Records and Information Management

Federal Legislation Affecting Higher Education

Summarized below in chronological order are some key regulations and legislation that significantly impact both records and information management and higher education in the United States. For additional information on these and other relevant laws, please see the U.S. Department of Education website.

1974

• Family Educational Rights and Privacy Act (FERPA):  a set of federal regulations regarding how institutions manage the privacy of student data.
    

1990

• Crime Awareness and Campus Security Act of 1990 (Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act):  obligates colleges and universities to collect and disclose campus crime statistics on an annual basis.
    

1996

• Solomon Amendment:  mandated that colleges and universities cooperate with the recruitment efforts of the armed forces, specifically defining student recruitment information. Solomon was passed as an amendment to FERPA, essentially to ensure no conflict with the student privacy and disclosure concerns of institutional record managers.

• Health Insurance Portability and Accountability Act (HIPPA):  required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers.
    

1998

• Higher Education Amendments of 1998:  included two important amendments to FERPA providing for the disclosure of student information in certain situations:
  
  1. Foley Amendment (FERPA):  allowed higher education institutions to disclose the results of disciplinary hearings where a crime of violence or non-forcible sexual offense had been deliberated.
  
  2. Warren Amendment (FERPA):  permitted colleges and universities to notify the parents of minors where infractions involving the use or possession of alcohol or other controlled substances had been determined. Infractions may refer to federal, state, or local laws as well as to the institution's rules and policies.
    

1999

• Financial Modernization Act of 1999 (Gramm-Leach-Bliley (GLB) Act):  impacts the financial services and accounting infrastructures of colleges and universities. The Act focuses on the level of controls and security on personal information maintained by colleges and universities that is collected when offering financial services. It is intended to ensure the privacy and protection of the financial information and personal data of customers regardless of whether in paper or electronic format. Examples of financial services offered at colleges and universities include student loans, real estate loans, travel, employee loans, and financial aid.
     

2001

• Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act:  supersedes FERPA by allowing federal investigators to investigate potential terrorist activity within the United States. Not only provides access to information and records but also authorizes a variety of surveillance activities in an effort to circumvent a terrorist attack.
     

2002

• Sarbanes-Oxley Act (SOX, SOA, or SarbOx):  added oversight protections for the financial accounting of corporations and institutions and criminalized financial fraud by making those entities accountable for the financial records they make available to the public.
    

2003 and 2005

• Fair and Accurate Credit Transactions Act (FACTA):  amended the existing Fair Credit Reporting Act providing consumers, companies, consumer reporting agencies and regulators with new tools to expand consumer access to credit, enhance the accuracy of consumer financial information, and help fight identity theft. FACTA is administered by the Federal Trade Commission (FTC). FACTA applies to any person or company, including government agencies, that "maintains or otherwise possesses consumer information or any compilation of consumer information, derived from consumer reports for a business purpose.
  
  In June of 2005, a specific rule regarding the proper disposal of consumer report information and records went into effect, the purpose of which was to reduce the risk of identity theft and other consumer harm from improper disposal of a consumer report or any record derived from one. It mandates that an organization must take reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
     

2008

• Red Flags Rule:  was created by the Federal Trade Commission (FTC), along with other government agencies such as the National Credit Union Administration(NCUA), to help prevent identity theft. It is based upon the Fair and Accurate Credit Transactions Act (FACTA). The heart of the Red Flags Rule is the set of policies and procedures that institutions must develop in order to help control identity theft.