This is a foundational list of resources and links to understand the privacy and security environment in which our data systems operate.
...
| Rule, Resource, or Legislation | Description | Links |
|---|---|---|
| Family Educational Rights and Privacy Act (FERPA) | The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. | FERPA Link |
| Gramm-Leach-Bliley Act (GLBA) | The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. | GLBA Link |
| Children's OnLine Privacy Protection Act (COPPA) | COPPA requires operators of commercial websites, online services, and mobile apps to notify parents and obtain their consent before collecting any personal information on children under the age of 13. NOTE: This rarely, but sometimes, applies to Community Colleges) | COPPA explanation Link |
| Privacy Technical Assistance Center (PTAC) | The US Department of Education's Privacy Technical Assistance Center (PTAC), located within the Student Privacy Policy and Assistance Division, was established in 2010 as a “one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level data systems and other uses of student data. | PTAC Legal Basics Link |
California S.B. 570 | This California law defines the breach notification requirements | CA SB 570 Link |
California A.B. 964 | This California law defines encryption | CA AB 964 Link |
| General Data Protection Regulation (GDPR) | The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. | GDPR Wikipedia Link |