Data Security Regulations

Cybersecurity Maturity Model Certification

US Department of Defense (DoD) established Cybersecurity Maturity Model Certification (CMMC). It is a unifying standard for the implementation of cybersecurity and to provide increased assurance that an entity can adequately protect Controlled Unclassified Information (CUI) as well as Federal Contract Information (FCI). In relation to Higher Education, this directly relates to research activities that either currently participate or plan to participate in sponsored research by agencies, offices and commands under the DoD.

Louisiana Database Breach Notification Law

The Louisiana Database Breach Notification Law legislation requires notification to any Louisiana resident whose unencrypted "personal information" was, or is reasonably believed to have been, acquired by an unauthorized person as a result of a "security breach."

Higher Education Opportunity Act

H.R 4137, the Higher Education Opportunity Act (HEOA), is a reauthorization of the Higher Education Act.  It includes provisions that are designed to reduce the illegal uploading and downloading of copyrighted works through peer-to-peer (P2P) file sharing.

Digital Millennium Copyright Act

The Digital Millennium Copyright Act (DMCA) is legislation enacted by the United States Congress in October 1998 that made major changes to the US Copyright Act. The Digital Millennium Copyright Act (DMCA) is a piece of legislation signed into law in 1998 defining the illegal downloading and/or sharing of copyrighted material. LSU is required to investigate DMCA complaints and take action to remove infringing content.

Family Educational Rights and Privacy Act

The Family Educational Rights and Privacy Act of 1974, also known as the Buckley Amendment, is a federal law that protects the privacy of student “education records.” “Education records” are defined, with a few exceptions, as records containing information directly related to a student that are maintained by a school or its agent (including electronic records). FERPA prohibits schools from disclosing education records, or personally identifiable information in those records, other than certain basic directory information, without the student’s prior written consent, or the parent’s consent if the student is under the age of 18. The student may even request that directory information be withheld. Some exceptions allowing disclosure of education records do apply.  For further information contact the Office of the University Registrar.

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act was signed into law in 1999 and is applicable to financial institutions, including colleges and universities. Under GLBA, institutions are obliged to protect customer financial information. The GLBA requires companies and organizations to ensure the security of personally identifying information of financial institution customers, such as names, addresses, account and credit information, and Social Security numbers.

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act, enacted by Congress in 1996, was intended to create a national standard for the protection of personally identifiable information relating to health care. Education institutions may be obligated to comply with HIPAA in connection with a broad range of activities.