Category 1

Category 1: Mandatory use in order to comply with Federal, State, or Agency regulations, contains Personally Identifiable Information

Examples:

1. A faculty member wishing to teach with a Learning Management System (LMS) has licensed access for his or her class from a third-party. Course material, grades, student assignments and similar materials will be housed within the LMS. Student materials are generally protected by FERPA and thus need to be protected to the same degree whether the electronic service is offered on or off campus.
2. The ticket office at your institution's performing arts center wants to begin accepting credit cards for ticket purchases. They would like to outsource the entire transaction process to a third-party. Credit card information is highly sensitive and if mishandled exposes your institution to exceptional damages. The credit card industry requires compliance with their internal standards (i.e. Payment Card Industry Data Security Standard (PCI DSS)).
   

Relevant Themes:

• Credit Card Data
• Data Definition
• Data Sharing
• Data Transmission (including Encryption)
• Financial Information
• Notification of Security Incidents
• Protected Health Information (HIPAA)
• References to Third Party Compliance With Applicable Federal, State, and Local Laws and Regulatory Requirements
• Security Incident Investigations
• State Breach Notification Laws
• Student Education Records (FERPA)
• Use of Data

Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).