Use and transmissions

Critical information is to be used only in conducting university business, and in ways consistent with furthering the university’s mission.

  • Use critical information solely for the purpose for which it was collected.
  • Never use information for personal gain or profit, the gain or profit of others, to satisfy curiosity, or to engage in academic, personal, or research misconduct.
  • Immediately report any misuse of information to the appropriate authorities.

Transmission by hand

  • Use reliable transport or couriers. See the Media Disposal Guide for a list of approved couriers.
  • Verify the identity of couriers prior to providing info to them.
  • Protect information from unauthorized disclosure or modification during transit (for example, use locked containers or tamper-evident packaging).
  • Always require a signature from the recipient.
  • Provide a full address for the recipient — not a P.O. Box.
  • Keep your shipping documentation, including the tracking number.
  • Follow up to ensure the information made it to the intended recipient.

Transmission electronically

Encrypt while in transit.

  • If you cannot use an encrypted transit method, then encrypt the file itself prior to sending. Consider using Slashtmp: www.slashtmp.iu.edu
  • When transmitting health information or payment card information, comply with PCI DSS or HIPAA as appropriate.

For more PCI DSS information, see PCI DSS - What you should know.

For more HIPAA information, see the HIPAA Privacy and Security page.

  • Websites must be secure and transmit information over a secure channel. For more information, see: go.iu.edu/15HL and kb.iu.edu/d/ahuq
  • When used for research purposes, websites may need to comply with HIPAA, CFR part 11 (for FDA related research), or the Federal Information Security Modernization Act (FISMA: www.dhs.gov/fisma).
  • Learn about other methods of protecting data during electronic transmission at: go.iu.edu/15HM