Regulatory Compliance

The Privacy Program is dedicated to ensuring the university’s compliance with all applicable data privacy regulations. This page provides an overview of key privacy regulations that impact our university operations. For more detailed information on each area, please follow the links below for specific KU resources.

 Family Educational Rights and Privacy Act (FERPA)

FERPA is a federal law that protects the privacy of student education records. At KU, we take our FERPA responsibilities seriously:

  • Student records are kept confidential, with access limited to those with a legitimate educational interest.
  • Students have the right to review their education records and request corrections.
  • KU faculty and staff must follow proper procedures for handling student information.

For more information on FERPA at KU, including training resources and policies, visit Personal Information & Safety 

 Health Insurance Portability and Accountability Act (HIPAA)

HIPAA establishes national standards for protecting individuals' medical records and other personal health information. At KU:

  • Covered entities must implement safeguards to protect patient privacy and data security.
  • Patients have rights regarding their health information, including access and amendment requests.
  • Specialized HIPAA training is required for those handling protected health information (PHI).

For more details on HIPAA compliance at KU, visit HIPAA & Healthcare.

 Institutional Review Board (IRB) and Human Subjects Research

The KU IRB oversees research involving human subjects to ensure ethical conduct and protection of participants' rights and privacy:

  • Researchers must obtain IRB approval before beginning studies involving human subjects.
  • Strict protocols are required for informed consent and data confidentiality.
  • Ongoing monitoring ensures compliance with privacy standards throughout research activities.

Learn more about IRB requirements and processes at IRB Review.

Additional Privacy Regulations

KU also complies with other privacy standards and regulations as applicable:

 Payment Card Industry Data Security Standard (PCI DSS)

For secure processing of payment card transactions. See PCI Compliance for more information.

 Gramm-Leach-Bliley Act (GLBA)

Protects the security of student financial information. KU's GLBA compliance efforts are coordinated through the Office of IT Security and Financial Aid & Scholarships.

 International Data Privacy Regulations

The Privacy Program helps navigate the complex landscape of international data privacy regulations. Its responsibilities include evaluating how these laws apply to university activities and guiding departments on notice requirements and data handling practices. The University’s General Data Protection Regulation (GDPR) compliance policies serve as an example of this approach, providing a model for addressing other international privacy laws.

 Data Breach Notification Laws

KU follows applicable state laws regarding data breach notifications. For more on KU's data breach response, see the Security Incident Response policy.

Resources