Three Best Practices for Data Privacy Day 2024

Data Privacy Week 2024 has begun around the world to help remind us of the importance of protecting our personal data. This week gives us an opportunity to evaluate the choices we make with our personal information, and how we interact with institutional data as part of our jobs at IU. Here are a few tips to consider in 2024 to help protect personal data at IU.

Use Generative AI Services Responsibly

Generative AI is a powerful technology that has potential applications across a wide range of industries including art, writing, and software development. However, it also poses risks such as the potential misuse of data shared with these services. When you provide information to AI services in which we do not have a data agreement to protect institutional data, it is the same as posting the information on a public website. As of January 2024, we do not have a contract with OpenAI to protect any data shared with ChatGPT or ChatGPT plus.

Microsoft Copilot (formerly Bing Chat Enterprise) is covered under the existing contract between IU and Microsoft, and does not share the chat data to train its underlying models. Copilot is approved to interact with data classified up to and including University-Internal if you are logged into Bing with your IU account. You can confirm that you are signed in if the green Protected bubble is in the top right corner of your browser; in Microsoft Edge, check the top left. Additional AI services offered can be found here: AI at IU: University Information Technology Services: Indiana University.

Acceptable uses of generative AI services at IU 

Be Transparent on IU Websites using the Privacy Notice Generator

If you are a website owner at IU, you have a responsibility to inform your visitors about how you collect, use, and protect their personal data. A transparent and clear privacy notice specific to you website can help you build trust with your visitors, and comply with University policy.

Your privacy notice should include: 

  • What personal data your site collects and why. 
  • How your site uses and shares visitor data. 
  • Any third-party services that your site implements, including Google Analytics and SiteImprove.
  • How your site stores and secures visitor data. 
  • How you update and communicate changes to your privacy notice. 
  • How to contact you or the relevant authority if there are any questions or complaints. 

The Privacy Notice Generator presents a series of questions about the visitor information your website collects, the ways the information is used, and the practices you follow to manage and protect that information, and then uses your answers to create a customized privacy notice for you based on a template. 

If your website's privacy practices are especially complicated, contact the IU Privacy team (privacy@iu.edu) for further assistance. 

Visit the Privacy Notice Generator

Collaborate Safely in Online Meetings

Did you know that you can use Microsoft Teams to collaborate online with your colleagues and partners on projects that involve protected health information (PHI)? Whether you are distributing research team working sessions, interviewing participants for clinical research, or providing telehealth services, you can take advantage of the secure and compliant features of Microsoft Teams to host meetings with PHI at Indiana University.

You must use a secure Microsoft Teams requested via the Institutional storage request form option to ensure that all meetings in that Team meet the additional security requirements for hosting meetings with PHI at IU. 

Before deciding to host a meeting via a secure Team, be aware of the following:  

  • Each meeting must be scheduled in the secure Team to have the appropriate safeguards in place for PHI-related data. If participants need to start a meeting immediately, they can select the dropdown option to Meet Now inside the secure Team channel. 
  • Participants can be members of multiple secure Teams and create multiple meetings inside each of these secure Teams.  
  • Meeting recordings containing PHI must be stored within your secure Microsoft Teams channels.  
  • Breakout rooms are available in a secure Team; you can enable them in your Microsoft Teams settings and use them normally.  
  • It is important to keep in mind that any member of a secure Team has the ability to host meetings that may contain PHI. Naming your Team for personal use vs. naming it for use by an entire department likely facilitates a different naming convention for each. 

By following the steps and tips provided, you can ensure that your online collaborations are private, secure, and compliant with the Business Associates Agreement (BAA) between IU and Microsoft. 

Use Microsoft Teams to host meetings that contain PHI