For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

Applicable Laws and Regulations

Drexel University’s data may be protected by a number of laws, regulations, and policies and procedures including but not limited to standards that depend on the data source, data subjects and purpose of the data processing. With 13 US states passing comprehensive data privacy laws since 2019, more than 16 states have introducing new privacy laws and 130 countries globally enacting laws controlling the collection, use, and disclosure of personally identifiable information (PII), it’s clear that the privacy landscape is complex, and constantly evolving. These laws are in place to respect and protect personal privacy.

The provided list of privacy laws and regulations is here to support you in protecting privacy at Drexel. It is not a comprehensive list but It's designed to be a friendly guide to help you become familiar with some of the rules that might impact your daily operations.

As the landscape of privacy continues to shift, we are here to be your steadfast partner, navigating these changes together and providing updates and resources along the way.

Privacy Program Services' goal is to empower you with the knowledge and tools you need to confidently manage and protect personal information.

Remember — It’s Okay to Ask. Contact us at with any questions.

Law Jurisdiction Implicated University Records
42 CFR Pt. 2 - Confidentiality of Substance Use Disorder Patient Records Federal Healthcare Records
Americans with Disabilities Act of 1990 Federal
Employee Records; Student Records
Children's Online Privacy Protection Act of 1998 (COPPA) Federal
Fair Credit Reporting Act (FCRA) Federal
Employee Records; Student Records
Family Educational Rights and Privacy Act (FERPA) Federal
Student Records
Federal Policy for the Protection of Human Subjects (“Common Rule”) Federal
Federal Information Security Management Act (FISMA) Federal
Gramm Leach Bliley Act (GLBA) Federal
Student Financial Aid Records
Genetic Information Nom-Discrimination Act of 2008 Federal
Employee Records
Health Insurance Portability and Accountability Act of 1996 Federal
Healthcare Records
Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Federal
Healthcare Records
Payment Card Industry Data Security Standards (PCI DSS) Federal
Credit Card Data Subject
PA Public Library Code, 24 C.S. §9375 State Library Patron Records
Confidentiality of HIV-Related Information Act PA Act 148 (35 P.S. § 7601 et seq.) State Healthcare Records
Pennsylvania Drug and Alcohol Abuse Control Act State Healthcare Records
42 CFR Pt. 2 (confidentiality of substance use disorder patient records) Federal
Healthcare Records
PA Mental Health Procedures Act—Confidentiality of Records State Healthcare Records
European Union General Data Protection Regulation (GDPR) International Employee Records; Student Records