Home > Information Security > Information Security Acts.

Information Security Acts.

Information Security Laws/Acts  applied to Data (generated or maintained by  Educational Institution):

HIPPA (Health Insurance Privacy Protection Act)

 applies to Medical Records specially ePHI (Electronic Protected Health Information) which includes  

  • Names
  • All geographic subdivisions smaller than a State
  • All elements of dates (except year) for dates directly related to an individual including birth date, admission date, discharge date, date of death
  • Telephone numbers
  • Fax numbers
  • Email addresses
  • Social security numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/License numbers
  • Vehicle identifiers and serial numbers, including license plate numbers
  • Device identifiers and serial numbers
  • URLs
  • IP addresses
  • Biometric identifiers

EAR (Export Administration Regulation) Act:

Generally, an export includes any:

(1) actual shipment of any covered goods or items; 

(2) the electronic or digital transmission of any covered goods, items or related goods or items; 

(3) any release or disclosure, including verbal disclosures or visual inspections, of any technology, software or technical data to any foreign national; or

(4) actual use or application of covered technology on behalf of or for the benefit of a foreign entity or person anywhere.

Data protected under this laws includes:

  • Chemical and biological agents
  • Scientific satellite information
  • Certain software or technical data sent to foreign persons
  • Military electronics….
  • Nuclear Physics
  • Work on new formula for explosives 

Federal Information Security Management Act (FISMA) 

Examples of research work that might be regulated by FISMA include research in which data is provided by federal organizations such as:

  • National Institutes of Health
  • NASA
  • Department of Veterans Affairs

FISMA regulates that data under FISMA can only be stored in following ways: 

GLBA (Gramm-Leach-Bliley Act) to protect  student loan information

data includes:

  • Loan information
  • Student financial aid data
  • Payment History

PCI-DSS (Payment Card Industry Data Security Standards)

This act regulates financial / Credit Card Information:

Regulated data includes:

  • Cardholder name
  • Account number
  • Expiration date
  • Verification number
  • Security code…

FERPA (Family Educational Rights and Privacy Act): 

This act is applied to records that contain information directly related to a student and which are maintained by an educational agency or institution.

data includes:

  • Grades
  • Student Transcripts
  • Degree Information
  • Class Schedule
  • Advising and Disciplinary records

Following ones do  not directly apply to Educational Institution. But interesting to know. 

Freedom of Information Act (FOIA):

The Freedom of Information Act (FOIA) is a federal law that establishes the public’s right to obtain information from federal government agencies. Under this laws US companies, Educational Institution, Non-commercial Scientific Institution or qualified others can request information for Federal Govt.

Ref: http://www.safecomputing.umich.edu/protect-um-data/compliance-table.php

Categories: Information Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: