Applicable Laws and Regulations
Drexel University’s data may be protected by a number of laws, regulations, and policies and procedures including but not limited to standards that depend on the data source, data subjects and purpose of the data processing. With 13 US states passing comprehensive data privacy laws since 2019, more than 16 states have introducing new privacy laws and 130 countries globally enacting laws controlling the collection, use, and disclosure of personally identifiable information (PII), it’s clear that the privacy landscape is complex, and constantly evolving. These laws are in place to respect and protect personal privacy.
The provided list of privacy laws and regulations is here to support you in protecting privacy at Drexel. It is not a comprehensive list but It's designed to be a friendly guide to help you become familiar with some of the rules that might impact your daily operations.
As the landscape of privacy continues to shift, we are here to be your steadfast partner, navigating these changes together and providing updates and resources along the way.
Privacy Program Services' goal is to empower you with the knowledge and tools you need to confidently manage and protect personal information.
Remember — It’s Okay to Ask. Contact us at privacy@drexel.edu with any questions.
| Law |
Jurisdiction |
Implicated University Records |
| 42 CFR Pt. 2 - Confidentiality of Substance Use Disorder Patient Records |
Federal |
Healthcare Records |
| Americans with Disabilities Act of 1990 |
Federal
|
Employee Records; Student Records |
| Children's Online Privacy Protection Act of 1998 (COPPA) |
Federal
|
Minors |
| Fair Credit Reporting Act (FCRA) |
Federal
|
Employee Records; Student Records
|
| Family Educational Rights and Privacy Act (FERPA) |
Federal
|
Student Records
|
| Federal Policy for the Protection of Human Subjects (“Common Rule”) |
Federal
|
Research |
| Federal Information Security Management Act (FISMA) |
Federal
|
Research |
| Gramm Leach Bliley Act (GLBA) |
Federal
|
Student Financial Aid Records |
| Genetic Information Nom-Discrimination Act of 2008 |
Federal
|
Employee Records
|
| Health Insurance Portability and Accountability Act of 1996
|
Federal
|
Healthcare Records
|
| Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 |
Federal
|
Healthcare Records
|
| Payment Card Industry Data Security Standards (PCI DSS)
|
Federal
|
Credit Card Data Subject |
| PA Public Library Code, 24 C.S. §9375 |
State |
Library Patron Records |
| Confidentiality of HIV-Related Information Act PA Act 148 (35 P.S. § 7601 et seq.) |
State |
Healthcare Records
|
| Pennsylvania Drug and Alcohol Abuse Control Act |
State |
Healthcare Records
|
| 42 CFR Pt. 2 (confidentiality of substance use disorder patient records) |
Federal
|
Healthcare Records
|
| PA Mental Health Procedures Act—Confidentiality of Records |
State |
Healthcare Records
|
| European Union General Data Protection Regulation (GDPR) |
International |
Employee Records; Student Records |