Category: privacy

Another of our periodic email cautionary notes

From time to time, we have provided reminders about email problems.  One problem – which we have noted – is that at a public university, your emails may be subject to public documents requests.

Another problem is that hackers may try to get into your email account through “phishing,” probably to use it to send out scam messages to your contacts.  Such an event seems to have occurred at UC-Davis:

Hackers compromised the email accounts of three UC Davis doctors last month, potentially gaining access to personal or medical information on as many as 1,800 patients, the university announced Monday…  UC Davis said the attack was a phishing scam, in which someone is sent an email that looks legitimate. According to a statement on the health system’s website, data security experts were unable to determine the exact nature of the breach or whether any email messages were specifically read. However, it said, “the automated nature of typical phishing scams makes it unlikely that content from individual messages was viewed. The content of patient information in the emails consisted primarily of name, medical record number and limited information associated with a clinic visit or hospital admission.”…

Full story at http://www.sacbee.com/2014/01/27/6106308/uc-davis-health-system-emails.html

Read more here: http://www.sacbee.com/2014/01/27/6106308/uc-davis-health-system-emails.html#mi_rss=Business#storylink=cpy
Read more here: http://www.sacbee.com/2014/01/27/6106308/uc-davis-health-system-emails.html#mi_rss=Business#storylink=cpy

Ahead of the Curve

The curved neuroscience building

Inside Higher Ed takes note of the recent UCLA policy on requests to faculty for public documents such as emails.  Blog readers will recall a recent posting on that new policy.

…Carole Goldberg, a professor of law and vice chancellor of academic personnel at UCLA, is co-chair of the joint Academic Senate-Administration Task Force on Academic Freedom, which drafted the statement. She said that no particular incident at UCLA had inspired the statement, but that faculty and administrators wanted to “get ahead of the curve” on academic freedom and scholarly communications, in light of several high-profile incidents in at other public institutions in recent years…

As noted in our prior post, we still suggest awareness (caution) that your emails and other documentation could be made public since privacy guidelines are inevitably open to subjective decisions.  In addition, emails you send to another person at some other public university – perhaps not in California – might be obtained under different rules there.

Our prior post is at http://uclafacultyassociation.blogspot.com/2014/01/someone-may-want-to-see-what-you-are.html

Someone may want to see what you are doing

Faculty should have received the email from Chancellor Block below regarding public documents requests for such things as emails.  The statement is good.  The two links provided are also useful.  But when you get through reading them, you should still regard virtually anything you email or write as potentially a public document.  Yes, various exemptions exist.  But there are gray areas.  In addition, an email you sent to someone else at another public institution – maybe in another state – might be made public there.  Even if you deleted it, the recipient may have it.  That is the reality.
============

Dear Colleagues:

In recent years a number of universities including UCLA have received public records requests seeking disclosure of faculty members’ scholarly communications. The potential chilling effect of these requests has raised new questions about academic freedom and its intersection with public institutions’ legal obligations to conduct business transparently.

UCLA’s joint Administration–Senate Academic Freedom Task Force, charged with helping our campus prepare to respond to such requests, recently published its Statement on the Principles of Scholarly Research and Public Records Requests. The statement is a compelling affirmation of our peer review system and the right of faculty to conduct research and scholarship on controversial topics free from political interference. I wholeheartedly endorse it, as do the Academic Senate, Executive Vice Chancellor and Provost Scott Waugh, and other UCLA academic and administrative leadership. I urge you to read it.

The statement stands as the guiding principles for UCLA’s response to requests for disclosure of faculty members’ scholarly communications. The task force also developed a Faculty Resource Guide for California Public Records Requests that explains how UCLA faculty should respond to requests for records and manage electronic records in light of the California Public Records Request Act.

UCLA is among the first universities to consider this issue systematically, and the result is a set of guiding principles based on our core values. Please join me in expressing appreciation for the outstanding work by the task force, which was co-chaired by Vice Chancellor for Academic Personnel Carole Goldberg and Professor David Teplow, chair of the academic freedom committee of the Academic Senate. Other members were Senior Campus Counsel Amy Blum and professors Barbara Herman, Matthew Kahn, Ann Karagozian, Christopher Kelty and Mark Sawyer.

Sincerely,

Gene D. Block

Unsolicited Advice for All UCLA and UC Faculty

Yesterday, we provided some unsolicited – and maybe unwelcome? – advice for the folks in Murphy Hall.  Today, we provide some advice for all UCLA and UC faculty.  Actually, it is a reminder of advice that we give from time to time.  We live in an age where the word “transparency” has taken on an aura of unmitigated goodness.  In practice, transparency – at public universities – can mean invasions of privacy when it comes to emails.  Emails at public universities are subject to public documents requests.  From time to time, groups that don’t like what some faculty has said about some issue of the day go on fishing expeditions in his/her emails.

A colleague at another university sent yours truly the following item which can service as a reminder to regard what you say in emails and other records as potentially public:

A group of law professors at UNC-Chapel Hill is standing behind Gene Nichol, director of the school’s poverty center, after a conservative think tank requested the left-leaning professor’s emails, phone records and calendars.Thirty law professors signed a letter questioning the motives of the Raleigh-based Civitas Institute, which promotes limited government and implementation of conservative policies. On Oct. 25, the institute used the state’s public records law to seek six weeks’ worth of Nichol’s email correspondence, his calendar entries, phone logs, text messages and a list of electronic devices issued to Nichol by the university…

Full article at https://portside.org/2013-11-27/north-carolina-faculty-complain-after-conservative-group-seeks-liberal-professor%E2%80%99s-email

Scary Thoughts for Halloween

Over the past year or so, there have been various scary developments about which we have blogged.  Most recently there is the recently-filed anti-pension initiative that sweeps in UC.  There is the volatility of state budget because of its heavy dependence on the income tax and the incomes of those in the upper brackets that are reflective of the ups and downs of financial markets.  There is the illusion that online ed will resolve the long-term budget squeeze on the university.

The hotel shown below is pretty scary but so, too, is the UCLA Grand Hotel, in part because of its potential costs but also because it represents an outmoded fixation on new capital projects and a lack of regental ability to oversee and monitor such projects.

We have long noted the invasion of privacy represented by online disclosure of UC employee salary information, the danger it poses of ID theft, and the fact that it facilitates raiding by private universities that do not have to publish such information.  More recently, we have noted that emails of faculty that they might have thought were private are viewed as public documents that can be requested by anyone for whatever purpose.

Well, at least in the area of private communications, we are not the only ones to be concerned, as Harry Shearer pointed out last Sunday on his radio program:

(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/all.js#xfbml=1”; fjs.parentNode.insertBefore(js, fjs); }(document, ‘script’, ‘facebook-jssdk’));

Post by CalPolicy.

With modern recording devices, a reminder that your classes are not really private, whatever the legalities

That was then and this is now.

We have reminded faculty from time to time that emails and other communications at public universities are generally not private and can be requested as public documents.  There are some questions about the legalities of students recording your classes.  A recent case in which a teacher in the LA school district was recorded cursing – and was suspended – is a reminder, however, that once a recording goes public, it can’t be retrieved.  Moreover, it is very unlikely that a student will be prosecuted for making such a recording.  And recording via cellphone or other small device is now very easy.  The LA Daily News has an article triggered by the cursing teacher example:

Under California Education Code Section 51512, it… is illegal for any person — including a student — to use an electronic device to record what is happening in the classroom without the consent of the teacher. But here is where the matter gets tricky: The teeth in the law really applies only to people who are not students. That is, any non-pupil who is caught recording a classroom discussion without the teacher’s consent can be charged with a misdemeanor.

“If I want to audit my kid’s class — maybe I think the material violates some religious belief — I can’t record the class without the teacher’s permission,” said Rebecca Lonergan, an assistant professor of law at USC. When it comes to students who are caught surreptitiously recording their teachers, the punishment is determined by school administrators. “If it’s a student, you’re not going to criminally prosecute them for recording their teacher,” said Lonergan, who also has worked with the U.S. Attorney’s Office, where she dealt with many wiretapping cases…

Full story at http://www.dailynews.com/social-affairs/20131012/case-of-cursing-lausd-teacher-raises-legal-questions-about-secret-recordings

Of course, you can ask students not to record your class or only to record it if you give permission.  But that request doesn’t guarantee anything, as a practical matter.

UC Should Have an Interest in CalPERS Privacy Hearings

As noted many times on this blog, the wholesale release online of payroll and pension data BY NAME is a violation of personal privacy of employees and retirees and raises the threat of ID theft.  No private universities are forced to release such data.  None would do it voluntarily.  Indeed, no private employers of any type – including the newspapers that provide such databases – would do it for their own employees (although they clearly have the data).

Although UC has gone along with the wholesale disclosure of salary and pension data by name, a fuss has now been raised by CalPERS retirees about just such a practice.  It appears there will be legislative hearings on the issue in the next few months – as reported in the Sacramento Bee.  Even though UC is not under CalPERS, and even though the hearings will likely focus on retirees (and not employees), the issues are the same for both employees and retirees of UC as they are for retirees under CalPERS.  Will UC reps offer to take part and be witnesses at those hearings?  Note that the legislature can modify current public disclosure requirements.

The Sacramento Bee article is at http://blogs.sacbee.com/the_state_worker/2013/09/lawmakers-to-calpers-lets-talk-about-that-pension-database.html.

Would it get under your skin if university administrators poked around in your emails?

Located in Boston, not far from Harvard

Some blog readers may recall the brouhaha that erupted at Harvard when some administrators poked around in university emails trying to discover who was leaking info about a student cheating affair.  A dean apparently ended up resigning when the email searching became known.  The Boston Globe is reporting that a Harvard-commissioned report has determined that the administrators were acting in “good faith.”  See http://www.boston.com/metrodesk/2013/07/22/outside-counsel-harvard-acted-good-faith-covert-mail-searches/jvB5oSwd8MZL2m0wlTuLSP/story.html.  A shorter version of the story from Inside Higher Ed is at https://mail.google.com/mail/u/0/#label/subscription/1400ab32f5244acf.

Moral: Don’t put anything in email you wouldn’t want made public. Unless, of course, you believe that whatever you say will be used in good faith:

Listen to the Regents Afternoon Meeting of July 17, 2013

Most of the afternoon activity of the Regents on Wednesday, July 17, was in closed sessions for which no audio is available.  The main item of interest in the open period was the privacy initiative, noted in an earlier post, which is a work in progress.
Afternoon Agenda: July 17, 2013
1:00 pm Committee on Compliance and Audit (open session – includes privacy initiative)
1:30 pm Committee on Compensation (closed session)
1:45 pm Committee on Compensation (Regents only session)
2:00 pm Committee on Governance (Regents only session)
2:10 pm Committee on Compliance and Audit (Regents only session)
2:30 pm Committee on Finance (Regents only session)
3:15 pm Board (Regents only session)
We continue to post an indefinite archive of Regents meetings since the official archive policy of the Regents is to delete after one year.  You can hear this session at the link below:

Regents Will Consider Privacy (in Public)

We noted in an earlier post that a preliminary agenda for the Regents’ meeting next week had been posted.  The more detailed attachments for the meeting have now been posted.  One topic to be taken up is UC policy on “privacy.”  At this point, however, it is all processes to set a policy rather than the policy itself.  According to the agenda item, UCLA Chief Privacy Officer Kent Wada is involved.  (Did you know we had a Chief Privacy Officer?  See http://kentatucla.files.wordpress.com/2012/10/uclacpo-ddmemo1.pdf.)

The agenda item can be found at http://regents.universityofcalifornia.edu/regmeet/jul13/a3.pdf

It’s harder to keep things secret nowadays than it was back in the day:
[youtube http://www.youtube.com/watch?v=6iaR3WO71j4?feature=player_detailpage]