U.S. higher education institutions, like organizations of all types, have been bombarded by new regulatory controls over the privacy of personal information. Familiar laws protecting student information include the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). More recently, institutions have also found themselves subject to disclosure rules for financial information and identifiers (Gramm-Leach-Bliley Act) and a wave of state laws, spearheaded by California’s SB 1386, defining protocols for the notification of anyone whose identifying information may have been compromised in a security breach. The European Unions more comprehensive approach to data privacy, embodied in the European Data Protection Directive (EDPD), establishes protections on personal data, including limits on its transfer, and adds regulatory concerns that will affect many U.S. institutions with overseas campuses or students and personnel who are protected under the EDPD.
All too often, regulatory concerns are only addressed after IT Security and IdM services have been implemented and or designed (or worse, after an incident resulting from non-compliance). Pathmaker Group’s extensive experience in the regulatory compliance space allows us to include such considerations during requirements gathering, design, and implementation phases of a project. This not only decreases overall time redressing solutions after the fact, but also ensures that regulatory considerations are addressed during each phase of an IdM project.