Policies & Compliance

These University of Hawaii policies, State of Hawaii Revised Statutes, and external regulations all have information security implications. Anyone accessing UH resources, including data, computer, and network resources, is responsible for ensuring compliance with all applicable policies and regulations.

UH Policies related to Information Security
Policy/Law Title How it Applies to UH
E2.210 Use and Management of Information Technology Resources Policy Describes the appropriate use of UH information technology resources which applies to students, faculty, staff, and authorized guest users.
E2.214 UH Information Security Policy Provides the framework for securing the systems and files that contain sensitive information within the UH System.
E2.215 UH Institutional Data Governance Policy Establishes system-wide standards to protect the privacy and security of data and information under the stewardship of the University.
E7.208 Student Conduct Code Describes the rules and regulations that UH students must comply with.
A7.022 Procedures Relating to Protection of the Educational Rights and Privacy of Students Establishes procedures governing a UH student's access to their own education records and access to education records by the public and other governmental agencies.
A8.710 Credit Card Program Procedures for processing credit card transactions in accordance with University policies, banking and payment card industry requirements, etc.
A8.711 Electronic Payments via University Websites Policies and procedures for processing electronic payments in accordance with University policies, banking and payment card industry requirements, etc.
A8.450 Records Management Guidelines and Procedures Provides guidelines and instructions for the retention, scheduling, storage, microfilming, transfer, and disposition of University records.
Hawaii Revised Statutes
Policy/Law Title How it Applies to UH
HRS 92F Uniform Information Practices Act (UIPA) Requires the University to open government records for public inspection except Social Security numbers, personal records, etc.
HRS 487J Social Security Number Protection Requires the University to protect an individual's Social Security number.
HRS 487N Security Breach of Personal Information Requires the University to provide notice if there has been a security breach of personal information.
HRS 487R Destruction of Personal Information Records Requires the University to securely dispose of personal information.
External Standards and Regulations
Policy/Law Title How it Applies to UH
HIPAA Health Insurance Portability and Accountability Act ("Privacy Rule") Regulates the use and disclosure of individuals' health information.
FERPA Family Educational Rights and Privacy Act Requires the University to provide students with access to their education records, an opportunity to have the records amended, and some control over its disclosure.
FISMA Federal Information Security Management Act Requires the University to protect the information and information systems that support the University's operations and those in our custody (e.g. other state and federal agencies).
GLBA Gramm-Leach-Bliley Act ("Safeguards Rule") Regulates how non-public personal information is to be protected.
FACTA Fair and Accurate Credit Transactions Act ("Red Flags Rule") Requires an identity theft prevention program to identify and detect red flags and to prevent and mitigate identity theft.
PCI DSS Payment Card Industry Data Security Standards Requires the University to implement security controls around cardholder data to reduce credit card fraud.
DMCA Digital Millennium Copyright Act ("OCILLA") Requires the University to take action on copyright infringement that originates on the network.