Skip to main content

Compliance & Law

The IT@UC Office of Information Security (OIS) is responsible for the protection of data items that UC collects and has on file about you. For more detailed information on how we work to protect and safeguard your information please go to: About OIS. Expand each section below to find descriptions of laws relating to the protection of data:

Privacy of Personal Data: Expand

Law

How it applies to UC

OIS Responsibilities

Federal Privacy Act of 1974

Prevents the unauthorized release of personal records.

OIS provides guidance on how to secure personally identifiable information (PII). In addition OIS responds to and investigates potential privacy violations at the university.

Electronic Communications Privacy Act of 1986

Protects wire, oral, and electronic communications when being made, in transit, or stored on computers.

OIS provides guidance to secure wire, oral, and electronic communications. In some instances OIS is responsible for verification of the compliance.

Identity Theft Enforcement and Restitution Act

Enables increased federal prosecution of identity theft crimes and restitution to victims of identity theft.

OIS responds to, investigates and cooperates with local and federal law enforcement on identity theft cases.

Family Educational Rights and Privacy Act (FERPA)

Requires the university to provide students with access to their education records, an opportunity to have the records amended, and some control over the disclosure of information from the records.

OIS supports the Office of the Registrar on FERPA compliance matters as deemed necessary.

ORC§1347.15 (Formerly House Bill 648)

Requires state agencies to adopt new rules for governing access to confidential personal information.

OIS provides guidance on how to secure personally identifiable information (PII). In addition UCIT OIS responds to and investigates potential privacy violations.

Privacy and Protection of Financial Information: Expand

Law

How it applies to UC

OIS Responsibilities

Gramm-Leach Bliley Act (GLBA)

Regulates how information is being shared in regards to financial institutions.

OIS supports the Division of Administration and Finance (A&F) in achieving GLBA compliance. OIS also provides general guidance on internal controls over financial data and transactions.

Integrity of Credit Reporting and Protection from Identity Theft: Expand

Law

How it applies to UC

OIS Responsibilities

Fair and Accurate Credit Transactions Act (FACTA)

Red Flag requires university units to develop policies and procedures when they receive a notice of address discrepancy from a consumer-reporting agency. The regulation also requires the university to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts.

OIS assists university units such as Finance and Financial Aid to develop compliant operational processes and Identity Theft Prevention Programs.

Computer Fraud: Expand

Law

How it applies to UC

OIS Responsibilities

Computer Fraud and Abuse Act of 1986

Requires the university to have a login banner on all university computers/servers to ensure a successful prosecution if fraud and related activity occur on a university computer.

OIS proactively monitors UC’s network for malicious activity. In addition OIS partners with local and federal law enforcement on cyber incidents.

State of Ohio Security Breach Law: Expand

Law

How it applies to UC

OIS Responsibilities

Ohio Security Breach Law

Intended to reduce hacking of computer systems.

OIS proactively monitors UC’s network for malicious activity. In addition OIS partners with local and federal law enforcement on cyber incidents.

Maintaining a Security Infrastructure at UC: Expand

Law

How it applies to UC

OIS Responsibilities

Computer Security Act of 1987

Improves the security and privacy of sensitive information in Federal computer systems and establishes minimum acceptable security practices for such systems.

OIS establishes policies, procedures, standards for unified security architecture.

Federal Information Security Management Act (FISMA) of 2002

The Office of Research advises if the university has contracts with federal agencies that require compliance with this act.

OIS assesses FISMA requirements in order to provide confidentiality, integrity, and availability.

Credit Card Regulations and Protection of Card Numbers: Expand

Law

How it applies to UC

OIS Responsibilities

Payment Card Industry (PCI) Regulations

Helps organizations proactively protect customer account data.

OIS supports the Office of the Treasury to assist with technical questions regarding PCI.

Protection of Safe Guarding of Medical Records: Expand

Law

How it applies to UC

OIS Responsibilities

Health Insurance Portability and Accountability Act (HIPAA)

Ensures the security and privacy of the patient's data.

OIS partners with UC Academic Health Center and other relevant areas of the university to establish and support a robust and sustainable HIPAA control framework.

Intellectual Property: Expand

Law

How it applies to UC

OIS Responsibilities

Digital Millennium Copyright Act of 1998 (DMCA)

Provides liability protection when concerning copyright infringement.

OIS is responsible for the compliance of DMCA at the university.

U.S. Copyright Law, October 2007

States measures to protect copyrighted works.

OIS partners with other university departments to interpret and enforce compliance with the law.


To view PDF files, you will need Adobe Acrobat Reader, a free download.