In 2016, two faculty members at the University of Rochester filed a sexual harassment complaint against their colleague T. Florian Jaeger.

The two faculty members, Richard Aslin and Jessica Cantlon, said they were whistle-blowers, acting to protect their students from a potentially predatory professor. They expected support from their institution, but, they said, they didn't get it.

After insisting that the university’s two internal investigations into Jaeger (which both found no evidence of wrongdoing) had been flawed, Aslin and Cantlon said the university administration turned on them.

Both faculty members had their university email accounts searched by administrators in an apparent attempt to find information that might be used to discredit them, they said.

The searches took place without their knowledge or consent and were likely in violation of the university’s IT privacy policy, said Aslin.

“Of course, the university has the authority to look at emails under appropriate circumstances, such as if there were suspicion of a crime, but we were whistle-blowers,” said Aslin. He described the email search as a “creepy” invasion of privacy with “no good cause.”

Perhaps more troubling than the search was what the institution did with the messages, said Cantlon.

Cantlon only found out that her email had been searched after her department chair, Greg DeAngelis, confronted her with a pile of printouts containing messages between Cantlon and several colleagues that criticized the way DeAngelis had handled Jaeger.

Cantlon said she couldn’t think of a good reason why DeAngelis would have been forwarded these emails, other than in an attempt to try to sour their relationship and create tension in the department. “It was malicious and underhanded,” said Cantlon.

Both Cantlon and Aslin were involved in filing a complaint with the U.S. Equal Opportunity Employment Commission late last summer, and they recently filed an associated lawsuit against Rochester for sexual harassment-related retaliation.

An independent report into the university’s handling of the Jaeger case suggested that the institution should review its procedures for searching faculty email accounts, noting that news of searches conducted on Aslin and Cantlon’s email had “upset and concerned many members of the university community.”

As a private institution, Rochester has a lot of autonomy over its technology privacy rules. All employers have the right to check their employees’ business-related email accounts. But most higher education institutions (including Rochester) pledge to only do this in special circumstances, such as if there is a security threat or suspicion that someone has committed a crime.

The Faculty Senate recently published a series of recommendations for the university’s email search policy. Sara Miller, a university spokeswoman, said the institution would “undoubtedly incorporate” many of the recommendations in the report, pending review by various committees.

One of the key recommendations in the Faculty Senate report is the creation of an independent body that will review all requests to conduct an email search. The authors of the recommendations declined to comment for this article, but wrote in their report that this step would be essential to restore trust between faculty members and the university administration. The independent body will ideally include faculty or student representation as appropriate.

Aslin said he felt the creation of such a body would be a positive step, but he wondered how truly independent it would be. He noted he felt there was presently “too much authority” in the hands of senior administrators and the university’s legal counsel.

Henry Reichman, first vice president of the American Association of University Professors and a professor at California State University East Bay, said that he liked the idea of faculty members being involved in email search decisions, as they understand the importance of defending academic freedom.

“Faculty members need a reasonable degree of assurance on privacy to do their work. It’s hard for me to imagine how you could securely do research and teaching if your communications are subject to search without due process,” said Reichman.

Reichman said he would like to see institutions treat email with as great a degree of confidentiality as they would regular mail. He added that there had been a tendency in the last few decades for higher education institutions to “act as if they are businesses and corporations” rather than collaborative places of learning.

Sharon Pitt, vice president for information technologies and chief information officer at the University of Delaware, is co-chair of Educause’s Higher Education Information Security Council -- which provides example IT privacy policies to higher education institutions.

But Pitt notes that every institution has to tailor its policy to its own needs. There are different considerations for public and private institutions, for example, as public institutions are more beholden to state laws.

The best privacy policies balance trust and responsibility, said Pitt. One way to promote trust is to be transparent. It’s not reasonable to tell your faculty members that you’ll never search their email, she said -- you might have to if there is an emergency or legal proceeding you must comply with. “You need to set up clear expectations,” said Pitt.

Faculty members at Rochester are certainly not the first to be upset by administrators searching their emails. In 2013, Harvard University academics were rocked by the news that their administrators had searched the email accounts of 16 resident deans, looking for the source of a leak to journalists regarding a cheating scandal. At the time, the institution defended its decision. Similarly at the University of California system, professors were alarmed to hear about the installation of an invasive system to monitor computer networks. The university system said that it was not routinely checking anyone's emails but needed better systems to fend off hacking attacks on the university system's numerous accounts.

Regardless of the strength of an institution’s privacy policy, Cantlon said she worried there was a lack of accountability for institutions that break their policies. She noted that in the future, she would be reluctant to rely on any technology provided by an institution.

But Steve McDonald, general counsel at the Rhode Island School of Design, warned that even if you stick to communicating through private email accounts, all communications could be discoverable through litigation. “You can never assume that you are protected by not using the official system,” he said.

As some general advice, McDonald recommends that faculty members treat electronic communications as seriously as formal written documents. “Casual language can be easily misinterpreted; it’s always advisable to stick to nouns and verbs -- be factual and don’t speculate.”