Laws and Regulations
Georgia’s Open Records Act OCGA § 50-18-70
"The General Assembly finds and declares that the strong public policy of this state is in favor of open government; that open government is essential to a free, open, and democratic society; and that public access to public records should be encouraged to foster confidence in government and so that the public can evaluate the expenditure of public funds and the efficient and proper functioning of its institutions. The General Assembly further finds and declares that there is a strong presumption that public records should be made available for public inspection without delay. This article shall be broadly construed to allow the inspection of governmental records. he exceptions set forth in this article, together with any other exception located elsewhere in the Code, shall be interpreted narrowly to exclude only those portions of records addressed by such exception."
Family Education Rights and Privacy Act (FERPA)
FERPA applies to all institutions that receive funds administered by the Secretary of Education. FERPA applies to the education records of individuals, regardless of age, who are currently, or who have been, in attendance in postsecondary institutions. Education records are those records which are directly related to a student and are maintained by an institution or a party acting for the institution. Except under conditions specified in the Act, institutions may not disclose information contained in a student's education records to any third party, including parents (see Parents and FERPA), without the student's written permission.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
"The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data."
General Data Protection Regulation (GDPR)
This is a European Union Regulation that is applicable to UNG. It lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data, and protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
Payment Card Industry Data Security Standards (PCI DSS)
The Payment Card Industry Data Security Standards (PCI DSS) are the mandated security requirements defined by the Payment Card Industry Security Standards Council and the five major credit card brands: Visa, MasterCard, American Express, Discover and JCB. These security requirements apply to all transactions surrounding the payment card industry and the merchants/organizations that accept these cards as forms of payment.