Just kidding, that’s who Interim President Scott Coltrane and Interim General Counsel Doug Park hired to investigate me over the presidential archives, along with Hershner Hunter’s Amanda Walkup. President Schill and GC Kevin Reed have hired Edwin Harnden (http://www.barran.com/our-team/edwin-a-harnden/) and Shayda Le (http://www.barran.com/our-team/shayda-zaerpoor-le/) to investigate the professor over the blackface incident. They sure look…
Posts tagged as “Sharon Rudnick”
DENIED: So HLGR’s $25M loss to the family of dead smoker Michelle Schwarz stands:
Just kidding. I have no reason to think that noted big-tobacco lawyer Sharon Rudnick or her HLGR partner and zoning variance expert Jeff Matthews will ever again work for UO. And, in my opinion, the rumors that FAR Tim Gleason will be on the admin team are clearly anti-university. But negotiations between the administration and the GTFF…
Now that’s the last thing I expected from “AroundtheOops”. Has this whole damn university suddenly gone pinko? Where’s Sharon Rudnick when we need her? It sure didn’t take Kyle Henley and Greg Bolt long to make UO’s Official Organ way more interesting. Essential, even. Fortunately it doesn’t seem to be cutting into my…
10/8/2015: This is from the trial transcripts, which I’m slowly getting through:
8/4/2015: UO administrator accessed employee email account without notice
Here’s the description of recent events, from an anonymous correspondent:
Administrators Are Permitted to Monitor Emails without Notice or Authorization
Consider the following scenario: Alice,* a staff member with a disability, has been ordered by her doctors to utilize her federally protected leave in order to recover from symptoms emerging from a potentially hostile work environment. Alice has been in contact with the Union, who are investigating the climate at her department for possible discrimination.
While Alice is away in recovery, Bob,* her supervisor and a department administrator, somehow acquires full access to all of Alice’s emails. Bob does not notify Alice that he intends to access her information, nor does he seek authorization from Information Security, General Counsel, or the Union. Rather, Bob simply unilaterally seizes full, unsupervised, and ongoing access to the entirety of Alice’s email account, including her correspondences with the Union.
Such an obvious conflict of interest and invasion of privacy would seem ludicrous if it wasn’t for the fact that it recently occurred at the University of Oregon.
As soon as this data breach came to light, the Union contacted UO’s Chief of Information Security Officer (CISO) to clarify what exactly the criteria were for an administrator gaining access to an employee’s email. The CISO responded that the UO does not offer “wholesale access to another employee’s email.” There would have to be a “specific request” driven by a “business need” and submitted through the proper channels. If such criteria are met, then Information Security will attempt to provide the specific information, and only that information, which was requested. The CISO continued, “The only time we would give over all email would be in the case of a subpoena or other legal request.”
Under such criteria, Bob had obviously violated university policy by accessing and monitoring all of Alice’s emails during her absence from the office. The Union reported the data breach immediately, in conformity with the newly minted executive policy on Data Security Incidence Response.
A few weeks later, the Union inquired with the Director of Employee & Labor Relations (DLR) at Human Resources to inquire after the progress of the investigation. What a difference a few weeks can make! The DLR responded that there had been no violation of policy, because UO in fact has no policy at all restricting administrator access to an employee’s email.
The Union reached out again to the CISO to clarify. The CISO responded that he believed that the situation was handled poorly, and that he did not believe that Bob was “philosophically” justified in accessing Alice’s data. Unfortunately, he admitted, there are no “specific policies” in place at UO at present to prevent, discourage, or reprimand an administrator who unilaterally decides that they have a “business need” to access and monitor an employee’s personal data without their prior knowledge or consent. Obviously, if the University were using software similar to a keylogger (pcTattletale explain what a keylogger is here if you are unfamiliar) then they would need a policy in place but as he has directly accessed the emails, there is less of a need for a policy, although there still is one.
The CISO seemed as disturbed by this state of affairs as the Union, noting that it “raises a need for a procedure to be put in place regarding access to an employee’s email account” and that he “intend(s) to write up a procedure for situations like this” which will “hopefully alleviate situations like this in the future by providing a standard process.”
The Union applauds the CISO’s pledge to put policies in place that will provide the necessary checks and balances to reign in administrators who feel justified in violating their employee’s privacy at will.
The response at HR has been less encouraging however. As of this writing, the DLR has chosen to fully back management in this matter. Amazingly, rather than stand up for the rights of one of the most vulnerable members of the UO community in a case of discrimination, harassment, and gross invasion of privacy, HR has chosen instead to escalate the harassment by pursuing disciplinary action against Alice on behalf of Bob.
And as of this writing, Bob still retains full access to Alice’s email.
So, until the new policies are in place, be careful what you write and who you write it to.
* All names have been changed.
It’s more than two years since I started the thread below, trying to find out UO’s policy for email monitoring and access. Page down for the entire history. Obviously there are situations when supervisors need access to an employee’s email, e.g. a public records request or a court order, an emergency illness or death, etc. On the other hand there are situations where that access would be very problematic, e.g. like that above, or when an employee has a complaint about the supervisor, or has used UO email to contact a doctor or counselor or lawyer, etc. So most universities have a sensible policy along the lines of UC’s, here:
An electronic communications holder’s consent shall be obtained by the
University prior to any access for the purpose of examination or disclosure of the
contents of University electronic communications records in the holder’s
possession, except as provided for below. …
1. Authorization. Except in emergency circumstances (as defined in Appendix
A, Definitions) in accordance with Section IV.B.2, Emergency
Circumstances, or except for subpoenas or search warrants in accordance with
Section IV.B.6, Search Warrants and Subpoenas, such actions must be
authorized in advance and in writing by the responsible campus Vice
Chancellor or, for the Office of the President, the Senior Vice President,
Business and Finance (see Section II.D, Responsibilities).1
This authority may not be further redelegated. Authorization shall be limited to the least perusal of contents and the least action necessary to resolve the situation. …
3. Notification. The responsible authority or designee shall at the earliest
opportunity that is lawful and consistent with other University policy notify
the affected individual of the action(s) taken and the reasons for the action(s)
taken.
Each campus will issue in a manner consistent with law an annual report
summarizing instances of authorized or emergency nonconsensual access
pursuant to the provisions of this Section IV.B, Access Without Consent,
without revealing personally identifiable data.
UO’s policy is here. It’s not as cogent, but it also seems to ban the sort of blanket access that is described above. And UO IT also passes on the following helpful advice, here:
- Never share your password with anyone. This includes your supervisor, co-workers, and IT staff.
- There may be some destinations (such as China, Russia, and other areas overseas) where it may be difficult or impossible to prevent your computer from being attacked and electronically compromised.
China and Russia indeed.
8/2/2013: UO has no policies limiting which administrators can read your email or monitor your web use, or why. From Dave Hubin’s PRO:
9/30/2015: Eugene’s 4J school system let HLGR keep the $19K they had billed before they mistakenly sent the RG the school board’s “confidential” emails about the Berman firing. But if I interpret this correctly, 4J now has replaced HLGR with local law firm Luvaas Cobb: The District paid $18,532 in legal costs and fees…
9/25/2015: Rumor down at the faculty club is that Richard Lariviere is back in town for a few days. After today’s events, it must seem like nothing’s changed. Maybe he’ll give Mike Schill some advice about how to deal with the UO General Counsel’s office.
9/18/2015: Governor Brown releases Kitzhaber emails on Lariviere firing
5/7/2015 update: Edward Russo has the latest on HLGR’s accidental transparency here, complete with this classic quote: “We deeply regret that appearance of a lack of transparency,” board member Beth Gerot said. It’s a little difficult for me to wrap my head around the idea that 4J is still paying HLGR after the…
No I don’t meet another zip drive of public records. I mean the Oregon Supreme Court case on the 2013 PERS reforms. Laura Gunderson of the Oregonian has the details on today’s OSC ruling here: The Oregon Supreme Court issued a ruling on Thursday harkening back to a basic playground rule: If you…
4/20/2015: The original title of this post was Klinger says archivists “resigned”, Coltrane got Rudnick to rewrite Walkup’s report on Archives release, no followup from Coltrane on deleted docs. As explained below, on 4/3/2015 I retracted my statement that Interim President Coltrane got Sharon Rudnick to rewrite Amanda Walkup’s report on…
4/20/2015 update: Please see the retractions posted at https://uomatters.com/2015/04/archivists-resign-coltrane-got-sharon-rudnick-to-write-report-on-presidential-archives-release.html 4/15/2015 PM update: I’ve made a public records request to UO, in an effort to obtain some hard data and get to the bottom of all this back and forth between Mr. Gary and me: From: Bill Harbaugh <[email protected]> Subject: PR request,…
Is Mr. Gary actually representing Interim President Coltrane, or has he gone rogue? My post and Mr. Gary’s defamation lawsuit threat here. Potential conflict of interest for Mr. Gary’s representation of UO in this matter here. So let’s find out if Bill Gary is really representing Scott Coltrane in this threat to sue…
The Oregon state bar incorporates model language from the ABA in its “Rules of Professional Conduct“: RULE 1.7 CONFLICT OF INTEREST: CURRENT CLIENTS (a) Except as provided in paragraph (b), a lawyer shall not represent a client if the representation involves a current conflict of interest. A current conflict of…
Makes sense, it would be a conflict of interest for UO’s Interim GC Doug Park to let Randy Geller get too close to this one. Seems like a lot of lost billable hours though, I wonder how Geller is making it up for Sharon Rudnick and the other HLGR shareholders? The victim’s…
Update: Looks rainy, but there’s plenty of room inside the lobby, as the UO Coalition discovered last spring.
Coltrane could have settled this a month ago and saved our department heads a lot of time, and the GTFF a lot of megaphone batteries. But no:
Thanksgiving Day Update: 62-year-old university president fails at ultimatum bargaining with 25-year-old students. His lawyers cash in again.