85 SPEC Kit 360: Learning Analytics INDIANA UNIVERSITY BLOOMINGTON Privacy of Electronic Information and Information Technology Resources https://policies.iu.edu/policies/it-07-privacy-it-resources/index.html Indiana University Policy: Privacy of Electronic Information and Information Technology Resources IT-07 This PDF created on: 10/02/2017 4 data and in some cases this content may be viewed to complete analysis. If any data must be stored to complete the assigned tasks, it will be stored securely and deleted as soon as possible. Security engineers may not disclose content or log data to other persons except as authorized under Section 1 above. f. Implied Consent – Technicians may access, and permit access to, information technology resources and electronic information in situations where a user has requested assistance diagnosing and/or solving a technical problem or where the technician is performing required maintenance or troubleshooting. In these cases, technicians should strive to limit the scope of the access to that which is necessary to address the problem. 5. Other Provisions a. Advice and Interpretation - The Chief Information Policy Officer in the Office of the Vice President for Information Technology represents the University CIO for privacy issues related to the IU Bloomington and IUPUI campuses, and is also available to provide advice and policy interpretation to campus CIOs, department management, and any member of the Indiana University community. Technicians receiving requests for access to computer accounts, files, or network traffic by persons other than the account holder, who are not sure how to handle that request within the provisions of this policy, will consult with the Chief Information Policy Officer or the appropriate campus Chief Information Officer (CIO) prior to granting the access. b. Legal Requests - All legal requests or demands for access to information technology resources or electronic information, including all requests under the Indiana Access to Public Records Act and all subpoenas, warrants, court orders, and other legal documents directing that access be afforded to law enforcement agencies or others, must be delivered immediately to the Office of General Counsel. Should such documents be served on individual system technicians or other persons, the documents must be sent immediately to the Office of General Counsel for review. Counsel will review the request or order, and advise the relevant personnel on the necessary response. In the event that a law enforcement agency seeks to execute a search warrant or other order immediately and will not wait for review by the Office of General Counsel, individual system technicians or other persons receiving such orders should not obstruct the execution of the warrant or order, but should document the actions by law enforcement, notify the Office of General Counsel as soon as possible, and take reasonable steps whenever possible to preserve a copy of any data being removed, for appropriate university use. c. Expectation of Privacy - Although the university seeks to create an atmosphere of privacy with respect to information and information technology resources, users should be aware that because IU is a public institution, and members of the University community are engaged in institutional and academic research projects that may require access to certain de-identified user data, and because the university must be able to ensure the integrity and continuity of its operations, use of the university's information resources cannot be completely private. For example, in addition to the types of permissible access described above, when users engage in incidental personal use of their university email accounts, the contents of their email may be subject to disclosure in response to requests under Indiana's "open records" law. Therefore, users of Indiana University information technology resources are hereby notified that they should have no expectation of privacy in connection with the use of those resources beyond the provisions of this policy. Users should also be aware that although the university takes reasonable measures to ensure the privacy of university information technology resources, the university does not guarantee privacy. d. Initiating Access - Persons seeking access to specific information technology resources and/or electronic information assigned to or associated with an individual, that are maintained by University Information Technology Services (UITS), must send those requests to it-incident@iu.edu. Acting for the University CIO, the University Information Policy Office (UIPO) is responsible for ensuring adherence to proper policy and procedures and will coordinate any subsequent approved access. Persons seeking access to specific information technology resources and/or electronic information assigned to or associated with an individual, that are not maintained by University Information Technology Services (UITS), should direct those requests to the technology director of the unit maintaining those resources (on the Bloomington or IUPUI campuses), or the appropriate campus CIO (on the regional campuses). Campus CIOs and unit technology directors are encouraged to consult with the UIPO as needed.