Protection of Personal Information (FERPA, GLBA, HIPAA)

Family Educational Rights and Privacy Act (FERPA), Gramm Leach Bliley Act (GLBA), and Health Insurance Portability and Accountatibility Act (HIPAA) are federal laws that address how personal confidential information will be handled. FERPA specifically addresses educational institutions; GLBA and HIPAA address financial information and medical information respectively.

University SAP 29.01.99.M1.16, Information Resources - Portable Devices requires encryption of TAMU-related confidential information that resides on portable computing devices. However, IT professionals should encourage encryption of all documents that may include confidential or sensitive information regardless of the electronic media used.

If sensitive personal information is disclosed, immediately follow the reporting guidelines in SAP 29.01.99.M1.24, Notification of Unauthorized Disclosure of Sensitive Personal Information.

Visit the following web sites for information on confidential information:

• Office of the Registrar's FERPA Statement for Faculty, Staff, and Administrators
• Gramm Leach Bliley Act (GLBA) - financial aid
• SAP 29.01.99.M1.17, Information Resources - Privacy
• Student Health Services' Student Rights and Confidentiality - HIPAA information
• University Rule 29.01.99.M1, Security for Electronic Information Resources
• SAP 29.01.99.M1.18, Security Monitoring

If you have any questions or concerns, please contact ITIM at itim@tamu.edu or 979.845.9254.