- Privacy of electronic information and information technology resources: Policy IT-07
Read the policy: Policy IT-07: Privacy of Electronic Information and Information Technology Resources
Indiana University cherishes the diversity of values and perspectives inherent in an academic institution and is therefore respectful of intellectual freedom and freedom of expression. The university does not condone censorship, nor does it endorse the routine inspection of electronic files or monitoring of network activities related to individual use.
At times, however, legitimate reasons exist for persons other than the account holder to access computers, electronic files, or data related to use of the university network, including but not limited to: ensuring the continued confidentiality, integrity, and availability of university systems and operations; securing user and system data; ensuring lawful and authorized use of university systems; providing appropriately de-identified data for institutionally approved research projects; and responding to valid legal requests or demands for access to university systems and records.
This policy seeks to balance individual freedom and privacy with the need for access by persons other than the account holder when necessary to serve or protect other core values and operations within the university or to meet a legal requirement.
- Website privacy notices: Policy ISPP-24
Read the policy: Policy ISPP-24: Web Site Privacy Notices
Access the Website Privacy Notice Generator
This application works by asking you a series of questions about your department or unit's privacy practices with regard to your website, and then using your answers to customize a privacy notice for you based on our template.
A website privacy notice (or privacy statement) is a public description of an organization's information management practices with respect to information collected by the organization's website. Such notices serve two purposes:
- educating your visitors and users
- institutional accountability
Notification of privacy practices is a basic principle of good information management, and builds visitor confidence. Furthermore, the process of creating and maintaining a privacy notice requires website content owners and site managers to understand their information-handling practices and may reveal potential issues to be addressed.
The policy outlines Indiana University's philosophy concerning website privacy notices.
The Website Privacy Notice Generator, a web-based enterprise application, will guide you through a series of questions in order to produce a privacy notice for your site or application.
- Privacy complaints: Policy ISPP-27
Read the policy: Policy ISPP-27: Privacy Complaints
- Access to employment records
Read the policies: University Human Resources Staff Records Policies
University Human Resource Services oversees policy concerning the privacy of employment records. Since IU has many different types of employees in many different geographic locations, and since some types in some locations utilize collective bargaining, it is necessary for IU to have multiple policies concerning access to employment records.
- Confidentiality and privacy in research involving human subjects
Read the policies: Office of Research Compliance: Research Involving Human Subjects
Indiana University and its affiliates are dedicated to protecting the rights and welfare of human participants recruited to participate in research conducted under the auspices of these organizations.
All research conducted at Indiana University involving humans must be reviewed and approved by the research risk review boards. These boards review research plans and monitor ongoing research to insure full compliance with federal regulations and university policies.
Confidentiality and privacy requirements and procedures are addressed in IU’s Standard Operating Procedures for Research Involving Human Subjects. Section II addresses Confidentiality and Privacy.
- Student privacy & FERPA
Indiana University is committed to the protection and confidentiality of student educational records, adhering closely to the guidelines established by the Family Educational Rights and Privacy Act (FERPA).
- HIPAA Privacy and Security Compliance
- To learn more about the Health Insurance Portability and Accountability Act (HIPAA), visit the HIPAA Privacy and Security Compliance page on the University Compliance site.
- Video and electronic Surveillance
Read the policy: Policy PS-02: Video and Electronic Surveillance
See also the University-wide Policy on Unmanned Aircraft (Drones & Model Aircraft)
Submitting privacy complaints
Complaints focusing on any of the following areas may be submitted regarding: (i) IU’s privacy policies and procedures; (ii) compliance with those policies and procedures; (iii) concerns related to the use, disclosure and protection of personally identifiable information; or (iv) concerns related to physical privacy. All such complaints must contain a brief description of the surrounding circumstances as well as the alleged violation of policy, procedure, or legal requirement.
Individuals are encouraged to work directly with the management of the unit where the privacy concern is experienced. If the response by the unit is not satisfactory, individuals may report privacy complaints to the most relevant IU privacy official for the type of complaint; however, when in doubt as to which is the most relevant, complaints may be submitted to any of the university’s privacy officials. The receiving privacy official will transfer the complaint to the most relevant official as appropriate.
- Student records and FERPA: For complaints relating to student education records and/or FERPA-related issues, submit to the Registrar for the campus involved. See: How do I contact the Office of the Registrar at each IU campus? for a listing.
- Health and HIPPA: For complaints relating to health sciences and/or patient care and/or HIPAA-related issues, submit to the HIPAA Privacy Officer for the IU School or unit involved. If it is unclear as to what School or unit is involved, or if multiple Schools or units are involved, submit to the University HIPAA Privacy Officer. See HIPAA Compliance Contacts for a listing.
- Physical privacy: For physical privacy complaints, report to the unit, School, or campus facilities management office involved.
- Human subjects research: For privacy complaints relating to human subjects research, please contact the appropriate IU Institutional Review Board office (IRB).
For privacy complaints when it is unclear as to the most relevant privacy official, or area involved, or when multiple areas are involved, including those not relevant to the aforementioned privacy officials, report to the University Chief Privacy Officer at email@example.com.