Status: Final Draft
Last Revision Date: March 6, 2025
Regulatory and Compliance References
To ensure compliance with federal, state, and industry security standards, the following regulations and guidelines serve as foundational references:
-
U.S. Department of Education: Guidance Letter – Protecting Student Information
Student Privacy
-
U.S. Department of Education: Family Educational Rights and Privacy Act (FERPA)
FERPA Policy
-
U.S. Department of Homeland Security: Federal Information Security Management Act (FISMA)
FISMA Overview
-
Gramm-Leach-Bliley Act (GLBA)
GLBA Compliance
-
Federal Trade Commission (FTC) Red Flags Rule
FTC Red Flags Guide
-
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA Privacy Laws
-
International Organization for Standardization (ISO) Standards
ISO Standards
-
National Institute of Standards and Technology (NIST) Cybersecurity Framework
NIST Cybersecurity Framework
-
Payment Card Industry Data Security Standard (PCI DSS)
PCI Compliance
-
Sarbanes-Oxley Act (SOX) for Colleges and Universities
SOX Overview
-
Oregon Identity Theft Protection Act, ORS 646A.600-628
Oregon DOJ Data Breaches
This policy provides guidance for maintaining compliance with the aforementioned regulations to ensure the security and integrity of institutional data and sensitive information.