They’re the acronyms by which Security lives and breathes—PCI, HIPAA, FERPA, GLBA—but what do they mean? Compliance regulations are laws or standards that we have to, well, comply with. They regulate entities that process credit card, medical, student, and financial information. When it comes to policy, we look to them to help us determine what our standards should be. What it all comes down to is our responsibility to safeguard your personal information—to ensure that when you swipe your credit card or seek medical treatment on our campus, your privacy is protected. To learn more, please visit the following sites:
PCI (Payment Card Industry): https://www.pcisecuritystandards.org/
HIPAA (Health Insurance Portability and Accountability Act): http://www.hhs.gov/ocr/privacy/index.html
FERPA (Family Educational Rights and Privacy Act): http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
GLBA (Gramm-Leach Bliley Act): http://www.ftc.gov/privacy/privacyinitiatives/glbact.html
PCI
What is PCI?PCI stands for Payment Card Industry. This industry was formed by the credit card companies (such as Visa, MasterCard, and American Express) in response to the large number of credit card security breaches that were taking place. These breaches were causing a loss of customer trust, so the PCI Council decided to implement a standard (called the Data Security Standard, or DSS) to assure consumers that credit card usage is still reliable and secure.
Does PCI apply to me?
PCI applies to all members, merchants, and service providers that store, process, or transmit credit card data. If your department accepts credit cards, then PCI applies to you.
PCI applies to my department. What are my responsibilities?
There are a few key things you should do (and also not do!) to ensure you are compliant with PCI’s standards. We put together this simple list of Do’s and Don’ts for a quick reference.
Policies
We are in the proccess of developing compliance policies. For official University IT policies, please visit: http://www.ou.edu/committees/itc/policy.html. If you are interested in learning about safe computing, visit our Best Practices page.