Three Best Practices for Data Privacy Day 2023

January 28th is international Data Privacy Day, an opportunity to raise awareness around the choices that we make with our information or what we interact with as part of our jobs at IU. Taking a few steps to protect sensitive information, such as financial account information or FERPA-protected student data, can be completed with some simple steps and help create a safer computing environment for everyone.

Below are three topics to prioritize data protection and privacy. Remember, you play a vital role in ensuring the confidentiality, integrity, and accessibility of the data we collect at Indiana University.

Stay safe online

Data Privacy at IU

The goal of the IU privacy program is to protect user data from unwanted disclosure and to inform users of their rights, such as who has access to their information and the limitations on how it is used. The program employs a framework approach to address several distinct types of personal data, many of which are governed by unique laws and give rise to special concerns.

Chief Privacy Officer Mark Werling leads a system-wide program at IU of data privacy compliance, ranging from student and employee data to health-related records for medical educational programs.

At IU, the program is guided by the several privacy principles:

  • Collect the minimum amount needed.
  • Use and share consistent with the purpose of data collection.
  • Retain only as long as needed.
  • Limit who has access to only those who need it.
  • Secure by ensuring controls are risk-based and appropriate.
  • Comply with applicable law.
  • Communicate about how personal information is used.
  • Ensure data we manage is accurate and up-to-date.

The IU privacy program encourages all employees to complete the Data Protection and Privacy tutorial to learn more about how their data handling responsibilities and how IU classifies data.

Visit the IU Privacy Portal

Clean up your cloud storage as an easy New Year’s Resolution

Treat your file storage like your living space and do a deep clean periodically. In Microsoft OneDrive at IU, get rid of old files and folders you no longer need and make sure that your permissions are up to date. OneDrive has a view that shows files and folders that you have shared with others, as well as what others have shared with you. After you sign into OneDrive with your IU credentials, look for the Shared tab in the left navigation. Once in the Shared column, you can sort by items shared with you or shared by you.

  • If you no longer need access to a file or folder that's been shared with you, select the item you want to remove, then select “Remove from shared list.”
    Note: You can only remove one file or folder at a time.
  • If you see someone who should not have access to a file or folder that you have shared, select the item, then select “Manage access.” You can then remove anyone who no longer requires access to that information.
  • If an item is still needed, but contains restricted or critical data, the content owner is required to move it to an existing Microsoft Team, or a new Team should be created through the shared storage feature.

Membership within a Team should also be kept up to date to help secure content. Team-level permissions can be managed by owners to remove anyone listed as a former employee, retired, or who no longer requires access due to a change in their role.

See files shared with you in OneDrive

See files you have shared in OneDrive

Don’t take the bait on these Phish

You’ve almost certainly been on the receiving end of attempts to con you into giving up information, buying into a scam, or clicking on mischievous links or files. While most malicious emails are blocked by filters, scammers are constantly working to bypass them to reach your inbox. Ultimately you are the best line of defense against phishing.

Double check for red flags. Malicious emails range from common spam to messages that contain malware or try to convince you to give up your credentials to access your information or finances.

Report suspicious emails to the UISO. If you see a suspicious email in your IU account, you can report it by selecting the Report Message icon in Microsoft Outlook under the Home ribbon.  You can alternatively forward the message (with full headers) to for our Incident Response team to act on blocking the message.

Accidents happen. If you realize that you have fallen for a malicious message after replying to the email or clicking on a link, the best strategy is to no longer engage. Change your passwords if you used any while engaging with scammers or on a site. Be on the lookout for any suspicious behavior on your computer and computing accounts if you were influenced or tricked into installing malicious software on your computer. If you notice suspicious files or activities, report it to the UISO.

Learn More About Protecting Yourself From Phishing Scams