Like any Penn student, I swipe my PennCard several times a day to access buildings or to make purchases. Whether I’m using a public computer or my own laptop, I’m on Penn’s Internet network practically all the time. And my Penn e-mail account has gradually become my identity online. I’ve used it to receive tens of thousands of messages, and send thousands more — some academic, many personal.
I worry about exactly how I’ll unhook myself from all of this when I graduate. But there’s a larger concern. All of the above activities, and more, leave behind very deep footprints.
Students should be more conscious of the trail of electronic records we generate. There’s no way around our reliance on the University’s systems, but we should all be more aware of the conditions and risks entailed. And while we can generally trust the University to keep our massive volume of personal information private, we need to ask administrators for better accountability.
Most students are oblivious to the “Policy on Privacy in the Electronic Environment,” which has been in effect for nine years. It gives administrators the right to access students’ electronic records but also clearly defines the circumstances in which this is acceptable.
According to Jim Choate, a senior director at Penn’s Office of Information Systems and Computing, “this policy was implemented in 2000 after extensive consultation with faculty, staff, students and University Council.” And “accessing of student [online trails] at Penn is extraordinarily rare.”
One circumstance in which student records are accessed is in cases of “suspected serious infraction of University policy (for example alleged research misconduct, plagiarism or harassment).” In other words, sending a copy of your homework to a friend using Penn e-mail accounts might land you in front of the Honor Council.
Generally, no one will take a look at what you’re up to unless it’s an emergency or if you’ve done something wrong. And the University pledges to be fairly transparent about how it manages our information, and says it will inform students when their records are accessed, unless it jeopardizes an ongoing legal investigation. That’s reassuring.
I’m not so confident in my own self-importance to believe anyone might actually care about the web sites I check repetitively or the inane e-mail exchanges I have with my sisters. All the same, I expect the privacy I’m entitled to.
Still, Penn’s electronic privacy policy is of the 1990s. After nearly a decade, it could stand to be updated.
According to the policy, students’ e-mails and computer accounts may be accessed on the authority of the “Dean of the student’s School or his/her designate, the Vice Provost for University Life, or the Office of Audit and Compliance, in consultation with the Office of General Counsel.”
There are too many administrators with the power to make a decision that is evidently rare and considered extremely serious. Except in emergencies, that power can be limited to just the school deans and to the Office of the Provost.
Worse yet, each school or department maintains various systems and services separately. E-mail, for example, is not at all centralized. The University’s privacy policies are supreme. But they’re vague enough such that variations across campus may be fairly dramatic.
Additionally, neither the electronic privacy policy nor any other easily accessible document specifies exactly what electronic records are maintained. The policy directly addresses just e-mail and voicemail. Of course, practically all records held by the University are now maintained in electronic form. There needs to be more clarity on what is kept and how long it is kept.
Indeed, the policy does not specify how long the University retains data. Some records, such as transcripts, are presumably held forever. Others, such as netflow web traffic information, are apparently held for just hours (that’s a good thing).
While administrators will readily answer whatever questions you may have on all of these issues, it would certainly be better if everything were spelled out in detail.
David Lei is a Wharton senior from Brooklyn, N.Y. He is the former executive editor of the DP and current executive chairman of the College Republicans. His e-mail address is lei@dailypennsylvanian.com.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
DonatePlease note All comments are eligible for publication in The Daily Pennsylvanian.