Current Laws with IT Security Requirements

Family Education Rights & Privacy Act (FERPA)

FERPA is the keystone federal privacy law for educational institutions and imposes confidentiality requirements around student educational records, prohibiting institutions from disclosing "personally identifiable education information" such as grades or financial aid information without the student's written permission. FERPA also provides students with the right to request and review their educational records and to make corrections to those records. The law applies with equal force to electronic and hardcopy records.  

For more information on FERPA, go to the U.S. Department Of Education Website at

Gramm-Leach-Bliley Act (GLBA)

The GLBA is applicable to financial institutions, colleges & universities and was enacted in 1999. It requires that Emory protect customer financial information including the personal identifying information such as names, addresses, account, credit information and Social Security numbers.

The Federal Trade Commission (FTC) regulations implementing the GLBA specifically provide that colleges and universities will be deemed in compliance with the privacy provisions of the GLBA if they are also in compliance with the Family Education Rights & Privacy Act (FERPA). The GLBA compliance is required by May 23, 2003 and requires Emory to develop a comprehensive security program, assess the need for employee training, and include obligations in their agreements with third parties that have access to financial records covered by the GLBA.

For additional information on the GLBA, see the Federal Trade Commission's site at

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA was enacted to protect the rights of patients and participants in certain health plans. Among other requirements HIPAA requires that health records be protected and to help protect against unauthorized disclosure of this information. This includes patient data at Universities and used in Research studies.  

For more information on HIPAA, go to the U.S. Department of Health & Human Services website at

Digital Millennium Copyright Act (DMCA)

The 1998 enactment of the Digital Millennium Copyright Act (DMCA) represents the most comprehensive reform of United States copyright law in a generation.