Harvard’s Search of Staff E-Mail Sparks Questions About Policies Nationwide

Photo by Daniel Loiselle

Harvard University (Photo by Daniel Loiselle)

The revelation that Harvard University secretly looked at the e-mail inboxes of 16 resident deans in the wake of last year’s cheating scandal has led to outrage among some of its professors, with prominent faculty members taking to the Internet to vent their frustrations.

But what expectations of privacy should university employees have when it comes to their work e-mail accounts?

From a strictly legal standpoint, employees generally do not have a right to privacy when using their employers’ computers or e-mail services, legal experts say. Individual policies may offer some protections, but there is nothing illegal about an employer’s reading e-mail messages sent through its own systems or networks.

The criticism at Harvard thus focuses not on privacy laws but privacy policies—and on the difference between how university employees and university faculty members are treated.

Harvard’s employee policy states that the university has “ownership over, and the right to obtain access to, the systems and contents” of its employees. The broad policy states that “electronic files, e-mail, data files, images, software, and voice mail may be accessed at any time by management or by other authorized personnel for any business purpose.”

The faculty version of the policy is more restricted and offers more protections, including that each faculty member whose e-mail is to be searched must receive prior notification of the plan. Most of the residential deans did not receive word of the searches until months later, when The Boston Globe questioned Harvard officials about the incident last week.

In a statement released on Monday, Harvard explained that the searches consisted only of looking at e-mail messages’ subject lines and that the inquiry was limited to the resident deans’ administrative e-mail accounts, which are separate from their general Harvard e-mail accounts and are intended only for Harvard business.

The distinctions between employees and faculty members, between subject lines and message contents, and between private and public universities make e-mail privacy a confusing aspect of professorial policies, said Robert M. O’Neil, founding director of the Thomas Jefferson Center for the Protection of Free Expression and a former president of the University of Virginia.

Without any kind of general policy across the board, it all comes down to individual expectations, he said. If a university gives its employees reason to expect more privacy, then that university should usually honor that expectation.

“At the same time, the guidance that we have from various courts seems to suggest that an employer does have some degree of access to an employee’s routine communications,” Mr. O’Neil said. “It’s still very much in flux and is a highly confusing field.”

Further complicating the matter are the differences between public and private universities. Public universities must honor Freedom of Information Act requests, and that includes correspondence through university e-mail. Though some states have exceptions for e-mail containing sensitive research information, academic freedom—a concept often cited by Harvard’s critics—is not typically listed as a reason to deny a request under the Freedom of Information Act.

In theory, a public-university professor’s inbox is just as fair game as a government official’s. If the public has the right to your inbox, why wouldn’t your employer?

“All of that arises in the uniquely public context, and Harvard is about as private as you can get,” Mr. O’Neil said. “So I think it’s a dramatic difference and a critical distinction.”

Mr. O’Neil, who attended Harvard in the 1950s, said that much of the outrage is an overreaction, but that the basic privacy concerns are valid and that the university should have handled the situation with more sensitivity. He said he hopes that Harvard can take any lessons learned from the experience and create a stronger policy—one that can be emulated elsewhere in academe.

“This was not an outrageous invasion of professorial privacy, but it was undoubtedly not Harvard’s finest moment,” Mr. O’Neil said. “I think it is high time now for Harvard to take the lead and create a model policy for independent or private institutions.”

Correction (3/12/2013, 8:23 p.m.): This article originally misstated when the resident deans found out their e-mail accounts had been searched. The dean who had leaked a message about a cheating scandal was told of the search soon after it happened last fall. The other deans did not find out about it until last week. The article has been updated to reflect this correction.

Return to Top