Privacy of Electronic Information and Information Technology Resources
Frequently Asked Questions
In section (1), on access by technicians and administrators that requires authorization for access, what is acceptable as written authorization? Is email ok?
The type of authorization required varies slightly for the different circumstances described in sections 1a through 1g. For those situations where written authorization is required, the University Information Policy Office requires the faxed or scanned copy of a letter. It should be on IU letterhead if from an official of the university and you should retain the original copy for your records. Email is not accepted without prior approval.
In section (2), on "Notification", when the policy says that "reasonable efforts" will be made to notify the individual of access, what does that mean?
Typically, this means the person accessing the data or requesting access to the data attempts to contact the individual via email and phone, or in the case of someone no longer associated with the university, the last known mailing address.
How are preserved materials that are no longer needed to be destroyed in a secure manner?
Material on paper or other physical media should be physically destroyed by shredding. Magnetic media may be wiped and reused. The University Information Security Office has a page on secure