Security
Sensitive Data Guide
What Laws Regulate Sensitive Data?
The Ohio State University falls under the jurisdiction of many state and federal laws regarding the information we utilize and store. The definition of sensitive data as well as the description of what constitutes a breach of law and the applicable penalties differ from law to law.The most pertinent regulatory acts and laws that concern the University's handling of sensitive data are as follows:
- Ohio House Bill 104: Established requirements for notification of Ohio residents in the event that certain personal information is disclosed or reasonably believed to be disclosed to unauthorized persons through a system security breach. Specific requirements vary depending on the size and certainty of the disclosure. The University will also take steps beyond those required by this legislation.
- Family Education Right and Privacy Act: FERPA, as amended, sets forth requirements designed to protect the privacy of student educational records. The law governs access to records maintained by educational institutions and the release of information from those records.
- Health Insurance Portability and Accountability Act (Public Law 104-191): HIPAA mandates how medical institutions and insurers must handle a patient's personally identifiable medical information.
- Privacy Act of 1974: This federal legislature defines the requirements of record keeping institutions to protect the individual rights of American citizens.
