- Defining the Privacy Scope
- How Do I Get Started Understanding Privacy?
- What if I Need Advice or Help with Privacy?
- How do I Report Privacy Breaches or Concerns?
- Resources Cited
The Chief Privacy Officer role was created at IU in 2010 and placed in the office of the Executive Vice President for University Regional Affairs, Planning, and Policy, as part of the new Public Safety and Institutional Assurance team. The charge to the Chief Privacy Officer is to provide executive leadership and expert oversight for the development of an integrated and comprehensive privacy program, based on defined privacy principles and unified with the security program.
The Chief Privacy Officer's overarching goal is to build a program that will:
- protect the organization and the members of its community (employees, students, alumni, donors, visitors)
- from security and privacy harms resulting from inappropriate use or handling of information
- while still enabling widespread and appropriate use of that information in pursuit of institutional and personal goals
Most current definitions of privacy by the "privacy profession" are limited to the privacy of information, for example:
"Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." (Westin 7)
"Privacy [is] the appropriate use of personal information under the circumstances. What is appropriate will depend on context, law, and the individual's expectations; also, [privacy is] the right of an individual to control the collection, use, and disclosure of personal information." (International Association of Privacy Professionals)
"Privacy involves the policies, procedures, and other controls that determine which personal information is collected, how it is used, with whom it is shared, and how individuals who are the subject of that information are informed and involved in this process." (Steinfeld and Archuleta)
The Chief Privacy Officer leads and focuses on issues of information privacy, university-wide. Information privacy is enhanced through the application of Fair Information Practice Principles (Federal Trade Commission), principles outlined in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (Organisation for Economic Co-operation and Development), and Generally Accepted Privacy Principles (American Institute of Certified Public Accountants).
Information privacy initiatives overlap with the role of the Chief Security Officer in matters of information and information technology security, and thus, these two positions coordinate efforts closely. Although specialized expertise and activities remain separately administered by the two positions, information security and information privacy efforts converge into one Information Security and Privacy Program (ISPP) and we strive to present them seamlessly to the IU community.
Physical privacy, including measures that protect the safety of persons, maintain modesty (for example, in restrooms and dressing rooms, and inappropriate video surveillance), limit the searching of private possessions, and prevent unwelcome access to personal property (such as homes and vehicles), is addressed as resources allow. Since this area overlaps significantly with the role of the Chief Security Officer and with the IU Police Department, the Chief Privacy Officer serves as needed as a consulting member of a team addressing physical privacy issues.
Once E Training launches, pick "Register for Courses." Choose "University-wide," then "University Privacy Office." Pick a course and take it. You can take them all if you like. They need not be taken in any particular order.
2. Review the Privacy Harms.
This will help you understand why there may be privacy issues with your process, service, or project, and will help you identify what those harms may be.
3. Review the Privacy Principles.
Use these principles to brainstorm how to address any privacy harms you identified. In nearly every situation, you should be able to identify one or more actions you could take to appropriately address any privacy issues, while still achieving your business goal.
You may email firstname.lastname@example.org with any general questions about privacy at IU.
The privacy function is coordinated closely with the University Information Policy Office (UIPO). IU has two Certified Information Privacy Professionals (CIPP) available to assist you. IU also has specialists in specific areas of privacy, including several in the area of health information privacy, and we will connect you with a specialist, or a lawyer in the Office of the Vice President and General Counsel, if your issue requires this specialized expertise.
Please see the page on instructions for reporting incidents at IU, including privacy breaches or concerns.
- American Institute of Certified Public Accountants, Inc. (AICPA) and Canadian Institute of Chartered Accountants (CICA). Generally Accepted Privacy Principles. August, 2009. Web.
- Federal Trade Commission. Fair Information Practice Principles. Web.
- International Association of Privacy Professionals (IAPP). IAPP Information Privacy Certification Glossary of Common Privacy Terminology. 2011. Web PDF file listed as "CIPP Glossary of Terms."
- Organisation for Economic Co-operation and Development (OECD). OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. 1980. Web.
- Steinfeld, Lauren, and Kathleen Sutherland Archuleta. "Privacy Protection and Compliance in Higher Education: The Role of the CPO." EDUCAUSE Review 41, no. 5 (September/October 2006): 62–71.
- Westin, Alan. Privacy & Freedom. New York: Atheneum , 1967.