An institution investigating an internal data breach has a dilemma. "If I call you and say, 'We're going to look through your email because we think you did something wrong,' you may go and clean up the evidence," said Mike Corn, chief privacy and security officer at the University of Illinois in Urbana-Champaign.
"If there's an investigation going on that's sensitive and could involve unethical behavior, does our obligation to treat you respectfully trump our obligations to the investigation?" Corn asked.
"That's a very nuanced and difficult question to answer without a specific context," he continued, "but it goes to the heart of the Harvard matter."
In explaining why she failed to report the two searches when contributing to the March 11 apology statement, Hammond said she failed "to recollect the additional searches."
That's disquieting, said Robert L. Shibley, senior vice president for the Foundation for Individual Rights in Education (FIRE) in Philadelphia. "If that's true, that's very disturbing," he told CSO. "What it suggests is that reading emails at Harvard is so common that it's not even worth remembering."
"I would like to think that if a university is going to be scanning emails that would be unusual enough that you'd remember all the investigations that you've done," Shibley added.
Sign up for MIS Asia eNewsletters.