Indiana University has adopted privacy-related policies and procedures applicable to all members of the university community and strives to implement safeguards to address privacy issues consistent with the university mission and environment, applicable legal requirements and professional standards, generally accepted privacy norms, and available resources.
Privacy is a broad topic, and there are multiple privacy policies at IU, each addressing specific uses, activities, or types of information. The information below contains links to specific policies and departments.
For direct data privacy questions or concerns, contact the Chief Data Officer at firstname.lastname@example.org
For general privacy questions or concerns, contact the Chief Privacy Officer at email@example.com.
Indiana University cherishes the diversity of values and perspectives inherent in an academic institution and is therefore respectful of intellectual freedom and freedom of expression. The university does not condone censorship, nor does it endorse the routine inspection of electronic files or monitoring of network activities related to individual use.
At times, however, legitimate reasons exist for persons other than the account holder to access computers, electronic files, or data related to use of the university network, including but not limited to: ensuring the continued confidentiality, integrity, and availability of university systems and operations; securing user and system data; ensuring lawful and authorized use of university systems; providing appropriately de-identified data for institutionally approved research projects; and responding to valid legal requests or demands for access to university systems and records.
This policy seeks to balance individual freedom and privacy with the need for access by persons other than the account holder when necessary to serve or protect other core values and operations within the university or to meet a legal requirement.
This application works by asking you a series of questions about your department or unit's privacy practices with regard to your website, and then using your answers to customize a privacy notice for you based on our template.
A website privacy notice (or privacy statement) is a public description of an organization's information management practices with respect to information collected by the organization's website. Such notices serve two purposes:
educating your visitors and users
Notification of privacy practices is a basic principle of good information management, and builds visitor confidence. Furthermore, the process of creating and maintaining a privacy notice requires website content owners and site managers to understand their information-handling practices and may reveal potential issues to be addressed.
The policy outlines Indiana University's philosophy concerning website privacy notices.
The Website Privacy Notice Generator, a web-based enterprise application, will guide you through a series of questions in order to produce a privacy notice for your site or application.
University Human Resource Services oversees policy concerning the privacy of employment records. Since IU has many different types of employees in many different geographic locations, and since some types in some locations utilize collective bargaining, it is necessary for IU to have multiple policies concerning access to employment records.
Indiana University and its affiliates are dedicated to protecting the rights and welfare of human participants recruited to participate in research conducted under the auspices of these organizations.
All research conducted at Indiana University involving humans must be reviewed and approved by the research risk review boards. These boards review research plans and monitor ongoing research to insure full compliance with federal regulations and university policies.
Complaints focusing on any of the following areas may be submitted regarding: (i) IU’s privacy policies and procedures; (ii) compliance with those policies and procedures; (iii) concerns related to the use, disclosure and protection of personally identifiable information; or (iv) concerns related to physical privacy. All such complaints must contain a brief description of the surrounding circumstances as well as the alleged violation of policy, procedure, or legal requirement.
Individuals are encouraged to work directly with the management of the unit where the privacy concern is experienced. If the response by the unit is not satisfactory, individuals may report privacy complaints to the most relevant IU privacy official for the type of complaint; however, when in doubt as to which is the most relevant, complaints may be submitted to any of the university’s privacy officials. The receiving privacy official will transfer the complaint to the most relevant official as appropriate.
Health and HIPAA: For complaints relating to health sciences and/or patient care and/or HIPAA-related issues, submit to the HIPAA Privacy Officer for the IU School or unit involved. If it is unclear as to what School or unit is involved, or if multiple Schools or units are involved, submit to the University HIPAA Privacy Officer. See HIPAA Compliance Contacts for a listing.
Physical privacy: For physical privacy complaints, report to the unit, School, or campus facilities management office involved.
Human subjects research: For privacy complaints relating to human subjects research, please contact the appropriate IU Institutional Review Board office (IRB).
For privacy complaints when it is unclear as to the most relevant privacy official, or area involved, or when multiple areas are involved, including those not relevant to the aforementioned privacy officials, report to the Chief Privacy Officer at firstname.lastname@example.org.