- How do we define "privacy"?
- Who oversees privacy protection at IU?
- How can I get training and learn more about privacy at IU?
How do we define "privacy"?
Most current definitions of privacy are limited to the privacy of information. For example:
- "Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others."1
- "Privacy [is] the appropriate use of personal information under the circumstances. What is appropriate will depend on context, law, and the individual's expectations; also, [privacy is] the right of an individual to control the collection, use, and disclosure of personal information."2
- "Privacy involves the policies, procedures, and other controls that determine which personal information is collected, how it is used, with whom it is shared, and how individuals who are the subject of that information are informed and involved in this process."3
IU’s privacy program places emphasis on privacy of information and also provides consulting support for physical privacy issues as needed.
Who oversees privacy protection at IU?
At IU, the Information Security and Privacy Program (ISPP) is directed by both the Chief Security Officer and the Chief Privacy Officer. These offices are part of Public Safety and Institutional Assurance at IU and jointly report to the Office of the Executive Vice President for University Academic Affairs (OEVPUAA) and the Office of the Vice President for Information Technology and Chief Information Officer.
The Chief Privacy Officer leads a system-wide program at IU of data privacy compliance, ranging from student, financial, and research data to health-based records for medical education, clinical trials, and patient care. Information privacy is enhanced through the application of Fair Information Practice Principles4, principles outlined in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data5, and Generally Accepted Privacy Principles6.
Information privacy initiatives overlap with the role of the Chief Security Officer in matters of information and information technology security, and these two positions coordinate closely. Although specialized expertise and activities remain separately administered by the two positions, information security and information privacy efforts converge into one Information Security and Privacy Program (ISPP) and we strive to present them seamlessly to the IU community.
Information privacy initiatives include concerns pertaining to personal information in electronic form as well as in other media.
Physical privacy — including measures that protect the safety of persons, maintain modesty (for example, in restrooms and dressing rooms, and inappropriate video surveillance), limit the searching of private possessions, and prevent unwelcome access to personal property (such as homes and vehicles) — is addressed as resources allow. Since this area overlaps significantly with the role of the chief security officer and with the IU Police Department, the university's chief privacy officer serves as needed as a consulting member of a team addressing physical privacy issues.
In some cases, a privacy concern can represent a combination of both information and physical privacy. A couple of examples might be the possible use of drones on campus and the possible use of body-worn cameras by campus police. In both of these examples, there are surveillance and information dimensions to be considered.
How can I get training and learn more about privacy at IU?
1. Watch the Data Protection and Privacy Tutorial in Canvas.
- (Don't forget to confirm that you completed this tutorial by submitting the "quiz" at the end of it.)
Understand why there may be privacy issues with your process, service, or project, and identify what those harms may be.
3. Review the Privacy Principles.
Use these principles to brainstorm how to address any privacy harms you identified. In nearly every situation, you should be able to identify one or more actions you could take to appropriately address any privacy issues, while still achieving your business goal.
4. Contact us with questions.
If you need advice or assistance with privacy, email email@example.com.
The privacy function is coordinated closely with the University Information Policy Office (UIPO). IU has two Certified Information Privacy Professionals (CIPPs) available to assist you. IU also has specialists in specific areas of privacy, including several in the area of health information privacy, and we will connect you with a specialist, or a lawyer in the Office of the Vice President and General Counsel, if your issue requires this specialized expertise.
- Westin, Alan. Privacy & Freedom (New York: Atheneum, 1967), 7.
- International Association of Privacy Professionals (IAPP). IAPP Information Privacy Certification Glossary of Common Privacy Terminology. 2011. Web PDF file listed as "CIPP Glossary of Terms."
- Steinfeld, Lauren, and Kathleen Sutherland Archuleta. "Privacy Protection and Compliance in Higher Education: The Role of the CPO." EDUCAUSE Review 41, no. 5 (September/October 2006): 62–71.
- Federal Trade Commission. Fair Information Practice Principles. Web.
- Organisation for Economic Co-operation and Development (OECD). OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. 1980. Web.
- American Institute of Certified Public Accountants, Inc. (AICPA) and Canadian Institute of Chartered Accountants (CICA). RECORDS MANAGEMENT Integrating Privacy Using Generally Accepted Privacy Principles. August, 2009. Web.