Electronic Communications Policy Oversight Committee

The ECPOC was established in 2014 to address policy considerations arising in connection with the University Policy on Access to Electronic Information, and with making recommendations to the University President for improvements.

This faculty-led university-wide committee gathers input from key stakeholders to inform their review of and recommendations concerning the Policy. The Committee is focused on ensuring that appropriate systems are in place to safeguard confidentiality in electronic communications. The Committee is also a resource to provide feedback and guidance on privacy-related issues within Harvard University.

 

Stephen Chong, Chair (FAS, SEAS)

Tim Bowman (SEAS)

Angela Crispi (HBS)

John Goldberg (HLS)

Barbara McNeil (HMS)

Jeffrey Schnapp (FAS)

Latanya Sweeney (FAS)

Salil P. Vadhan (SEAS)

James Waldo (FAS, SEAS)

 

 

 

Brad Abruzzi (OGC)

Christian Hamer (HUIT)

Anne Margulies (HUIT)

Peggy Newell (Provost's Office)

Emily Vetter (Provost’s Office)

 

 

ECPOC Annual reporting summaries

2018-2019

  • Annual review of data searches echoed last year’s trend showing that most data search requests stemmed from legal process and litigation. This shift probably reflects improved processes for handling the electronic data of individuals.
  • The Committee discussed the Syllabus Explorer project and proposed a clear opt-out option for faculty.
  • The Committee advised HUIT on possible privacy issues related to its move of University’s emergency communications to a new platform that provides greater stability and enables messaging to mobile devices.
  • The Committee reviewed actions to blacklist certain email addresses sending fraudulent emails to the community and discussed the use of third-party platforms throughout the community.

2017-2018

  • During FY 18, the committee reviewed a total of 39 searches: 31 Legal Process & Litigation; 3 Internal Investigations of Misconduct; 2 Business Continuity; 1 Safety Matters; 1 Other; and 1 System Protection, Maintenance & Management.*
  • Annual review of data searches revealed that, while the number of searches was the same as for the previous year, there was a significant increase in requests stemming from legal process and litigation, and a reduction in requests related to business continuity. This shift probably reflects improved processes for handling the electronic data of individuals leaving the University.
  • Throughout the year, the Committee met with subject-area experts at the university to discuss the Canvas System and potential implications for student privacy.
  • The Committee reviewed archive practices for faculty emails and gift agreements and made recommendations for formalized procedures in relation to them.
  • In anticipation of the GDPR data protections taking effect in 2018, the Committee reviewed how these new rules might impact the Policy.
  • John Goldberg, Eli Goldston Professor at Harvard Law School, completed his service as chair of the committee since 2014. Stephen Chong, Gordon McKay Professor of Computer Science in the Faculty of Arts and Sciences, has been appointed as his successor.

 

*Definitions of search purposes are defined in the Policy on Access to Electronic Information as follows:

Business Continuity

User electronic information may be accessed for the purpose of ensuring continuity in business operations. This need can arise, for example, if an employee who typically has access to the files in question is unavailable due to illness or vacation.

Internal Investigations of Misconduct

The University may access user electronic information in connection with investigations of misconduct by members of the University community, but only when the authorizing person, after weighing the need for access with other University values, has determined that such investigation would advance a legitimate institutional purpose and that there is a sufficient basis for seeking such access.

Legal Process and Litigation

The University may access user electronic information in connection with threatened or pending litigation, and to respond to lawful demands for information in law enforcement investigations, other government investigations, and legal processes.

Safety Matters

The University may access user electronic information to deal with exigent situations presenting threats to the safety of the campus or to the life, health, or safety of any person.

System Protection, Maintenance, and Management

University systems require ongoing maintenance and inspection to ensure that they are operating properly; to protect against threats such as attacks, malware, and viruses; and to protect the integrity and security of information. University systems also require regular management, for example, in order to implement new software or other facilities. To do this work, the University may scan or otherwise access user electronic information.