State, Federal, and Higher Ed Policies and Regulations
Ohio State is responsible for understanding and abiding by policies and regulations set forth by other institutions that impact our work. Below is a sampling of key policies and regulations.
Ohio Policies, Regulations, and Law
Ohio Revised Code §1347: Ohio Revised Code §1347 (formerly referred to as House Bill 104) establishes requirements for notifying Ohio residents in the event that certain personal information is disclosed or reasonably believed to be disclosed to unauthorized persons through a system security breach. Personal information as defined in this law includes an individual's name coupled with his or her Social Security number, driver's license number and/or credit card information. Specific requirements vary depending on the size and certainty of the disclosure.
Ohio Senate Bill 126 went into effect March 30, 2007. This legislation exempts persons, entities, state agencies and agencies of political subdivisions that are "covered entities" under the federal Health Insurance Portability and Accountability Act (HIPAA) from the disclosure requirement related to unauthorized access to personal information as required by Ohio Revised Code 1347.12.
Ohio Ethics Law
Ohio Public Records Law
Federal Policies and Regulations (including USA Patriot Act)
FERPA: FERPA protects the privacy of students' education records by setting forth strict instructions and limitations governing the release of information about students. Particularly sensitive information includes students' Social Security numbers, race or ethnicity, gender, nationality, academic performance, disciplinary records, and grades.
Health Insurance Portability and Accountability Act of 1996 (HIPAA): HIPAA is a federal law comprised of three sets of regulations that establish and protect patient rights and disseminate standards for the protection of individually identifiable health information, otherwise known as protected health information (PHI).
- Read HIPAA Content
- US Department of Health & Human Services
Payment Card Industry (PCI) Standards: A set of security standards created by the major credit card companies that applies to any organization that processes and/or stores credit or debit card information; the standards include requirements for security management, policies, procedures, network architecture, software design and auditing.
Gramm-Leach-Bliley Act: Sets forth key provisions on the collection and disclosure of consumer's personal financial information, such as bank account numbers.
FACTA Red Flags: Regulation intended to reduce the risk of identity theft. The regulation defines twenty-six alerts or red flags. A Red Flag refers to a pattern, practice or specific activity that indicates the possible existence of identity theft. The regulation is monitored by the Federal Trade Commission and goes into effect November 1, 2009.
- Identity Theft Red Flags Policy
- Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule
- FTC - Agencies Issue Final Rules on Identity Theft Red Flags and Notices of Address Discrepancy
- List of Red Flags Outlined in the Regulation
USA Patriot Act
Higher Education and Teaching Policies
- ACUTA Legislation & Regulation Update / Matrix
- American Library Association Washington Office
- EDUCAUSE/Cornell Institute for Computer Policy and Law