Site Menu
- Policy & Standards
- University
- Institutional Data
- Disclosure or Exposure of Personal Information
- Responsible Use of University Computing and Network Resources
- Archives and Records Retention
- Merchant Services & Use of Credit Cards
- Deployment and Use of Wireless Data Networks
- Statement on Public Records
- Draft Identity Theft Red Flags
- State & Federal
- Institutional Data
- Tools & Templates
- Standards & Frameworks
- FAQ
- Campus Resources
- Contact Us
- Site Map
What's New?
Learn about an IT Security Framework.
Hot Topics
- Institutional Data Policy Training
- Restricted Data Elements
- Implementation Plan
- University Security Standards (UCSS)
- Relevant Federal Laws & Regulations
2008-2009 IT Security Implementation Plan update!
The dates for the quarterly implementation plan submissions have been updated to reflect the 2008-2009 schedule.
Incident Response
Federal Policies
- FERPA: FERPA protects the privacy of students' education records by setting forth strict instructions and limitations governing the release of information about students. Particularly sensitive information includes students' Social Security numbers, race or ethnicity, gender, nationality, academic performance, disciplinary records, and grades.
- Health Insurance Portability and Accountability Act of 1996 (HIPAA): HIPAA is a federal law comprised of three sets of regulations that establish and protect patient rights and disseminate standards for the protection of individually identifiable health information, otherwise known as protected health information (PHI).
- Payment Card Industry (PCI) Standards: A set of security standards created by the major credit card companies that applies to any organization that processes and/or stores credit or debit card information; the standards include requirements for security management, policies, procedures, network architecture, software design and auditing.
- Gramm-Leach-Bliley Act: Sets forth key provisions on the collection and disclosure of consumer's personal financial information, such as bank account numbers.
- FACTA Red Flags: Regulation intended to reduce the risk of identity theft. The regulation defines twenty-six alerts or red flags. A Red Flag refers to a pattern, practice or specific activity that indicates the possible existence of identity theft. The regulation is monitored by the Federal Trade Commission and goes into effect May 1, 2009.
