This is a foundational list of resources and links to understand the privacy and security environment in which our data systems operate.
There maybe more local, state and federal laws that apply in different contexts.
Rule, Resource, or Legislation | Description | Links |
Family Educational Rights and Privacy Act (FERPA) | The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. The Family Educational Rights and Privacy Act (FERPA) makes it clear that only a student can authorize release of his/her community college records. | FERPA Link |
Gramm-Leach-Bliley Act (GLBA) | The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. | GLBA Link |
Children's OnLine Privacy Protection Act (COPPA) | COPPA requires operators of commercial websites, online services, and mobile apps to notify parents and obtain their consent before collecting any personal information on children under the age of 13. NOTE: This rarely, but sometimes, applies to Community Colleges. | COPPA explanation Link |
Privacy Technical Assistance Center (PTAC) | The US Department of Education's Privacy Technical Assistance Center (PTAC), located within the Student Privacy Policy and Assistance Division, was established in 2010 as a “one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level data systems and other uses of student data. | PTAC Legal Basics Link |
California S.B. 570 | This California law defines the breach notification requirements | CA SB 570 Link |
California A.B. 964 | This California law defines encryption | CA AB 964 Link |
General Data Protection Regulation (GDPR) | The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. | GDPR Wikipedia Link |
California Education Code 76001 | Education Code 76001 authorize colleges to admit minors but also permit colleges to establish criteria for admission based on age, grade level, and eligibility. Note: This is a critical law for the issue of Dual Enrollment. | CA ED Code 76001 Link |
California Education Code 76002 | Education Code 76002 authorize colleges to admit minors but also permit colleges to establish criteria for admission based on age, grade level, and eligibility. Note: This is a critical law for the issue of Dual Enrollment. | CA ED Code 76002 Link |
California Penal Code 11165 | Penal Code 11165 include information about child abuse reporting and state that faculty and any community college employee who has direct contact with enrolled minors are considered mandated reporters. | CA Penal Code 11165 Link |
California Penal Code 11166 | Penal Code 11166 include information about child abuse reporting and state that faculty and any community college employee who has direct contact with enrolled minors are considered mandated reporters. | CA Penal Code 11166 Link |
Payment Card Industry Data Security Standard (PCI DSS) | PCI DSS is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. | PCI DSS Link |
- Federal Education Rights and Privacy Act (FERPA)
- Protection of Pupil Rights Amendment (PPRA)
- Privacy Technical Assistance Center (US DOE)
- Children’s Online Privacy Protection Act (COPPA)
- Gramm-Leach-Bliley Act (GLB)
- Carl D Perkins Career and Technical Education Act
- Workforce Innovation and Opportunity Act (WIOA)
- Reauthorized No Child Left Behind (NCLB), known as the Every Student Succeeds Act (ESSA)
- ESSA maintains NCLB’s strong focus on data and requires states to redesign their accountability systems; produce new postsecondary, attendance, and financial indicators; report on more groups of students, including those who are homeless or connected to the military; and engage stakeholders to design new public reports that will make data useful to the public. For the first time, data privacy and literacy training are listed as allowable uses of the law’s Title II funds.
- CA
- 2014: AB 1584, SB 1177 (SOPIPA)
- 2016: AB 2097, AB 2799
- AB 2799 (K-12) -
- Data Privacy (general)
- California Information Practices Act (California Civil Code Section 1798 et seq.)
- California Education Code (EC) Section 49062 et seq., Article 1, Section 1 of the California Constitution
- California Longitudinal Pupil Achievement Data System (CALPADS)
- Student Online Personal Information Protection Act (SOPIPA)
- Primarily for providers
- WICHE report on CA
- California Postsecondary Education Commission no longer exists
- Data Quality Campaign
- Higher Education Compliance Alliance
- National Associate of College and University Attorneys (NACUA)
- NSF Human Subjects Training