To develop among the university community an appreciation for the value, and the often vulnerable nature, of information and to reduce the danger of misuse, destruction, or loss of information, especially that of a critical or confidential nature, without restricting academic freedom or complicating access to information to which the university community has a legitimate and specific need.
This policy applies to all employees of the university.
The objective of this policy is to establish a framework for the use, access, and maintenance of information.
It is the policy of Indiana University of Pennsylvania that all information be used in a manner that maintains an appropriate and relevant level of confidentiality and that provides sufficient assurance of its integrity in compliance with existing laws and PASSHE and university policies. [Examples would include (but are not limited to) Copyright Law, US Code Title 18, the Family Educational Rights and Privacy Act of 1974 (FERPA), the Pennsylvania Library Theft law (Act 1982-95), and the Gramm-Leach-BlileyAct (GLBA)].
While the elimination of all risk is impossible, the goal of the policy is to minimize the possibility of information misuse, corruption, and loss through the adoption of reasonable procedures for the university community to follow. While this policy is especially pertinent to information stored electronically, it is also intended to guide users of all information, including what is stored in other formats such as paper, microform, and video, as well as the content of confidential meetings and conversations.
All employees of the university.
Data, in all its forms, collected, maintained, accessed, modified, or synthesized by and for members of the university community. The various forms of data include, but are not limited to, computer files, paper files, books, microfilm and fiche, video, conversations and oral presentations, and pictures or images.
Information to which the university community has unrestricted access and for which there are no requirements of confidentiality. The vast majority of information at the university is of a public nature; for example: telephone directories, calendars, schedules, library books in general circulation, most conversations and meetings, and information bulletins.
Information which is sensitive and confidential in nature or legally constrained, and requires access only by that part of the university community with the specific need to do so. Restricted university information includes, for example, individual student class schedules, grades, bills, financial aid applications, health records, personally identifiable financial information, and confidential personnel actions, whether the information is in paper, electronic, micrographic, or conversational form.
The Library and Educational Services Committee (LESC) is responsible for the procedures and programs to support the Maintenance (Section 7) of the Information Protection Policy, including the creation and maintenance of any specific programs required by law [example, GLBA Safeguards Rule]. Copies of this policy and all associated procedures shall be maintained on the IUP Policy website. Questions regarding the applicability or violation of the policy, or appropriate access to information, should be referred to the chair of the Library and Educational Services Committee (LESC).
Violations of this policy will be reported to the associate vice president for Human Resources. Violations of the policy may result in disciplinary action up to and including separation from employment or expulsion from school in accordance with the student handbook, applicable collective bargaining agreements, and/or university and PASSHE personnel policies.
A violation of this agreement may result in criminal action if it is determined that any local, state, or federal law has been violated.
Information Protection Policy
Confidentiality Statement for Information Protection Policy
Alumni/Development Information System Confidentiality Policy
This policy should be published in the following publications:
LESC update:Removed "affiliates" from document scopeRemoved "affiliates" from definition of "university community"Removed/Updated obsolete language and referencesRemoved Requirement to sign the "IUP Confidentiality Statement"