The University of Missouri System does not have a clear and complete policy on e-mail privacy, and individual campuses are responding.
At its meeting last week, the MU Faculty Council approved forming a task force to recommend a clearer policy on e-mail privacy. The campus now follows broad system-wide regulations.
E-mail privacy became an issue there last September after an audit
by the UM System into UMKC’s Information Technology department. The audit results questioned how clearly Information Technology explained the boundaries of e-mail use and privacy.
In response, Information Technology posted a notice on every UMKC computer stating “users (authorized or unauthorized) have no explicit or implicit expectation of privacy.”
The notice sent a wave of distrust throughout the university, and faculty members thought the message was “out of proportion,” said Jakob Waterborg, chairman of UMKC’s Faculty Senate.
The notice was correct to an extent. Because of Missouri’s Sunshine Law, all e-mails on the university’s system can potentially be viewed by people other than their intended readers, said Jean Maneke, an attorney representing the Missouri Press Association, who frequently handles open-records matters. She said all e-mails on the university’s system are the property of the university because of its rights as an employer.
“Anybody who uses an employer’s e-mail system has no expectation of privacy,” Maneke said.
E-mails on the university’s system can become public because of its status as a public governmental body, she said. Under the Sunshine Law, any e-mails on a public body’s system automatically become public records. This explains why student e-mails may also be subject to public disclosure.
However, Maneke said, there are exceptions to what e-mails can be disclosed publicly. For example, e-mails pertaining to litigation, the hiring and firing of employees, exam materials before the examination date or individual grades are allowed to remain private.
Although the notices at UMKC were quickly taken off the computers, they made it clear to the Faculty Senate that the rules and regulations of the UM System do not clearly state what in the university e-mail system can remain private and what cannot.
“It is partially defined, but not completely,” Waterborg said.
Unless it would compromise an investigation, users are notified before their messages are examined. If a user questions the reasoning behind the examination, he or she will be allowed to bring the objection to the oversight committee.
MU follows the UM System’s “Acceptable Use Policy,” which states that e-mails may be examined when it is necessary to “maintain or improve the functioning of university computing resources,” when there is “a suspicion of misconduct under university policies” or when complying with federal or state law.
The task force assigned by MU’s Faculty Council will look closely at UMKC’s and other campuses’ privacy policies before making its recommendation about what will work at MU, said Pat Fry, the council parliamentarian and a law professor who will lead the task force.
The task force has not been assembled, but Fry predicted a recommendation will be ready in the fall.