Information Security Policies and Compliance

Remember, information security is the law. Information security practices are not just required by College Policies, but by State and Federal privacy and security laws, including the Gramm-Leach Bliley Act (GLBA) and the Family Educational Privacy Rights Act (FERPA). College policies and procedures help us understand how to comply with the law in our LCC community. Information security at LCC is guided by:

• Information Security Policy
• Acceptable Use Policy
• File Storage Guidelines
• Approved Software List
• Annual Information Security Training: CSI-LCC: Computer Security Information for LCC Employees - available in the Talent Management System in the LCC portal at my.lcc.edu
• Information Technology Request/Approval Form
• Records & Information Management Policies, Guidelines and Recommendations
• Identity Finder User Guide
• LCC Privacy Statement
• Identity Theft Protection Policy
• Compliance for laws such as:
  • Family Educational Rights and Privacy Act (FERPA) -- prevents the disclosure (unauthorized release or access) of personally identifiable information (PII) in a student’s education record without the consent of a parent or eligible student (aged 18 or older) unless an exception to the law’s general consent requirement applies.
  • Gramm-Leach-Bliley Act (GLBA) -- governs organizations engaged in financial services and the collection, disclosure, and protection of consumers' nonpublic PII.
  • Payment Card Industry Data Security Standard (PCI-DSS) - information protection requirements apply to all members that store, process or transmit cardholder data
  • Health Insurance Portability and Accountability Act (HIPAA) -- prohibits covered entities from disclosing protected health information (PHI) to any third parties.
  • EU’s General Data Protection Regulation (GDPR) -- is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
  • FTC Red Flag Rule - implements Identity Theft Prevention Program.
  • Higher Education Opportunity Act -- prohibits the use of its systems and equipment for unauthorized downloading and sharing of copyrighted materials.
  • Higher Education Act (HEA) -- requires institutions to maintain appropriate institutional capability for the sound administration of the Title IV programs.
  • Michigan’s Identity Theft Protection Act -- prohibits certain acts and practices concerning identity theft.