Information Protection @ MIT

Laws & Policies Covering Personal Information

MIT Policies

MIT Policy 11.0 on Privacy and Disclosure of Information

MIT Policy 13.2 on use of Information Technology

FACTA "Red Flag Rules" - MIT Identity Theft Prevention Program under the FTC Red Flags Rule.

Laws and Regulations in Massachusetts

Massachusetts State Breach Notification Law - This 2007 law outlines when businesses and government agencies should notify residents of data breaches.

Massachusetts State Breach Regulations - The standards accompanying Massachusetts Data Breach Law (201 CMR 17.00) were approved in Sept. 2008, and are effective 3/1/2010.

Laws and Regulations by the Federal Government

Family Educational Rights and Privacy Act (FERPA) - Student records are covered by the requirements of this act.

Payment Credit Industry Data Security Standards (PCI DSS) - Personal credit card information is covered by these data security standards and apply to anyone who is a merchant or handles credit card and debit card transactions.

Health Insurance Portability and Accountability Act (HIPAA) - Discribes protections for health information.

Gramm Leach Bliley Act (GLBA) - Requires financial institutions to protect nonpublic personal information.


Security Breach Notification Laws by State - Most of the US states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.