Information Security
Data Security Regulations and Standards
Personal, financial and health data need to be protected, for ethical as well as legal reasons. The Privacy Rights Clearinghouse now publishes a list of "known" security breaches which have happened since the ChoicePoint announcement. Below is the list of federal, state and industry regulations covering data in electronic form.
- Federal Regulations
- Family Educational Rights and Privacy Act (FERPA) - privacy of student education records
- Electronic Fund Transfers
- Food and Drug Administration's Protection of Human Subjects 21 CFR 50 and Institutional Review Boards 21 CFR 56
- Gramm-Leach Bliley Act (GLBA) - financial privacy
- HIPAA - personal health information privacy
- HHS Human Research Subjects Protection, 45 CFR 46
- State Regulations impacting Tufts
- Massachusetts Computer Crime Law
- California Senate Bill 1386 - commonly known as the Data Breach Notification Law (SB1386) mandates the public disclosure of computer security breaches involving unencrypted personal information of California residents.
- Industry Standards
- Payment Card Industry Data Security Standard
- PCI Security Standard Manual, Jan 2005 from MasterCard International.
- VISA Cardholder Information Security Program
Tufts Home |
Inside Tufts |
Contact University Information Technology
Privacy/Security Notices |
Updated April 30 2008
© 2008 Trustees of Tufts College. All rights reserved.