Evelynn M. Hammonds, dean of Harvard College, has stepped down. Earlier, she took responsibility for the inspection of network flow logs of Harvard College deans, and later, content of the one who forwarded the message about academic integrity concerns to the Boston Globe. In response, I have a feeling, a story and an adage.
The feeling: I feel badly for Dr. Hammonds. I think think she has done the right thing by stepping down. I think she jumped to technology in the frustration of the moment. But I feel for her because the combination of technology, law and policy has taken more than one person by surprise … why not the Dean of Harvard College? She becomes a lesson to us all that policy matters.
The story: A few years ago, an information technology programmer analyst inadvertently caused for the disclosure of many employees personally identifiable attributes. Almost immediately, the University Auditor sent a message to senior cabinet members, signaling the notification required under New York State Breach Notification Law. The next morning the Ithaca Journal, the municipal equivalent of the Boston Globe, had a story about the breach that included a verbatim paragraph of the Auditor's message. Not for one moment did University Officials suggest the jump to inspect network flow logs in an attempt to identity the person in the senior administration who had forwarded the message.
Why not? There may be many reasons, but one of which is that the university, not just the faculty, had an institution-wide policy  regarding the conditions under which, first network flow logs are inspected or emails disclosed . A central policy office is a blessing and curse. In this kind of moment, it is a blessing. We have not only created a policy that applies to the community at large, not just faculty, but is promulgated and accessible to students, faculty and staff, and has contributed to a culture of trust around the community about the inspection, access and disclosure of electronic mail around the university.
The adage: Policy Matters. When I first assumed this position, people whom I met at cocktail parties would abandon me when they heard my title, "Director of IT Policy." The brave or curious asked, "Do you read my email?" They were more than semi-serious. As a university-wide process, policy matters at Cornell. Not merely as risk management, as so many of the least informed about the value of policy have come to treat it. Not merely as rules, as most people assumed was the singular case all along. But as education. As culture. Policy matters because it creates trust. That quality undergirds the missions of not-for-profit higher education.