Federal and state regulations affect how data should be secured so as to avoid unauthorized disclosure, misuse, alteration, destruction or other compromise of sensitive data. University departments are responsible for the security, confidentiality and integrity of data covered by legislation.
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student educational records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
The Gramm-Leach Bliley Act (GLBA) requires financial institutions, including colleges and universities, to develop, implement, and maintain a comprehensive written information security program that contains administrative, technical and physical safeguards appropriate to the size and complexity of the institution, the nature and scope of its activities, and the sensitivity of any customer information issue. The scope of this act covers primarily financial institutions but also organizations containing financial functions such as colleges and universities.
Information security must secure the data on which many internal controls depend. Protecting financial information requires everyone to practice good security controls. Visit www.sec.gov to read about this federal law
North Carolina passed the Identify Theft Protection Act of 2005 in December 2005. Although this act is focused on protecting financial information, it addresses the protection of personal information that can be used to gain access to that information. Therefore, the university falls under this legislation.