’ve been having with students, staff, and instructors. Many students and workers are confused about who can access university email accounts and under what circumstances. Can you help clarify?
Carrie and Svetla: That’s a very good question.
At the University of Michigan (whether Ann Arbor, Flint, or Dearborn campus), whether the person is faculty, a staff member, or a student, the University never accesses a person’s digital assets, including their email, in an arbitrary manner.
The University of Michigan Standard Practice Guide (SPG) section governing the accessing of records is SPG 601.11, “Privacy and the Need to Monitor and Access Records.” Section III.A.1.b.3.(b) states that University officials may access personal records (such as email), “When there is reasonable cause to believe that the employee has engaged in misconduct and may have used University resources improperly.” It further states, in Section III.B.2, “It is a violation of this policy for an employee to monitor record systems or access records beyond the standards established by Section III. A. of this policy.”
Sarah: Sometimes staff use university email to share personal information relevant to work with their supervisors (e.g. health information or interpersonal matters), or students may use university email to share personal information relevant to courses (e.g. need for disability accommodation). Can email users expect that this type of personal information will remain private and appropriately confidential?
Carrie and Svetla: First, U-M allows for personal use of email so long as it does not interfere with the obligation to carry out job-related responsibilities in a timely, effective, and appropriate manner, and of course, so long as it doesn’t violate the law or other U-M policies (see SPG 601.07: Responsible Use of Information Resources).
While email users can have a reasonable expectation for privacy, it is important to remember that if you use your work email for personal use, it may be subject to an approved disclosure request.
Sarah: What are the benefits of having a university provided email account? How should these accounts ideally be used?
Carrie and Svetla: There are many benefits of having a university provided email account. It is the default method of communication between faculty, staff, or students and the University, and therefore is perhaps the most important communications pipeline we have. It is also a banner of our affiliation with a world-class academic and research institution.
As mentioned previously, it should be used responsibly and in compliance with SPG 601.07: Responsible Use of Information Resources.
Sarah: Are there any situations in which students or staff should avoid using their university emails or other U-M accounts (either for the sake of privacy or related to university policy)?
Carrie and Svetla: Again, referring back to SPG 601.07: Responsible Use of Information Resources, University email should not be used for certain purposes, such as personal commercial use (ie, running a business), or political activities such as running for office or political campaigning. In addition, University email should not be used for any illegal activities.
Generally speaking, the old adage that you shouldn’t put in email something that you don’t want seen in the newspaper remains a good guideline. Remember, whatever you send could be forwarded along or shared by the recipient.
Photo by Daria Nepriakhina on Unsplash
Reading time estimation from https://niram.org/read/
Sarah Silverman is an Instructional Designer in the Hub for Teaching and Learning Resources at the University of Michigan – Dearborn. You can read more about Sarah on her author page.