Protected Data

Protected data refers to data regulated by federal, state, and local legislation. These data require specific information security controls because they could be used to identify an individual or are sensitive in nature.

Not sure which regulations apply to your data? Try searching with a key word below (e.g., “financial,” “student,” or “patient.”)

Showing: All results

Chemical Facility Anti-Terrorism Standards (CFATS)

The Department of Homeland Security has issued Chemical Facility Anti-Terrorism Standards for any facility that manufactures, uses, stores, or distributes certain chemicals above a specified quantity.

Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act protects student information and gives individual students certain rights pertaining to their education records.

Federal Information Security Modernization Act (FISMA)

Under the Federal Information Security Modernization Act (FISM) federal agencies and those providing services on their behalf must develop, document, and implement security programs for information technology systems.

Food and Drug Administration Code of Federal Regulations, Title 21, Part 11 (FDA 21 CFR Part 11)

The regulations in FDA 21 CFR Part 11 set necessary criteria for electronic records and signatures to be considered reliable, trustworthy, and equivalent to paper versions.

General Data Protection Regulation (GDPR)

The Data Protection Law Enforcement Directive and other rules concerning the protection of personal data.

Gramm-Leach Bliley Act (GLBA)

The Gramm-Leach Bliley Act requires financial institutions (i.e., organizations offering consumers financial products, advice, or insurance) to protect their customer’s personal information.

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act specifies requirements for the privacy and security of all individually identifiable patient health information in any form or media, whether electronic, paper, or oral.

Missouri Personally Identifiable Information (PII)

Missouri PII refers to personally identifiable information (PII) as defined by the state of Missouri.

Nuclear Regulatory Commission (NRC)

The Nuclear Regulatory Commission outlines regulations to protect information related to U.S. government programs for the physical protection and safeguarding of nuclear materials or facilities.

Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard was developed by the major credit card companies as a guideline to help organizations that process card payments.