1 / 14

Privacy Laws & Higher Education

Privacy Laws & Higher Education. Agenda. Five Privacy Laws FERPA HIPAA GLB FACTA Disposal Rule CAN-SPAM Overview of the Laws What does the law protect? Who does the law apply to? Where are potential risk areas at UW? What does the law require? Privacy Laws & Audits

jela
Download Presentation

Privacy Laws & Higher Education

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Laws & Higher Education

  2. Agenda • Five Privacy Laws • FERPA • HIPAA • GLB • FACTA Disposal Rule • CAN-SPAM • Overview of the Laws • What does the law protect? • Who does the law apply to? • Where are potential risk areas at UW? • What does the law require? • Privacy Laws & Audits • References/Questions

  3. FERPAFamily Educational Rights & Privacy Act • Law: • Protects student educational records, including documents that contain information directly related to the student • Includes records maintained by the University or a person/entity acting on its behalf. • Educational institutions may not release educational records without the student’s consent. This includes prospective employers, government agencies, credit bureaus and others. • Exception: Student Directory Information • Applies to:Educational institutions

  4. FERPAFamily Educational Rights & Privacy Act • Potential Risk Areas at UW: • Registrars’ Offices; • Admissions’ Offices; • Financial Aid Offices; • Deans’ Offices; • Hall Health; • Sports Medicine Clinic; • Others • Requires: • Students’ Consent • Annual Publication of FERPA Policy • Complaint Process • School Directory Opt-out Provision

  5. HIPAAHealth Insurance Portability & Accountability Act • Law: • Protects privacy & security of personally identifiable health information. • Privacy Rule: Pertains to Oral, Paper & Electronic Information • Security Rule: Pertains to Only Electronic Information • Limits use & disclosure of health information to treatment, payment & healthcare operations. • FERPA Exception • Applies to: • Health care providers, • Health care plans, and • Health care clearinghouses

  6. HIPAAHealth Insurance Portability & Accountability Act • Potential Risk Areas at UW: • HMC, UWMC • UWP, CUMG • Dental Clinics • Hall Health Services; Sports Medicine Clinic • UW Group Health Plans (Plan Administration)Note: HIPAA may also impact research with human subjects, SOM Library, some development activities • Requires: Administrative Safeguards • Privacy Officer • Privacy Notice • Amendment of Plans • Policies & Procedures • Training • Business Associate Agreements • Complaint Process

  7. GLBA: Gramm Leach Bliley Act • Law: • Protects privacy & security of personally identifiable, non-public, financial information. • Privacy provision has a FERPA exception, but safeguards rule does not. • Applies to: • Businesses that provide financial services or products • Examples: • Brokering or servicing loans, • Transferring or safeguarding money, • Providing financial advice, • Collecting consumer debt

  8. GLBA: Gramm Leach Bliley Act • Potential Risk Areas at UW: • Central Administration: • Financial: Student Financial Services • Administration: Huskies Card • Development: Planned Giving • Schools: • Financial Aid Offices • Deans Emergency Loans • Pro Bono Tax Program • Requires: • Oversight • Risk Assessment • Written Safeguards Program • Monitoring of Safeguards • Contract Provisions with Service Providers

  9. FACTA: Disposal RuleFair & Accurate Credit Transactions Act • Law: • Ensures proper disposal of confidential, personally identifiable, financial reports. • Applies to: • Individuals & companies that obtain consumer reports, including credit reports & other information related to employment background checks • Includes employers, lenders, insurers, mortgage brokers, debt collectors.

  10. FACTA: Disposal RuleFair & Accurate Credit Transactions Act • Potential Risk Areas at UW: • Office of Human Resources • Other departments responsible for conducting background checks, such as Finance. • Possibly Student Financial Services and Student Financial Aid • Requires: • Reasonable disposal policies & practices • Due diligence in selecting of a disposal company’s operations

  11. CAN-SPAMControlling the Assault of Non-Solicited Pornography & Marketing Act • Law: • Protects e-mail communications from SPAM (non-solicited pornography & marketing materials) • Applies to: • Commercial e-mail communications • Includes any e-mail message where the primary purpose is to promote a product or service • Also includes any e-mail message that promotes content on a Website operated for a commercial purpose.

  12. CAN-SPAMControlling the Assault of Non-Solicited Pornography & Marketing Act • Potential Risk Areas at UW: • Revenue generating centers or operations • Commerce related activities • Hosted programs • Advertisements or promotions of product or service Examples: • Products offered by UW to 3rd parties • Trips organized by a UW office • Tickets for sporting or cultural events • Subscriptions to journals, magazines or newsletters • Requires: • Valid return e-mail address • Mechanism for recipients to opt-out • Notice that e-mail is an advertisement or solicitation • Valid physical postal address of sender • No false or misleading transmission information

  13. Privacy Laws & Audit Services • Privacy Compliance & Audit Services: • Include Privacy Laws in Operational Self Assessment • Consider Types of Information in Scoping Process • Health Information (HIPAA) • Financial Information (GLB) • Credit Information (FACTA Disposal Rule) • Student Information (FERPA) • E-Mail (CAN SPAM) • Develop Audit Programs • Refer to legal requirements for appropriate internal controls • Refer to University policies, which may be more stringent than the law • Educate & Counsel Clients

  14. References • HHS Website: • HIPAA • FTC Website: • GLB • FACTA Disposal Rule • CAN-SPAM • DOE Website: • FERPA • UW Websites • Privacy Law.Net

More Related