The UCIT Office of Information Security (OIS) is responsible for the protection of data items that UC collects and has on file about you. For more detailed information on how we work to protect and safeguard your information please go to: About OIS. Expand each section below to find descriptions of laws relating to the protection of data:
Law |
How it applies to UC |
OIS Responsibilities |
Resources |
Prevents the unauthorized release of personal records. |
OIS provides guidance on how to secure personally identifiable information (PII). In addition OIS responds to and investigates potential privacy violations at the university. |
||
Protects wire, oral, and electronic communications when being made, in transit, or stored on computers. |
OIS provides guidance to secure wire, oral, and electronic communications. In some instances OIS is responsible for verification of the compliance. |
||
Enables increased federal prosecution of identity theft crimes and restitution to victims of identity theft. |
OIS responds to, investigates and cooperates with local and federal law enforcement on identity theft cases. |
||
Requires the university to provide students with access to their education records, an opportunity to have the records amended, and some control over the disclosure of information from the records. |
OIS supports the Office of the Registrar on FERPA compliance matters as deemed necessary. |
||
Requires state agencies to adopt new rules for governing access to confidential personal information. |
OIS provides guidance on how to secure personally identifiable information (PII). In addition OIS responds to and investigates potential privacy violations. |
Law |
How it applies to UC |
OIS Responsibilities |
Resources |
Regulates how information is being shared in regards to financial institutions. |
OIS supports the Division of Administration and Finance (A&F) in achieving GLBA compliance. OIS also provides general guidance on internal controls over financial data and transactions. |
Law |
How it applies to UC |
OIS Responsibilities |
Resources |
Red Flag requires university units to develop policies and procedures when they receive a notice of address discrepancy from a consumer-reporting agency. The regulation also requires the university to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts. |
OIS assists university units such as Finance and Financial Aid to develop compliant operational processes and Identity Theft Prevention Programs. |
Law |
How it applies to UC |
OIS Responsibilities |
Resources |
Requires the university to have a login banner on all university computers/servers to ensure a successful prosecution if fraud and related activity occur on a university computer. |
OIS proactively monitors UC’s network for malicious activity. In addition OIS partners with local and federal law enforcement on cyber incidents. |
Law |
How it applies to UC |
OIS Responsibilities |
Resources |
Intended to reduce hacking of computer systems. |
OIS proactively monitors UC’s network for malicious activity. In addition OIS partners with local and federal law enforcement on cyber incidents. |
Law |
How it applies to UC |
OIS Responsibilities |
Resources |
Improves the security and privacy of sensitive information in Federal computer systems and establishes minimum acceptable security practices for such systems. |
OIS establishes policies, procedures, standards for unified security architecture. |
||
The Office of Research advises if the university has contracts with federal agencies that require compliance with this act. |
OIS assesses FISMA requirements in order to provide confidentiality, integrity, and availability. |
Law |
How it applies to UC |
OIS Responsibilities |
Resources |
Helps organizations proactively protect customer account data. |
OIS supports the Office of the Treasury to assist with technical questions regarding PCI. |
Law |
How it applies to UC |
OIS Responsibilities |
Resources |
Health Insurance Portability and Accountability Act (HIPAA) (Being reviewed) |
Ensures the security and privacy of the patient's data. |
OIS partners with UC Academic Health Center and other relevant areas of the university to establish and support a robust and sustainable HIPAA control framework. |
Law |
How it applies to UC |
OIS Responsibilities |
Resources |
Provides liability protection when concerning copyright infringement. |
OIS is responsible for the compliance of DMCA at the university. |
||
States measures to protect copyrighted works. |
OIS partners with other university departments to interpret and enforce compliance with the law. |