Information Processing

Information processing

Indiana University must process information in order to perform its mission activities. Although not all processing is harmful, information processing can constitute a harmful activity. This is especially true when the processing results in an incorrect assumption, and is used as the basis for making a (wrong) decision concerning an individual.

Examples of harmful information processing include:

Aggregation

Combining pieces of information about an individual that were collected from different sources.

Identification

Linking unidentified information elements to particular individuals.

Insecurity

Failure to protect information from leaks and unauthorized access.

Secondary use

Use of collected information for a purpose different from the use for which it was collected, without the individual’s consent.

Exclusion

Using data to exclude an individual, especially if the data was incorrect or interpreted incorrectly.

Things to consider

Are you doing something with your process, service, or project that could be seen as an information processing harm?
Information processing can be helpful when it "personalizes" and gives better service. But it can invade privacy when it goes too far or is used in ways that break commonly accepted norms.
Are you keeping information long after you are finished with it? This can make it vulnerable to processing harms.
Privacy is a balancing act. Individuals are going to balance the gains from using your service with the potential privacy harms. Some may choose not to use your service because they don’t know how you will process their information.
What might you do to address your users’ concerns? For more ideas, visit the Privacy Principles.