Re: laws/regulations to comply with

["Basgen, Brian" <bbasgen () PIMA EDU>]

Hi Jason,

 Legal compliance is contingent on context, but I think you've identified the most common ones. There are some sites 
that do a pretty good job of identifying some of the laws and the latest information on them. I found this site pretty 
helpful to get up to speed:
  http://counsel.cua.edu/ferpa/

 FWIW as an example, our current policy mix sites 10 different sections of Arizona state law, 4 federal laws, 2 FCC 
rulings, and 1 industry mandate. The alphabet soup (e.g. HIPAA, GLBA, etc) of federal laws are a good starting point, 
but next I would suggest your state laws before reading USC for example. State laws typically cover requirements in 
greater depth than federal laws and I think are often more useful to cite. To find applicable state laws, call up your 
counterparts in other state institutions of higher ed, or just read through the laws. :)

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College




> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Youngquist, Jason
> R.
> Sent: Thursday, December 04, 2008 8:34 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] laws/regulations to comply with
>
> We are working on writing more formalized policies for the institution.
> What I'm looking for is a comprehensive set of law/regulations that an
> institution such as a college might need to comply with.  For example,
> HIPPA, PCI, Red Flag, FERPA, GLBA, CALEA, state & federal laws, etc.
> Is there any definitive list somewhere or does anyone have any
> additional suggestions?
>
>
> Thanks.
> Jason Youngquist
> Information Technology Security Engineer
> Technology Services
> Columbia College
> 1001 Rogers Street, Columbia, MO  65216
> (573) 875-7334
> jryoungquist () ccis edu
> http://www.ccis.edu