Privacy of Electronic Information and Information Technology Resources
University Information Policy Office, firstname.lastname@example.org
This policy applies to all authorized users of Indiana University information technology resources, irrespective of whether those resources or data are stored on or accessed from on-campus or off-campus locations. Unauthorized users are not protected by this policy.
Stored electronic files and voice and data network communications may not be accessed by someone other than:
except in certain limited circumstances in which access is appropriate to serve or protect other core values and operations within the university as outlined in this policy. In accessing or granting access to electronic information and information technology resources, university personnel will comply with all applicable laws and university policies.
Indiana University cherishes the diversity of values and perspectives inherent in an academic institution and is therefore respectful of intellectual freedom and freedom of expression. The university does not condone censorship, nor does it endorse the routine inspection of electronic files or monitoring of network activities related to individual use. At times, however, legitimate reasons exist for persons other than the account holder to access computers, electronic files, or data related to use of the University network, including but not limited to: ensuring the continued confidentiality, integrity, and availability of university systems and operations; securing user and system data; ensuring lawful and authorized use of university systems; providing appropriately de-identified data for institutionally approved research projects; and responding to valid legal requests or demands for access to university systems and records. This policy seeks to balance individual freedom and privacy with the need for access by persons other than the account holder when necessary to serve or protect other core values and operations within the university or to meet a legal requirement.
This policy covers:
A technician or administrator may access or permit access to specific information technology resources and electronic information as defined in this policy, in any of the following circumstances, if the technician or administrator:
A technician or administrator accessing information covered by this policy shall make reasonable efforts to report such access to the affected individual prior to that access, except:
Where prior notification is not appropriate or practical, reasonable efforts will be made to notify the affected individual as soon as possible following access unless other circumstances make follow-up notification inappropriate.
The copying and secure storage of the contents of an individual's email, other computer accounts, office computer, or transient network traffic to prevent destruction and loss of information may occur
Access to such copies and stored materials shall be in accordance with this policy. Preserved materials that are no longer needed must be destroyed in a secure manner.
Technicians or administrators do not require further authorization, within the scope of their legitimate university responsibilities, in any of the following circumstances:
Indiana University will handle reports of misuse and abuse of information and information technology resources in accordance with existing policies and procedures issued by appropriate authorities. Depending on the individual and circumstances involved this could include the offices of Human Resources, Vice Provost or Vice Chancellor of Faculties (or campus equivalent), Dean of Students (or campus equivalent), Office of the General Counsel, and/or appropriate law enforcement agencies. See policy IT-02, Misuse and Abuse of Information Technology Resources for more detail.
Failure to comply with Indiana University information technology policies may result in sanctions relating to the individual's use of information technology resources (such as suspension or termination of access, or removal of online material); the individual's employment (up to and including immediate termination of employment in accordance with applicable university policy); the individual's studies within the university (such as student discipline in accordance with applicable university policy); civil or criminal liability; or any combination of these.