Skip Navigation

Laws & Regulations

it header
OU homepage OU IT homepage

For Raising Buttons on Subpages

Skip Side Navigation

Laws & Regulations

Protecting university and student information and the systems that collect, process, and maintain this information is of critical importance to the University of Oklahoma. The University is committed to reviewing information security policies and standards to address changes in laws or regulations, audit findings, or university strategic plans or initiatives.  The Norman campus Chief Information Security Officer (CISO) is responsible for coordinating the development, approval and dissemination of Information Security policies, standards, and guidelines.

What is a Regulation?

Regulation- Laws, or orders, by governing bodies, usually directed and maintained by the federal, state, and local governments.

Review more OU IT Definitions in SharePoint

Law & Regulation Requirements for Personnel

University Personnel* who maintain any information that is protected under applicable federal or state law or regulations, including, but not limited to, FERPA, HIPAA, PCI, or GLBA, or under terms of a University contract (“Confidential Information”) are required to protect that information by ensuring the information is stored only on secure devices or servers or in secure storage. Legal actions and fines may result from violations of contracts or federal or state law or regulations, including but not limited to, HIPAA, FERPA, PCI, and GLBA.

University Personnel must set strong passwords, as defined in the University’s Password and Account Policy (pdf), and must encrypt emails that contain Confidential Information. Before storing any Confidential Information on a portable device, desktop computer, or other electronic devices, University Personnel must encrypt the device or equipment or contact 405-325-HELP to have the device or equipment encrypted. The device or equipment must also be registered with IT Security. Instructions for encrypting your devices and emails and registering devices with IT Security can be found below.

* University Personnel: Faculty, staff, volunteers, students and trainees, and other persons whose conduct, in the performance of work for the University, is under the direct control of the University, whether or not they are paid by the University (also referred to as “Workforce Members”). 45 C.F.R. § 160.103

Reviewing current IT Policies, Standards, & Guidelines, participating in IT Policies & Standards Open for Comments, reviewing Laws & Regulations, and staying up to date on department training will help build a foundation of understanding. 

Three action items are listed below to begin meeting compliance requirements.

  1. Encrypt emails.
  2. Encrypt your computer's hard drive.
  3. Register the device with IT Cybersecurity.

You can also review our Consultation & Services section to learn about threat protection, compliance reviews, and solution evaluation services we offer to help meet your specific data handling protection requirements.