Use and transmissions

Critical information is to be used only in conducting university business, and in ways consistent with furthering the university’s mission.

  • Use critical information solely for the purpose for which it was collected.
  • Never use information for personal gain or profit, the gain or profit of others, to satisfy curiosity, or to engage in academic, personal, or research misconduct.
  • Immediately report any misuse of information to the appropriate authorities.

Transmission by hand

  • Use reliable transport or couriers. See the Media Disposal Guide for a list of approved couriers.
  • Verify the identity of couriers prior to providing info to them.
  • Protect information from unauthorized disclosure or modification during transit (for example, use locked containers or tamper-evident packaging).
  • Always require a signature from the recipient.
  • Provide a full address for the recipient — not a P.O. Box.
  • Keep your shipping documentation, including the tracking number.
  • Follow up to ensure the information made it to the intended recipient.

Transmission electronically

Encrypt while in transit.

  • If you cannot use an encrypted transit method, then encrypt the file itself prior to sending. Consider using Slashtmp: www.slashtmp.iu.edu
  • When transmitting health information or payment card information, comply with PCI DSS or HIPAA as appropriate.

For more PCI DSS information, see PCI DSS Compliance.

For more HIPAA information, see the HIPAA Privacy and Security page.

  • Websites must be secure and transmit information over a secure channel. For more information, see: go.iu.edu/15HL and kb.iu.edu/d/ahuq
  • When used for research purposes, websites may need to comply with HIPAA, CFR part 11 (for FDA related research), or the Federal Information Security Modernization Act (FISMA: www.dhs.gov/fisma).
  • Learn about other methods of protecting data during electronic transmission at: go.iu.edu/15HM