Procedure to Handle Requests for Records or Information

Information about the University of Chicago faculty, staff, students, or other affiliates is covered by certain privacy laws, University policies, and regulatory requirements. All such requests must follow this procedure to ensure the proper protection of both those individuals and the University.

What is covered:

Information requests related to non-public information about or actions taken by any member of the University of Chicago community where such records are under the management and control of IT Services. This also covers general records, when an individual is not specifically named. Examples include:

  • Non-public information about an individual
  • Phone records
  • Network activity
  • Computer activity
  • Information on actions and locations
  • General phone records
  • Network logs
  • Computer logs or login activity
  • Access information
  • Information from a camera or other recording device

NOTE: This procedure must be followed whether or not the requestor is an external party (e.g., law enforcement, government agency) or internal (e.g., Human Resource office, business unit management, Dean's Office).

Procedure:

When a records or information request is received:

  1. Forward that request to IT Security, call 773-702-2378, or directly contact the Information Security Officer, Leilani Lauger at 773-834-3925.
  2. IT Security will obtain clarification of the request, if needed, and send it to the University's Legal Counsel Office.
  3. Legal Counsel will evaluate the request and approve, deny, or ask for additional information. They may go through IT Security or make the request directly to the requestor for the additional information.

If the request is approved, IT Security will notify the requesting party and pass the approval to the internal group that can provide the information requested. The information provided must not be broader than the specific scope that was approved.

If the request is not approved, IT Security will notify the requesting party.

These requests are often confidential in nature. Involved parties must only disclose the existence of the information request to those needed to follow this procedure, and then only what is needed to complete the process.

Under no circumstances may information or records be provided without Legal Counsel approval.

Contact IT Security with any questions about this procedure.