The privacy of employee data is governed by a number of IU policies, as well as federal law. Employee records are strictly protected in the IU privacy program.
IU collects and uses personally identifiable information in its relationship with employees. See IU Policy HR-02-80 for a detailed listing. Examples include:
| Category | Examples |
|---|---|
| Personal Identification | Name, date of birth, Social Security Number |
| Demographics | Race, ethnicity, sex, veteran, and disability status |
| Contact Information | Address, telephone number, email address |
| Family Information | Relevant information on spouse / dependents |
| Job Related Information | Employment history, current organization / position, training information (e.g., professional development, compliance training, etc.), background check data, compensation, tax information, bank account data |
| Medical Information | ADA and FMLA records, vaccination related information |
| Disability Claim Records | Workers’ compensation and disability claim records |
Upon request, an IU employee will have timely access to all information found in the employee’s own personnel and medical records. See IU Policies HR-07-20 and ACA-27 for further details.
IU is subject to certain governmental record keeping and reporting requirements for the administration of civil rights laws and employment regulations. To comply with these laws, IU invites employees and job applicants to voluntarily self-identify their sex, race and/or ethnicity, as well as disability and veteran status. Such information is used in accordance with applicable laws and IU policies, including those that require the information to be summarized and reported to federal and state government for educational reporting and employment law requirements.
IU may aggregate demographic information on an anonymized basis and include it on externally facing dashboards to provide information and transparency regarding its workforce. In addition, IU may also use certain demographic information to communicate directly with you concerning university activities and opportunities that may be of interest, (e.g. through university diversity offices, university cultural centers, veterans’ affairs office, etc.). Internal requests to use personally identifiable information in this way must be approved by an applicable Data Steward, the individuals at IU responsible for safeguarding such information.
Employees and job applicants are encouraged to self-identify their disability status. This information is used only for governmental reporting and monitoring by university offices, it is not shared with supervisors, departments, or hiring teams. Requests for accommodations in the workplace or in the hiring process are separate from self-identifying as having a disability. Information related to an accommodation is stored separately from an employee’s personnel file in accordance with the ADA, and information is shared with a supervisor or hiring team only to the extent needed to fulfill the accommodation.
Subject to limited exceptions, stored electronic files are generally accessible only to the account holder, or the sender or receipt of electronic communications. Exceptions will apply in cases such as violations of law or policy, critical operational necessity, substantial university risk, and institutionally approved research. The exceptions are subject to strict approval requirements. IU makes reasonable efforts to notify individuals when information has been accessed, except where such notification is impractical. See IU Policy IT-07 for full details.
Although IU seeks to create an atmosphere of privacy with respect to information and IT resources, users should be aware that because IU is a public institution, and IU is engaged in research projects that may require access to de-identified user data, and because IU must ensure the integrity and continuity of its operations, use of IT resources cannot be completely private. Therefore, users of IU information technology should have no expectation of privacy in connection with those resources beyond the provisions of IU policy. See IU Policy IT-07 for further details.
The senior management of each department or other administrative unit is authorized to define and publish the acceptable level and nature of incidental personal use by members of the unit. See IU Policy IT-01 for full details.
We encourage you to explore the links above and share any thoughts with us on this important subject at privacy@iu.edu.
