Read IT-07: Privacy of Electronic Information and Information Technology Resources.
Privacy of Electronic Information and Information Technology Resources Frequently Asked Questions
ANSWER: The exact authorization requirements vary slightly for the different circumstances described in sections 1(a) through 1(g); however, the following should provide general clarity:
- (Preferred) Authorization may be provided via an S/MIME signed email directly from the authorizing official’s IU email account; or
- Authorization may be provided via an un-signed email (or FAX) if it includes the following:
- a scanned image of the authorization letter with the authorizer’s signature; and
- For 1(b) – 1(g): the letter must be on official IU letterhead from an IU email account.
You should retain the original copy of the authorization letter for your records.
ANSWER: A goal of Policy IT-07 is to balance the privacy of users with the need to access information in certain circumstances when it is appropriate to serve or protect other core values and operations of the university.
Therefore, access to information under provision 1(c) of Policy IT-07 should not be for mere convenience, but limited to situations where it is truly needed. It should also be indispensable or vital to the operation of the unit. Questions to ask: Will lack of access cause an operational crisis? Is access absolutely and unavoidably required by the unit?
In any case, this decision rests with the senior executive officer of the unit given the definition of “critical operational necessity” in the policy and the additional guidance provided in this FAQ.
Also, situations where this need arises should spur units to changes procedures so similar situations are not encountered in the future. For example, creating a departmental mailbox to which people are granted access as needed, or requiring the storage of departmental information in a shared area on the server address many situations.
ANSWER: Typically, this means the person accessing the data or requesting access to the data attempts to contact the individual via email and phone, or in the case of someone no longer associated with the university, the last known mailing address.
ANSWER: Material on paper or other physical media should be physically destroyed by shredding. Magnetic media may be wiped and reused. Read about secure data removal.
ANSWER: Immediately contact the Office of the Vice President and General Counsel.
ANSWER: For resources maintained by University Information Technology Services (UITS): send your request to it-incident@iu.edu.
For resources that are not maintained by UITS, direct your request to the technology director of the unit managing those resources.
Related Policies, Laws, and Documents
Responsible organization
- Office of the Vice President for Information Technology
- University Information Policy Office | it-incident@iu.edu
FAQ history
- Revised July 30, 2018
- Posted March 2, 2009
- Revised Fall, 2008
- Drafted December 7, 2007