Skip to main content

Compliance & Law

The UCIT Office of Information Security (UCIT OIS) is responsible for the protection of data items that UC collects and has on file about you. For more detailed information on how we work to protect and safeguard your information please go to: About UCIT OIS. Expand each section below to find descriptions of laws relating to the protection of data:

Privacy of Personal Data: Expand

Law

How it applies to UC

UCIT OIS Responsibilities

Resources

Federal Privacy Act of 1974

Prevents the unauthorized release of personal records.

UCIT OIS provides guidance on how to secure personally identifiable information (PII). In addition UCIT OIS responds to and investigates potential privacy violations at the university.

Department of Justice

Federal Trade Commission

Electronic Communications Privacy Act of 1986

Protects wire, oral, and electronic communications when being made, in transit, or stored on computers.

UCIT OIS provides guidance to secure wire, oral, and electronic communications. In some instances UCIT OIS is responsible for verification of the compliance.

Department of Justice

Identity Theft Enforcement and Restitution Act

Enables increased federal prosecution of identity theft crimes and restitution to victims of identity theft.

UCIT OIS responds to, investigates and cooperates with local and federal law enforcement on identity theft cases.

Library of Congress

Family Educational Rights and Privacy Act (FERPA)

Requires the university to provide students with access to their education records, an opportunity to have the records amended, and some control over the disclosure of information from the records.

UCIT OIS supports the Office of the Registrar on FERPA compliance matters as deemed necessary.

UC Registrar

Department of Education

ORC§1347.15 (Formerly House Bill 648)

Requires state agencies to adopt new rules for governing access to confidential personal information.

UCIT OIS provides guidance on how to secure personally identifiable information (PII). In addition UCIT OIS responds to and investigates potential privacy violations.

State of Ohio

Privacy and Protection of Financial Information: Expand

Law

How it applies to UC

UCIT OIS Responsibilities

Resources

Gramm-Leach Bliley Act (GLBA)

Regulates how information is being shared in regards to financial institutions.

UCIT OIS supports the Division of Administration and Finance (A&F) in achieving GLBA compliance. UCIT OIS also provides general guidance on internal controls over financial data and transactions.

Federal Trade Commission

Integrity of Credit Reporting and Protection from Identity Theft: Expand

Law

How it applies to UC

UCIT OIS Responsibilities

Resources

Fair and Accurate Credit Transactions Act (FACTA)

Red Flag requires university units to develop policies and procedures when they receive a notice of address discrepancy from a consumer-reporting agency. The regulation also requires the university to develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts.

UCIT OIS assists university units such as Finance and Financial Aid to develop compliant operational processes and Identity Theft Prevention Programs.

Privacy Rights on FACTA

Computer Fraud: Expand

Law

How it applies to UC

UCIT OIS Responsibilities

Resources

Computer Fraud and Abuse Act of 1986

Requires the university to have a login banner on all university computers/servers to ensure a successful prosecution if fraud and related activity occur on a university computer.

UCIT OIS proactively monitors UC’s network for malicious activity. In addition UCIT OIS partners with local and federal law enforcement on cyber incidents.

Library of Congress

State of Ohio Security Breach Law: Expand

Law

How it applies to UC

UCIT OIS Responsibilities

Resources

Ohio Security Breach Law

Intended to reduce hacking of computer systems.

UCIT OIS proactively monitors UC’s network for malicious activity. In addition UCIT OIS partners with local and federal law enforcement on cyber incidents.

Library of Congress

Maintaining a Security Infrastructure at UC: Expand

Law

How it applies to UC

UCIT OIS Responsibilities

Resources

Computer Security Act of 1987

Improves the security and privacy of sensitive information in Federal computer systems and establishes minimum acceptable security practices for such systems.

UCIT OIS establishes policies, procedures, standards for unified security architecture.

Department of Commerce

Federal Information Security Management Act (FISMA) of 2002

The Office of Research advises if the university has contracts with federal agencies that require compliance with this act.

UCIT OIS assesses FISMA requirements in order to provide confidentiality, integrity, and availability.

National Institute of Standards and Technology

Credit Card Regulations and Protection of Card Numbers: Expand

Law

How it applies to UC

UCIT OIS Responsibilities

Resources

Payment Card Industry (PCI) Regulations

Helps organizations proactively protect customer account data.

UCIT OIS supports the Office of the Treasury to assist with technical questions regarding PCI.

PCI Security Standards Council

Protection of Safe Guarding of Medical Records: Expand

Law

How it applies to UC

UCIT OIS Responsibilities

Resources

Health Insurance Portability and Accountability Act (HIPAA)

Ensures the security and privacy of the patient's data.

UCIT OIS partners with UC Academic Health Center and other relevant areas of the university to establish and support a robust and sustainable HIPAA control framework.

Department of Health and Human Services

Intellectual Property: Expand

Law

How it applies to UC

UCIT OIS Responsibilities

Resources

Digital Millennium Copyright Act of 1998 (DMCA)

Provides liability protection when concerning copyright infringement.

UCIT OIS is responsible for the compliance of DMCA at the university.

U.S. Copyright Office

UC Use of Technology Policy

U.S. Copyright Law, October 2007

States measures to protect copyrighted works.

UCIT OIS partners with other university departments to interpret and enforce compliance with the law.

UC Copyright Infringement


To view PDF files, you will need Adobe Acrobat Reader, a free download.