Audit committee asks how communication remains private | University times


How should the university maintain the privacy of employee communications on platforms outside of email, especially former employee materials that current employees may need?

The Senate Committee on Computer and Information Technology at its March 22 meeting answered the question from one of the Works Council committee representatives, Kenny Doty, leader of online learning and technology services at Swanson School of Engineering.

Doty noted that, under Pitt’s current computer access and use policies, the university “reserves the right, as the owner of the university’s electronic communications, to ‘access information about the system that is stored, transmitted, created or received by faculty, staff and students, including electronic communications, mail, as it deems necessary and appropriate.’ †

This means that email accounts in general are “considered private and accessible only if the university requires it for official business, granted through a process that requires a request to the university attorney before granting access…”

But today he said: “The university’s electronic communications are not just email, but also a mass of communication tools, both official (teams, groups, Microsoft 365 ‘productivity’ monitoring tools promoted as Microsoft Vive, document comments, Windows telemetry including keystroke recording, browser usage and mouse activity, OneDrive, SharePoint…)”, plus software outside of Pitt such as Slack and Discord.

“What steps has the university taken to protect the privacy of university students, faculty and staff by limiting access to university communications in these various communication platforms to only those who need it for university affairs?” asked Doty. “Do the university and Pitt IT require the same process for accessing university communications through these platforms as university email? If not, why not? If not, then who are the users themselves currently accessing these university communications and what measures are in place to restrict abuse by users with privileged access to these systems?

“Is there a policy?” he added. “Should there be policy? And if so, is it all electronic communication or just email, as it appears to be set up now?”

“We follow our directions from General Counsel if there is a request for any form of information,” said Chief Information Officer Mark Henderson. Several policies are in the works that regulate computer-generated and stored information at Pitt, he said, including a new version of computer access and use and a university network policy. But he is not aware of any policies that cover these specific privacy issues, he said.

Ilia Murtazashvili, chair of the computer committee, faculty member of the Graduate School of Public and International Affairs, said the committee will seek the advice of the general counsel on the matter before its next meeting so that members can begin to think about actions in response to Doty’s concern.

Marty Levine is a staff writer for the University Times. Reach him on or 412-758-4859.

Have a story idea or news to share? To share it with the University Times.

Follow the University Times Twitter and facebook.

Leave a Comment