Educause Security Discussion mailing list archives
Re: Federal laws applicable to Universities
From: "Long, H Morrow" <morrow.long () YALE EDU>
Date: Thu, 7 Nov 2013 22:34:05 +0000
My recommendation is that you always consult your own legal counsel regarding what compliance laws and regulations your institution is affected by and must comply with -- but you can always suggest that you think that they should look into certain areas of law and compliance that may not be front-burner issues for them. Not Federal laws applicable to Universities but one area you can poke them on (and once poked it may become somewhat of a head ache to them...) is the topic of individual US state (as well as US Territory and even international) legislation -- particularly privacy law. If you have a physical location in a US state other than your main location you are likely to be subject to the laws of that state as well -- ask your attorneys. A more contentious and controversial issue is just how subject to the laws of another US state is your institution if you have students from that state (e.g. California or Massachusetts) or even from a European Union (E.U.) country. Many of the individual 50 US states have their own privacy laws and/or regulations -- primarily for the protection of personal identity (and sometimes also financial) information (AKA PII and PFI). For example, the state of Connecticut's Privacy Law (SB 5658) considers a number of numeric and non-numeric identifiers as PII to be protected (SSN, Driver's License # and several others). California's Breach Notification Law (SB 1386) and Massachusetts (MA 201 CMR 17) laws are comprehensive models for many other US state laws and regulations. The following is from 2010 so it is likely to be a bit out of date: http://www.ps-snug.org/presentations/2010_Fall/Managing%20compliance-state-Privacy-Laws%20-%20Mentis.pdf I did a Google search on "Puerto Rico Privacy Law" and pulled up a number of references... - Morrow On Nov 7, 2013, at 3:43 PM, Francisco Pérez wrote: I know that FERPA, HIPAA( if healthcare data) and maybe PCI are applicable to Universities on the US. But there is any other federal laws applicable or that Universities need to comply with?. Just working on fundamental laws for IT Compliance on Universities. Will appreciate your comments. -- Francisco Pérez Information System Office UPR-Medical Sciences Campus francisco.perez12 () upr edu<mailto:francisco.perez12 () upr edu> www.rcm.upr.edu<http://www.rcm.upr.edu/> Confidentiality Notice: Any use, review, distribution or copying of this communication by anyone other than the named recipient(s) is strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by error and delete this e-mail from your system. Please print this email only when necessary.
Current thread:
- Federal laws applicable to Universities Francisco Pérez (Nov 07)
- Re: Federal laws applicable to Universities Michael Cole (Nov 07)
- Re: Federal laws applicable to Universities Francisco Pérez (Nov 07)
- Re: Federal laws applicable to Universities Valerie Vogel (Nov 07)
- Re: Federal laws applicable to Universities Khan, Sam (Nov 07)
- Re: Federal laws applicable to Universities Shaw, David J (Nov 07)
- Re: Federal laws applicable to Universities Francisco Pérez (Nov 07)
- Re: Federal laws applicable to Universities Michael Cole (Nov 07)
- Re: Federal laws applicable to Universities Carr, Michael G (Nov 07)
- Re: Federal laws applicable to Universities Feehan, Patrick (Nov 07)
- Re: Federal laws applicable to Universities Tracy Beth Mitrano (Nov 07)
- Re: Federal laws applicable to Universities Carlos Lobato (Nov 07)
- Re: Federal laws applicable to Universities Long, H Morrow (Nov 07)
- Re: Federal laws applicable to Universities Dan Han (Nov 07)