Privacy

The Chief Privacy Officer role was created at IU in 2010 and placed in the office of the Executive Vice President for University Regional Affairs, Planning, and Policy, as part of the new Public Safety and Institutional Assurance team. The charge to the Chief Privacy Officer is to provide executive leadership and expert oversight for the development of an integrated and comprehensive privacy program, based on defined privacy principles and unified with the security program.

The Chief Privacy Officer's overarching goal is to build a program that will:

  • protect the organization and the members of its community (employees, students, alumni, donors, visitors)
  • from security and privacy harms resulting from inappropriate use or handling of information
  • while still enabling widespread and appropriate use of that information in pursuit of institutional and personal goals

Defining the Privacy Scope

Most current definitions of privacy by the "privacy profession" are limited to the privacy of information, for example:

"Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." (Westin 7)

"Privacy [is] the appropriate use of personal information under the circumstances. What is appropriate will depend on context, law, and the individual's expectations; also, [privacy is] the right of an individual to control the collection, use, and disclosure of personal information." (International Association of Privacy Professionals)

"Privacy involves the policies, procedures, and other controls that determine which personal information is collected, how it is used, with whom it is shared, and how individuals who are the subject of that information are informed and involved in this process." (Steinfeld and Archuleta)

Initially, the Chief Privacy Officer will lead and focus on issues of information privacy, university-wide. Information privacy is enhanced through the application of Fair Information Practice Principles (Federal Trade Commission), principles outlined in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (Organisation for Economic Co-operation and Development), and Generally Accepted Privacy Principles (American Institute of Certified Public Accountants).

Information privacy initiatives overlap with the role of the Chief Security Officer in matters of information and information technology security, and thus, these two positions will coordinate efforts closely. Ultimately, although specialized expertise and activities will remain separately administered by the two positions, information security and information privacy efforts will converge into one Information Security and Privacy Program (ISPP) and be seamlessly presented to the IU community.

Physical privacy, including measures that protect the safety of persons, maintain modesty (for example, in restrooms and dressing rooms, and inappropriate video surveillance), limit the searching of private possessions, and prevent unwelcome access to personal property (such as homes and vehicles), may be addressed in the future as resources allow. Since this area overlaps significantly with the role of the Chief Security Officer and with the IU Police Department, the Chief Privacy Officer will participate as needed, as a consulting member of a team addressing physical privacy issues.

How Do I Get Started Understanding Privacy?

  1. Review the Privacy Harms.

    This will help you understand why there may be privacy issues with your process, service, or project, and will help you identify what those harms may be.
  2. Review the Privacy Principles.

    Use these principles to brainstorm how to address any privacy harms you identified. In nearly every situation, you should be able to identify one or more actions you could take to appropriately address any privacy issues, while still achieving your business goal.

What if I Need Advice or Help with Privacy?

You may email privacy@iu.edu with any general questions about privacy at IU. The privacy function is administratively housed in the University Information Policy Office (UIPO) .

The UIPO has two Certified Information Privacy Professionals (CIPP) available to assist you. IU also has specialists in specific areas of privacy, including several in the area of health information privacy, and we will connect you with a specialist, or a lawyer in the Office of the Vice President and General Counsel, if your issue requires this specialized expertise.

How do I Report Privacy Breaches or Concerns?

Please see the page on instructions for reporting incidents at IU, including privacy breaches or concerns.

Resources Cited

The Privacy Blog

Privacy-related Blog Posts

  • April 27, 2012 at 4:08 PM

    • Introducing Domain 3: Organization (with special appearances by two VPs!)
    It's time to review Domain 3 of IU's Information Security and Privacy Program: Organization!
  • March 29, 2012 at 2:11 PM

    • Jobseekers getting asked for Facebook passwords
    An interviewee was astonished when, after discovering that an interviewer couldn't view his Facebook profile, he was asked to hand over his login information.
  • March 22, 2012 at 3:44 PM

    • Introducing Domain 2: Policy Administration
    It's time to review Domain 2 of IU's Information Security and Privacy Program: Policy Administration!
  • March 21, 2012 at 12:12 PM

    • FTC Commissioner to speak at IUB March 21
    Commissioner Brill will address the mission of the FTC, her own experiences at the Commission and, previously, in state attorneys general offices, with special regard for the challenge of protecting privacy in the face of dramatic technological change.

    Twitter Feed

    Follow Merri Beth Lavagnino, IU's Chief Privacy Officer and Compliance Coordinator