Federal Laws

Some of the more well-known federal privacy laws mentioned in the higher education privacy space include:*

  • The Family Educational Rights and Privacy Act of 1974 (FERPA): Designed to protect students and their families by ensuring the privacy of student educational records.
  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA): Requires covered entities (typically medical and health insurance providers and their associates) to protect the security and privacy of health records.
  • The Gramm Leach Bliley Act of 1999 (GLBA): Imposes privacy and information security provisions on financial institutions; designed to protect consumer financial data.
  • Federal Policy for the Protection of Human Subjects (“Common Rule”): Published in 1991 and codified in separate regulations by 15 federal departments and agencies, outlines the basic ethical principles (including privacy and confidentiality) in research involving human subjects.
  • The Fair and Accurate Credit Transaction Act of 2003 (FACTA, or “Red Flags Rule”): Requires entities engaged in certain kinds of consumer financial transactions (predominantly credit transactions) to be aware of the warning signs of identity theft and to take steps to respond to suspected incidents of identity theft.
  • The Privacy Act of 1974: Specifies the rules that a federal agency must follow to collect, use, transfer, and disclose an individual’s personally identifiable information (PII).

When information is covered by more than one of these laws, the strictest law’s provisions rule.

It’s Not Just FERPA: Privacy and Security Issues in Higher Education (Baker Donelson)

* This list of laws is from the EDUCAUSE Information Security Guide chapter on privacy and is printed on FERPA|Sherpa under a Creative Commons license (CC BY-NC-SA 4.0).