Privacy Laws and Regulations

Personal information collected and processed by GW in the course of university operations is protected by various privacy laws and regulations, including but not limited to the Family Educational Rights and Privacy Act (FERPA), Gramm-Leach Bliley Act (GLBA), and the General Data Protection Regulation (GDPR).  


Under FERPA (Family Educational Rights and Privacy Act of 1974) the university is required to protect the privacy of students' personally identifiable information.

Learn more about FERPA


The Health Insurance Portability and Accountability Act (HIPAA) is a Federal law that requires the protection and confidential handling of protected health information.

Learn more about HIPAA


The General Data Protection Regulation (GDPR) is a regulation in EU law, which protects the privacy of European Union’s (EU) residents' personal data.

Learn more about GDPR


The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.

Learn more about GLBA


The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements designed to ensure that companies that process, store, or transmit credit card information maintain a secure environment.

All university departments that accept credit cards are required to participate in a PCI compliance program that is administered by Treasury Management in partnership with GW Information Technology.

For more information regarding compliance requirements, contact Treasury Management.


PCI Data Security Standard Overview

PCI Compliance Guide

GW Credit Card & Merchant Services