86  Institution Privacy Policies INDIANA UNIVERSITY BLOOMINGTON Privacy of Electronic Information and Information Technology Resources https://policies.iu.edu/policies/it-07-privacy-it-resources/index.html Indiana University Policy: Privacy of Electronic Information and Information Technology Resources IT-07 This PDF created on: 10/02/2017 5 "Persons seeking access" includes system or database administrators or other technicians who need such access to perform their university responsibilities, or who receive requests from others to access those resources or information. Definitions Authorized users are people acting within the scope of a legitimate affiliation with the university, using their assigned and approved credentials (ex. network IDs, passwords, or other access codes) and privileges, to gain approved access to university information technology resources. A person acting outside of a legitimate affiliation with the university or outside the scope of their approved access to university information technology resources is considered an unauthorized user. Content-neutral information is information relating to the operation of systems, including information relating to interactions between individuals and those systems. Such information includes but is not limited to operating system logs (i.e., record of actions or events related to the operation of a system or device), user login records (i.e., logs of usernames used to connect to university systems, noting source and date/ time), dial-up logs (i.e., connections to university modems, noting source, date/time, and caller id), network activity logs (i.e., connections attempted or completed to university systems, with source and date/time), non-content network traffic (i.e., source/destination IP address, port, and protocol), email logs (i.e., logs indicating email sent or received by individuals using university email systems, noting sender, recipient, and date/time), account/system configuration information, and audit logs (i.e., records of actions taken on university systems, noting date/time). Critical operational necessity is an urgent need that is indispensable or vital to the operation of a unit. Indiana University information technology resources includes all university owned computers, peripherals, and related equipment and software voice communications infrastructure, peripherals, and related equipment and software data communications infrastructure, peripherals, and related equipment and software all other associated tools, instruments, and facilities and the services that make use of any of these technology resources. The components may be individually controlled (i.e., assigned to an employee) or shared single-user or multi-user they may be stand-alone or networked components and they may be stationary or mobile. This also includes university data and files whether stored on university-owned or personally owned equipment. University Chief Information Officer The primary responsibility of the University CIO is the development and use of information technology in support of the university's vision for excellence in research, teaching, outreach, and lifelong learning. The University Information Policy Office represents the University CIO with respect to policy issues related to the IU Bloomington and IUPUI campuses. Sanctions Indiana University will handle reports of misuse and abuse of information and information technology resources in accordance with existing policies and procedures issued by appropriate authorities. Depending on the individual and circumstances involved this could include the offices of Human Resources, Vice Provost or Vice Chancellor of Faculties (or campus equivalent), Dean of Students (or campus equivalent), Office of the General Counsel, and/or appropriate law enforcement agencies. See policy IT-02, Misuse and Abuse of Information Technology Resources for more detail. Failure to comply with Indiana University information technology policies may result in sanctions relating to the individual's use of information technology resources (such as suspension or termination of access, or removal of online material) the individual's employment (up to and including immediate termination of employment in accordance with applicable university policy) the individual's studies within the university (such as student discipline in accordance with applicable university policy) civil or criminal liability or any combination of these. History Reviewed December 2011. Revised August 17, 2011: changed titles in Sanctions section to more accurately reflect current usage. Revised July 23, 2010: updated Institutionally Approved Research language. Revised March 4, 2010: enhancing language in Sanctions section Updated procedures section for "Persons affiliated with external entities collaborating with Indiana University" to match academic no-pay process September 23, 2008
Previous Page Next Page