All members of the community must pay special attention any time sensitive information crosses their desks, as required by both MIT Policy and Federal and State laws.
MIT Policies
MIT Policy 11.0 on Privacy and Disclosure of Information
- 11.1 Protection of Personal Information
- 11.2 Privacy of Personal Information
- 11.3. Privacy of Student Records
MIT Policy 13.2 on use of Information Technology
IS&T Policy: Web Server Access Logs
IS&T Policy: User Accounts Password
IS&T Policy: IT Staff Access to Confidential Data
Protections by the Commonwealth of Massachusetts
Data Breach page on the Mass.gov website.
Massachusetts Data Breach Security Law - The Commonwealth’s Data Breach Security Law, Mass. General Law, Chapter 93H, has been in effect since October 31, 2007. It outlines when businesses and government agencies should notify residents of data breaches.
Massachusetts Regulations (.pdf) - The Office of Consumer Affairs in Massachusetts created 201 CMR 17.00. These are the standards for the protection of personal information of residents of the Commonwealth. They were approved in Sept. 2008, and are effective as of March 1, 2010.
Federal Laws and Regulations
Family Educational Rights and Privacy Act (FERPA) - Student records are covered by the requirements of this act.
Payment Credit Industry Data Security Standards (PCI DSS) - Personal credit card information is covered by these data security standards and apply to anyone who is a merchant or handles credit card and debit card transactions.
Health Insurance Portability and Accountability Act (HIPAA) - Describes protections for health information.
Gramm Leach Bliley Act (GLBA) - Requires financial institutions to protect nonpublic personal information.
Other
Security Breach Notification Laws by State - Most of the US states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.