Indiana University must balance individual freedom and privacy with the need to serve or protect other core values and operations within the university.
How can you strive to ensure a business process, service, or project is implemented in a way that reduces or avoids causing privacy harms, as much as feasible?
Consider and apply the following privacy principles, particularly related to interactions with individuals whose information is collected, used, disclosed and retained by Indiana University:
- Notice Principle
- Informs the individual about privacy policies and procedures and identifies the purposes for which the individual's information is collected, used, disclosed and retained (sometimes referred to as the Purpose Specification or the Openness Principle).
- Choice & Consent Principle
- Obtains implicit or explicit consent from the individual with respect to the collection, use, disclosure and retention of the individual's information, particularly if that information is to be used for a secondary purpose or disclosed to a third party (sometimes referred to as the Objection Principle).
- Collection Limitation Principle
- Collects only the information needed to achieve the purposes identified by the business unit in support of the university's mission, and as outlined in the notice.
- Use & Retention Principle
- Uses the individual's information only as outlined in the notice, and keeps the information only as long as necessary to fulfill the stated purposes.
- Disclosure Limitation Principle
- Discloses the information to third parties only as outl