Educause Security Discussion mailing list archives

Re: Federal laws applicable to Universities

From: "Feehan, Patrick" <Patrick.Feehan () MONTGOMERYCOLLEGE EDU>
Date: Thu, 7 Nov 2013 16:15:57 -0500

I did a presentation way back (maybe 2008) when I tried to only think of laws with long acronyms - I had, on a slide, 
HIPAA, FERPA, CALEA, PATRIOT ACT, GLBA, CAN-SPAM, SOX, ECPA, CFAA, DMCA, TEACH ACT, E-SIGN

Patrick J. Feehan
IT Privacy and Cybersecurity Compliance
Montgomery College
Patrick.feehan () montgomerycollege edu<mailto:Patrick.feehan () montgomerycollege edu>
240-567-3087 (office)
240-778-4519 (cell)


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Carr, 
Michael G
Sent: Thursday, November 07, 2013 4:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Federal laws applicable to Universities

Wow.  You are asking for a fairly long list.  Here are some for starters:

Reference materials: 
http://legalsolutions.thomsonreuters.com/law-products/Practice-Materials/Information-Security-and-Privacy-A-Guide-to-Federal-and-State-Law-and-Compliance-2013-ed/p/100090132

One list of existing federal privacy laws: https://www.cdt.org/privacy/guide/protect/laws.php

Another list: http://www.business.ftc.gov/privacy-and-security

A nice review of Federal Information Security & Data Breach Notification Laws: 
http://www.fas.org/sgp/crs/secrecy/RL34120.pdf

A nice list from Univ of Michigan: http://www.safecomputing.umich.edu/protect-um-data/compliance-table.php



Michael G. Carr, JD, CISSP, CIPP
Chief Information Security Officer
Academic Planning, Analytics & Technologies*
The University of Kentucky
122 James F. Hardymon Bldg
Lexington  KY  40506-0495
Desk: (859) 218-0306
Mobile: (513) 295-3067
Michael.Carr () UKy edu<mailto:Michael.Carr () UKy edu>

* UKIT is now part of APAT: Academic Planning, Analytics & Technologies

Security/Privacy Tip:  The APAT Service Desk will never ask you for your password.  Never give it out.

[cid:image001.gif@01CEDBD4.A1338160]





From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Francisco Pérez
Sent: Thursday, November 07, 2013 3:44 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Federal laws applicable to Universities

I know that FERPA, HIPAA( if healthcare data) and maybe PCI are applicable to Universities on the US. But there is any 
other federal laws applicable or that Universities need to comply with?. Just working on fundamental laws for IT 
Compliance on Universities.

Will appreciate your comments.

--
Francisco Pérez
Information System Office
UPR-Medical Sciences Campus
francisco.perez12 () upr edu<mailto:francisco.perez12 () upr edu>
www.rcm.upr.edu<http://www.rcm.upr.edu/>

Confidentiality Notice: Any use, review, distribution or copying of this communication by anyone other than the named 
recipient(s) is strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by 
error and delete this e-mail from your system.

Please print this email only when necessary.

Current thread:

Federal laws applicable to Universities Francisco Pérez (Nov 07)
- Re: Federal laws applicable to Universities Michael Cole (Nov 07)
  - Re: Federal laws applicable to Universities Francisco Pérez (Nov 07)
    - Re: Federal laws applicable to Universities Valerie Vogel (Nov 07)
    - Re: Federal laws applicable to Universities Khan, Sam (Nov 07)
    - Re: Federal laws applicable to Universities Shaw, David J (Nov 07)
- Re: Federal laws applicable to Universities Carr, Michael G (Nov 07)
  - Re: Federal laws applicable to Universities Feehan, Patrick (Nov 07)
- Re: Federal laws applicable to Universities Tracy Beth Mitrano (Nov 07)
- Re: Federal laws applicable to Universities Carlos Lobato (Nov 07)
- Re: Federal laws applicable to Universities Long, H Morrow (Nov 07)
- Re: Federal laws applicable to Universities Dan Han (Nov 07)