This page provides a brief list of the most common federal data protection laws. For a more comprehensive list of key federal laws and regulations governing colleges and universities, please visit the Higher Education Compliance Alliance website to view the HECA Compliance Matrix. |
The following federal laws apply to how higher education institutions and non-governmental agencies collect and use data. |
The Health Insurance Portability and Accountability Act of 1996 (HIPAA): Requires covered entities (typically medical and health insurance providers and their associates) to protect the security and privacy of health records. This law is often implicated in conversations about student data when institutions have a campus medical center and student medical records are integrated with student educational records (which are protected under FERPA).
See the U.S. Department of Health and Human Services HIPAA website for more information.
The Gramm Leach Bliley Act (GLBA): Applies to financial institutions and contains privacy and information security provisions that are designed to protect consumer financial data. This law also applies to how institutions collect, store, and use financial records (e.g., records regarding student tuition payments and/or financial aid) containing personally identifiable information.
See the U.S. Federal Trade Commission GLBA website for more information.
The Fair and Accurate Credit Transaction Act of 2003 (FACTA or “Red Flags Rule”): Requires entities engaged in certain kinds of consumer financial transactions to be aware of the warning signs of identity theft and to take steps to respond to suspected incidents of identity theft. Like GLBA, this law applies to how institutions collect, store, and use student financial records.
See the U.S. Federal Trade Commission Red Flags Rule website for more information.
The following laws apply to how the federal government collects and uses data. |
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).