Compliance

Information compliance

man in lab coat pointing to computer screenUniversities generate, access, acquire, store, and transmit more information than ever before, and must now monitor both internal systems and the external environment for threats, hacks, phishing scams, and malicious software. The consequences of data breaches can be significant, presenting serious financial, reputational and compliance risks. Government regulators demand compliance with a network of intersecting laws and regulations that pertain to information security and privacy.

Topic areas

These are some of the areas at the University that are governed by federal and state laws and regulations:

Public records and open meetings
Records management
Student and financial aid data
Alumni and donor data
Protected health information (PHI)
Copyright

Laws and policy

The University of Washington Information Compliance report catalogs applicable federal, state and local laws and regulations, as well as the University policy, boards and committees, and service provider offices that support the management of the University’s compliance obligations. Reports are reviewed and updated every 18 months.

More details about information security and privacy laws and regulations – including covered data types and enforcement agencies, as well University subject matter experts –  can be found on the UW Privacy Office page.

Process improvement

Thirteen projects were recently undertaken across the University in six major compliance areas. For information compliance, the projects were: 1) Student Information and Health or Safety Emergencies and 2)  Internet of Things (IoT). Project completion updates were presented to the Board of Regents in April 2018. The initial information compliance assessment and project plan was presented to the Board of Regents in November 2016.