Key Privacy Regulations
Personal information collected and processed by GW in the course of university operations is protected by various privacy laws and regulations, including but not limited to the Family Educational Rights and Privacy Act (FERPA), Gramm-Leach Bliley Act (GLBA), and the General Data Protection Regulation (GDPR).
Under FERPA (Family Educational Rights and Privacy Act of 1974) the university is required to protect the privacy of students' personally identifiable information.
The General Data Protection Regulation (GDPR) is a regulation in EU law, which protects the privacy of European Union’s (EU) residents' personal data.
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.
The Health Insurance Portability and Accountability Act (HIPAA) is a Federal law that requires the protection and confidential handling of protected health information.
- PCI DSS
The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements designed to ensure that companies that process, store, or transmit credit card information maintain a secure environment.
All university departments that accept credit cards are required to participate in a PCI compliance program that is administered by Treasury Management in partnership with GW Information Technology.