Data Privacy Policy

V-7. Data Privacy Policy

Given the possible application of professional duties of confidentiality, the confidential email, files, and other data of designated members of the School of Law community may not be examined for content nor disclosed without the prior approval of the Dean. Unless the university is legally required to do otherwise when information is sought by law enforcement authorities, the email, files, and other data of members of the School of Law community may be retrieved and examined only on the conditions and by the means specified in this policy.

A.        Designation of Members of the School of Law Community for Professional Confidentiality Protection

The Dean shall periodically forward to the Division of Information Resources and Technologies (IRT) a “designated confidentiality list” of the names of administrators, faculty, staff, students, and other members of the School of Law community whose email, files, and other data may be subject to professional duties of confidentiality. First, attorneys in the School of Law with a genuine need to maintain professional confidences may self-identify to the Dean to be included on the list. Second, an attorney who has self-identified may also submit the names of others who may provide support under that attorney’s supervision with professional duties. Third, attorneys may identify students who may be working on professional matters, including but not limited to law students in a law practice experience in the Legal Services Clinic of the Interprofessional Center. Because the duty to preserve professional confidences is ongoing, even after a representation or professional matter is concluded, once a member of the School of Law community has been included on the list, that name shall remain on the list until he or she requests removal, permanently leaves the community, or, in the case of law students, graduates.

B.        Confidentiality Protection for Designated Members of the School of Law Community

The email created or sent by, the files on computer hard-drives or servers, and other electronic data created, maintained, or transmitted by members of the School of Law community on the designated confidentiality list may be protected by professional confidences. For these persons and in their offices or work stations, email, files, and other data may not be examined for content or disclosed without prior notice to the responsible individual. If the person or the person’s supervisor then asserts professional confidentiality, the email, files, or other data may be accessed only by those who are part of the attorney-client or other professional relationship, with the exceptions noted below.

C.        Civil Subpoenas

If the university receives a civil subpoena requesting emails, files or other data for persons on the designated confidentiality list, the university will not respond without giving prior notice to the person. If the person or his or her supervisor then asserts a privilege or another legally-recognized rule of confidentiality, the email, files, or other data may not be examined for content or disclosed until there has been a reasonable opportunity to obtain a ruling on the privileged or otherwise legally-protected nature of the information from a court, administrative agency, or other legal tribunal.

D.        Need for Access in Cases of Alleged Serious Misconduct

In the event that a person on the designated confidentiality list is (1) suspected of serious misconduct in violation of university rules, (2) there is credible evidence to support the accusation of serious misconduct, (3) there is a substantial need to investigate whether additional evidence of that misconduct exists in that person’s email, files, or other data, and (4) that person after being given notice objects to retrieval and examination for content of email, files, or other data by asserting professional confidences, then the Dean of the School of Law may conduct that investigation, assisted by such others as the Dean may designate.

Another attorney in the School of Law community who has proper access to the same professional confidential information will be designated to review the email, files, or other data that are requested by the Dean unless there is no such attorney available. Otherwise, an in camera review of confidential documents may be conducted. The Dean or other person designated by the Dean to conduct the confidentiality review must be an attorney admitted to active practice, must be familiar with rules of professional responsibility, must have no conflict of interest with respect to the matters on which professional confidentiality is asserted, and must sign a confidentiality agreement promising that any email, files, or other data that are subject to professional confidences will be viewed only to the minimal extent necessary to confirm that they are subject to professional confidences and will not disclose any email, files, or other data subject to professional confidences. If the reviewer discovers relevant evidence of misconduct that is not subject to professional confidentiality, only that relevant evidence may be disclosed for use in the misconduct investigation. When email, files, or other data contain both content that is and is not subject to professional confidentiality, the reviewer may appropriately redact the confidential content and disclose the non-confidential content for use in the misconduct investigation, if such redaction fully protects the confidential content.

Nothing in this policy prevents the university from filing an action for a declaratory judgment or injunction in Hennepin or Ramsey County district court asking for a judicial in camera review of email, files, or other data over which a legally-recognized rule of confidentiality is asserted. 

E.        Access to Emails and Files for Technical Reasons

Nothing in this policy prevents IRT or other technology staff from obtaining appropriate access to servers, computers, networks, and other technology to ensure that they are working correctly, are secure, and for other proper technical reasons. Ordinarily, such access does not require obtaining access to the content of email, files, or other data. In the exceptional case in which technology staff need to access the content of email, files, or other data of a person on the designated confidentiality list, the responsible attorney must be notified in advance and given an opportunity to supervise. If part-time or student technology employees will be working in a setting where they could gain access to the email, files, or other data of a person on the designated confidentiality list, the responsible attorney should be notified in advance and given an opportunity to supervise. Technology staff shall be instructed on professional confidences and shall sign a confidentiality agreement promising to view the content of email, files, or other data only to the minimal extent necessary to perform their work and not to reveal that content to any other person inside or outside the university. The restrictions in this paragraph do not apply to classroom technology or computer labs in the School of Law.

F.         Copying and Securing Information

When destruction or loss of information is reasonably apprehended, this policy does not preclude copying and secure storage of the contents of email, files, or other data, without notice to the individual. However, access to the content of such copies and stored materials shall be in accordance with this policy. Preserved materials that are no longer needed must be destroyed in a secure manner.

Adopted by the Law Faculty, May 7, 2009
Revised by the Law Faculty, March 8, 2010

Other Policies in this section