Compliance & Policy Requirements
Depending upon the nature of the data being stored or transmitted, various local policies or legal requirement may apply toward its protection.
The following is a list of applicable policies as well as state and federal regulations.
Federal Laws and Regulations
- Communications Assistance for Law Enforcement Act (CALEA)
Overview page with links to related governmental and other organizational sites:
www.educause.edu/Resources/Browse/CALEA/30781
Text of the law:
www.askcalea.net/docs/calea.pdf - Family Educational Rights and Privacy Act (FERPA)
U.S. Department of Education, Final regulations (4/16/2004):
www.ed.gov/legislation/FedRegister/finrule/2004-2/042104a.pdf
Office of Student Life policy summary:
www.brown.edu/Student_Services/Office_of_Student_Life/randr/federal/ferpa.html
Student Employment FERPA Non-Disclosure / Confidentiality Agreement:
http://financialaid.brown.edu/Content/Files/FERPAConfdAgre.pdf - Federal Information Security Management Act (FISMA)
The law:
www.fismacenter.com/FISMA-final.pdf
FISMA Center:
www.fismacenter.com/ - Federal Trade Commission (FTC) Red Flags Rule
FTC Extended Enforcement Policy; Identity Theft Red Flags Rule, 16 CFR 681.1:
www.ftc.gov/os/2009/07/P095406redflagspolicy.pdf
Fighting Fraud with the Red Flags Rule: A How-To Guide for Business:
www.ftc.gov/redflagsrule - Gramm-Leach-Bliley Act (GLBA)
U.S. Senate Banking Committee, Financial Services Modernization Act, Summary of Provisions:
http://banking.senate.gov/conf/grmleach.htm - The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules
U.S. Department of Health & Human Services resource site:
www.hhs.gov/ocr/privacy/
Overview from House Committee on Ways and Means:
http://waysandmeans.house.gov/media/pdf/110/hit2.pdf - Health Information Technology for Economic and Clinical Health (HITECH) Act
U.S. Department of Health & Human Services resource site:
www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/guidance_breachnotice.html - Higher Education Opportunity Act (HEOA)
www2.ed.gov/policy/highered/leg/hea08/
Brown's Compliance Statement:
www.brown.edu/cis/policy/heoa.php - Student and Exchange Visitor Information System (SEVIS)
U.S. Immigrations and Customs Enforcement site:
www.ice.gov/sevis/
U.S. Department of State Overview:
http://exchanges.state.gov/jexchanges/sevis.html
- Sarbanes-Oxley Act (SOX)
U.S. Government Printing Office:
www.gpo.gov/fdsys/pkg/PLAW-107publ204/content-detail.html
Overview (courtesy of Addison-Hewitt Associates):
www.soxlaw.com/
Brown's Policies
- Computing
- Computing Information Services: Brown Information Checklist for Protecting Information
www.brown.edu/cis/policy/protectinginfo.php - Computing Passwords Policy
www.brown.edu/cis/policy/password.php
- Computing Information Services: Brown Information Checklist for Protecting Information
- Faculty
- Faculty Rules & Regulations
http://www.brown.edu/Faculty/Faculty_Governance/rules.html
- Faculty Rules & Regulations
- Researchers
- Office of Sponsored Projects: Policies and Procedures
http://research.brown.edu/rschadmin/osp_policies.php - Brown University Policy for Responding to Allegations of Research Misconduct
http://research.brown.edu/policies/misconduct.php - Brown University Policies and Procedures for the Protection of Human Participants in Research
http://research.brown.edu/policies/hrpo.php - Office of the Provost: Policies and Procedures Relating to Research Privacy
www.brown.edu/Administration/Provost/policies/rpp.html
- Office of Sponsored Projects: Policies and Procedures
- Students
- Principles of the Brown University Community: The Academic Code and Non-Academic Conduct
www.brown.edu/Administration/Dean_of_the_College/academic_code/code.html
- Principles of the Brown University Community: The Academic Code and Non-Academic Conduct
- Employees
- Human Resources: Policies and Practices Policy #20.063, Confidential Information and SW Piracy
www.brown.edu/Administration/Human_Resources/policies/20.063.html - Internal Audit: Records Retention Guidelines
http://www.brown.edu/Administration/Internal_Audit/guidance/records - Internal Audit: Brown University's Department Risk-Control Self-Assessment Tools
http://www.brown.edu/Administration/Internal_Audit/guidance/risk.html (mail form)
http://www.brown.edu/Administration/Internal_Audit/risk.pdf (PDF form) - Health
- Brown University Health Services: The Patient Bill of Rights and Responsibilities
http://www.brown.edu/Student_Services/Health_Services/start/rights.html - Brown University Psychological Services: Statement of Confidentiality
www.brown.edu/Student_Services/Psychological_Services/confidentiality.html
- Brown University Health Services: The Patient Bill of Rights and Responsibilities
- General Safety
- Department of Public Safety:
www.brown.edu/Administration/Public_Safety/
- Department of Public Safety: