Laws and Regulations

The Digital Millennium Copyright Act of 1998 (DMCA) is a legal framework to protect the rights and management of digital works.

Federal laws that require the confidentiality of information include:

• The Family Educational Rights and Privacy Act (FERPA) which protects the educational records of all students.
• The Gramm Leach Bliley Act (GLBA) which requires financial institutions to protect the security and confidentiality of user information.
• The Health Insurance Portability and Accountability Act (HIPAA) which requires the protection and confidential handling of protected health information.

Payment Card Industry Compliance on the Texas A&M University campus is ultimately the responsibility of the organization that has elected to accept credit cards for payment. The Texas A&M Division of Finance Financial Management Operations Group facilitates the capacity for departments/organizations to accept credit cards. The complexities of PCI Compliance are reduced by using a third-party payment gateway. The gateway used by Texas A&M University is AggiE-Pay.

As part of PCI Compliance, Texas A&M Division of Information Technology provides the approval process of network architectures and prepares the firewalls for the PCI environments. Vulnerability scans can also be run against PCI systems to check for potential weaknesses.

Any questions concerning PCI Compliance can be directed to security@tamu.edu.

PCI Resources:

• SAP 21.01.02.M0.03 - Credit Card Collections
• PCI Security Standards

• Chapter 202 - Information Security Standards