In general, colleges and universities have to comply with more regulations than businesses. In addition to U-M’s information technology policies and guidelines, there are state and federal regulations that govern information privacy and security that could directly impact certain U-M units. For example:
- The Michigan Library Privacy Act provides for the confidentiality of certain library records.
- The Michigan Freedom of Information Act allows for public access to certain public records of public bodies.
- The Health Insurance Portability and Accountability Act created standards for the use and dissemination of health care information.
- The Gramm-Leach-Bliley Act protects privacy of consumer information in the financial sector.
- The Computer Fraud and Abuse Act increased the scope and penalties for computer “hacking” crimes.
- The Sarbanes-Oxley Act established new or enhanced standards for all U.S. public company boards, management, and public accounting firms.
- The USA PATRIOT Act provides law enforcement agencies with greater access to electronic communications.
- In addition, the Family Educational Rights and Privacy Act of 1974 protects the privacy of student educational records. FERPA applies to any higher education institution receiving federal funds administered by the Department of Education.
For an overview of these issues, watch the presentation "Information Privacy & Security within the Academic Setting" from the SUMIT_07 Symposium hosted by U-M Information Technology Security Services.