Policy: The University of North Carolina’s Policy on Privacy of Electronic Information http://www.unc.edu/campus/policies/elec_info.html

This policy summarizes UNC’s standing in regards to privacy of electronic information. Basically, the University is detailing its policy for students, staff, and those associated with the University regarding their privacy rights and privileges on University accounts. Interestingly, this policy states that the University encourages the use of electronic mail and respects the privacy of users. The policy also states that the University does not inspect or monitor electronic mail routinely. However, the policy also states that the University does have the right to monitor email when deemed necessary according to a specific set of rules and guidelines.

This policy details under what circumstances electronic email would be read. In addition, the policy covers the guidelines followed by University officials when reading email. The policy also states that there is no guarantee of privacy or confidentiality for documents or data stored on University-owned equipment. These documents are essentially considered public records and are subject to disclosure by state laws.

Criteria for analyzing policy: 1. The policy should clearly state the user’s responsibilities as a member of theUniversity community. 2. The policy must provide guidelines for how and when the University may access an individual’s electronic mail or documents. 3. The policy should state the University’s responsibilities for electronic mail and data sent through its network.

The policy meets the majority of the criteria. The policy provides guidelines for use of electronic resources. The policy states, “Appropriate use of University electronic resources includes instruction, research, service, and the official work of the offices, departments, recognized student and campus organizations, and other agencies of the University, and as described below, incidental personal usage by faculty, staff, and students”(page 1). This statement clearly defines who should use the electronic resources and it what ways they should use the electronic resources. The policy also gives detailed explanations for what purposes designated University officials may read electronic mail. The policy provides seven instances (items a-g) in which a University official would access email. In addition three of these instances include a clause. The clause reads, “The system administrator will need approval from the Provost and Vice Chancellor and General Counsel…to access specific mail and data for these purposes. The extent of the access will be limited to what is reasonably necessary to acquire the information for a legitimate purpose” (page 2). The University policy does not clearly provide information on data sent thorough the University network. The policy does not specifically address network drives such as students H and G drives on the isis and kiwi servers. In addition, this policy does not reference additional policies, such as University web page policies, that would be relevant for users.

Recommendations 1. The policy should clearly state provisions for students, faculty, and staff networked drives. The policy needs to specify that although the drives are on the network, the information is stored on a University computer and therefore follows the same privacy guidelines as a University-owned computer. Information stored on networked drives, including individual drives, are University property and may be subject to search. 2. The policy should reference UNC’s computing policy (http://help.unc.edu/pdf/1688.pdf) and University web page policies (http://www.unc.edu/campus/aboutweb/). The policy should address the issue that documents and data stored on public_html directories are not secure. 3. The policy should address how users of the University wireless and LAN network on private computers are affected by the privacy policy. Those users who utilize the University system network assume the same risks and responsibilities of users using University-owned computers.