Location: Bowdoin / IT / FYI / Information Security / Security For / Regulations

Information Security

Get Help

Submit Help Ticket 24/7

Live Chat

x3030 or 207-725-3030
x5050 or 207-721-5050


Brief descriptions of common regulations effecting data security follow:

HIPPA    (Health Insurance Portability and Accountability Act)

The Health Insurance Portability and Accountability Act, originated in 1996, is a federal law that includes protecting medical records and other identifiable health information, whether it is on paper, in computers, or communicated orally.

FERPA   (Family Education Rights and Privacy Act)

The Family Education Rights and Privacy Act, originated in 1974, is a federal law that protects the privacy of student education records. Students have specific, protected rights regarding the release of such records.

  • Generally, schools must have written permission from the student in order to release any information from a student's education record.
  • Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance.
  • Bowdoin's Student Handbook section on student privacy rights

GLBA    (Gramm-Leach-Bliley Act)

The Gramm-Leach-Bliley Act, originated in 1999, is a federal law related to financial services and includes provisions to protect consumers' personal financial information held by financial institutions.

PCI DSS    (Payment Card Industry Data Security Standard)

The Payment Card Industry Data Security Standard applies to all entities that store, process, or transmit cardholder data.  It is administered by the PCI Security Standards Council, founded jointly by credit card financial institutions in 2006.  It's  intent is to help alleviate vulnerabilities and protect cardholder personal financial data from theft and misuse.  PCI Data Security Standards consist of 12 distinct standards of practice and technology developed to protect debit, credit, pre-paid, e-purse, ATM and POS cards and associated businesses.

Privacy Law

Privacy Laws vary by state but generally protect the same core of information about a person, referred to as Personally Identifiable Information or PII.  The laws require that individuals be notified when their personal information has been compromised and that this notification is done in a timely manner.

Personally Identifiable Information (PII) is defined by Maine State Breach notification law as: 

  • First name and last name, or first initial and last name, in conjunction with any of: 
    • Social Security Number
    • Credit Card Number
    • Bank Account Number
    • Drivers License Number
    • Password or PIN that would allow access to the above information 
Document author:
Last modified:
Oct 02, 2009