Family Educational Rights and Privacy Act (FERPA)
Family Educational Rights and Privacy Act (FERPA)- All written information related to a specific student that is not considered directory information or is not contained in university police records is considered restricted.
Gramm–Leach–Bliley Act (GLB) AKA the Financial Services Modernization Act of 1999
Gramm–Leach–Bliley Act (GLB) AKA the Financial Services Modernization Act of 1999-The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLB Act), includes privacy provisions to protect consumer information held by financial institutions. In 2003, the Federal Trade Commission (FTC) confirmed that higher education institutions are considered financial institutions under this federal law.
Health Insurance Portability and Accountability Act (HIPAA)
Alaska Personal Information Protection Act
Alaska Personal Information Protection Act- The law provides several protections for personal informationa notice requirement when a breach of security concerning personal information has occurred; the ability to place a security freeze on a consumer credit report; various restrictions on the use of personal information and credit information; the disposal of records containing personal information; allowing a victim of identity theft to petition the court for a determination of factual innocence; and truncation of credit card information.
General Data Protection Regulation
General Data Protection Regulation (GDPR), is new data privacy law applicable to the European Union subjects and business operations that involve EU subjects. The new law results from the need to protect data and privacy rights of individuals as highly sensitive personal information on their students, faculty, exchange students, researchers, employees, and others become increasingly digitized.
It applies to all institutions involved in processing data about citizens in the EU, regardless of whether the organization is located within the EU. The regulation will be in effect from May 2018. The key distinction is that the data protected under the GDPR is broader than U.S. federal laws for data protection under Family Educational Rights and Privacy Act (FERPA), Under the GDPR, any unique identifiers assigned to students/employees or their electronic devices by institutions, such as in the admissions/hiring process, will also need to be protected.
The University of Alaska is strongly committed to maintaining the privacy and security of confidential personal information and other highly sensitive data that it collects. Our privacy and public records obligations are governed by applicable State of Alaska statutes, including, but not limited to, the Alaska Personal Information Protection Act - AS 45:48, University of Alaska Board of Regents Policy on Information Security and Privacy - P02:07 and by any applicable U.S. federal laws.