Compliance & Regulations
Why is Compliance Important?
Federal and state regulations affect how data should be secured so as to avoid unauthorized disclosure, misuse, alteration, destruction or other compromise of sensitive data. University departments are responsible for the security, confidentiality and integrity of data covered by legislation.
Federal and State Regulations:
FERPA: Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student educational records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
Gramm-Leach Bliley Act (GLBA)
The Gramm-Leach Bliley Act (GLBA) requires financial institutions, including colleges and universities, to develop, implement, and maintain a comprehensive written information security program that contains administrative, technical and physical safeguards appropriate to the size and complexity of the institution, the nature and scope of its activities, and the sensitivity of any customer information issue. The scope of this act covers primarily financial institutions but also organizations containing financial functions such as colleges and universities.
Information security must secure the data on which many internal controls depend. Protecting financial information requires everyone to practice good security controls. Visit www.sec.gov to read about this federal law
NC Identity Theft Act
North Carolina passed the Identify Theft Protection Act of 2005 in December 2005. Although this act is focused on protecting financial information, it addresses the protection of personal information that can be used to gain access to that information. Therefore, the university falls under this legislation.
- Short Summary of Act
- More Detailed Summary of Act
- Link to the NC Identity Theft Act: Review sections H1248 and S1048
- Link to government recommendation on Protecting your SSN