Indiana University hosts many events that may include the collection of personal information during the registration process. Personal information that is collected for an IU-hosted event is classified as restricted data and should not be shared with others without consent from the participants. Even if it doesn't fall under the university’s definition of institutional data, it is important that there are safeguards in place to protect the information from unauthorized access.
Event data is classified as any information that is collected at the registration of a conference, webinar, or even child activities such as an academic camp or sports clinic. Examples include:
- Participant name
- Participant email address
- Participant home address
- Participant home phone number
- User affiliation
- Event attended
- IP address
If you manage event data, it is important to follow the basic privacy principles that guide data privacy at Indiana University. Remember to practice limiting the collection, storage, and processing of data to only what is strictly necessary for business operations, and do not share without consent from the event participants.
Consent to share personal information for an event does not permit event organizers to further share the data for unrelated reasons or follow-up communications for other events or services. It is important to remember the event attendees have the expectation that they are sharing information to attend a specific event and not to receive follow-ups unrelated to the event or to share their information with other organizations and third parties. The participant should opt-in to have their information shared for these purposes, after they have been informed of the consent language on the registration form.