Division of Technology

Resources

The Enterprise Privacy Office is pleased to be able to provide the following resources.

Selected South Carolina Laws and Regulations

Selected Federal Laws and Regulations

  • Children’s Online Privacy Protection Act (COPPA)
    Children’s Online Privacy Protection Act of 1998 — Regulates the collection and use of children’s information by commercial website operators.
    http://www.ecfr.gov/cgi-bin/text-idx?rgn=div5&node=16:1.0.1.3.36
     
  • Family Educational Rights and Privacy Act (FERPA)
    Family Educational Rights and Privacy Act — Protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
    http://www.ecfr.gov/cgi-bin/text-idx?rgn=div5&node=34:1.1.1.1.33
    http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
     
  • Freedom of Information Act (FOIA)
    Freedom of Information Act — Provides the public with the right, and a process, by which to request access to records from any federal agency (with nine exceptions, such as personal privacy, national security, and law enforcement).
    https://foiaonline.regulations.gov/foia/action/public/home
     
  • Gramm-Leach-Bliley Act (GLBA)
    Gramm-Leach-Bliley Act — Requires financial institutions, which offer products to consumers, to explain their information sharing practices to their customers and to safeguard sensitive data.
    https://www.ftc.gov/enforcement/statutes/gramm-leach-bliley-act
     
  • Health Insurance Portability and Accountability Act (HIPAA)
    Health Insurance Portability and Accountability Act of 1996 (Summary of HIPAA Privacy Rule) — Protects individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.
    http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
     
  • Privacy Act of 1974
    Privacy Act of 1974 — Protects the rights of individuals regarding the collection, maintenance, use and dissemination of their information that is maintained in systems of records by federal agencies.
    http://www.justice.gov/opcl/privacy-act-1974
     
  • Payment Card Industry Data Security Standard (PCI-DSS)
    Payment Card Industry Data Security Standard (PCI-DSS) — Sets requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. The law applies to any organization with customers who pay them directly using a credit card or debit card.
    https://www.pcisecuritystandards.org/
     

Selected Federal and State Agencies

  • U.S. Office of Management and Budget — Office of Information and Regulatory Affairs (OIRA) 
    The OIRA, a statutory part of the OMB within the Executive Office of the President, is the U.S. government’s central authority for the review of Executive Branch regulations, approval of government information collections, establishment of government statistical practices and coordination of federal privacy policy.
    https://www.whitehouse.gov/omb/inforeg_infopoltech/#pg
     
  • U.S. Department of Health and Human Services — Office of Civil Rights
    The DHHS OCR enforces the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule and the confidentiality provisions of the Patient Safety Rule.
    http://www.hhs.gov/ocr/privacy/index.html
     
  • U.S. Department of Homeland Security — Privacy Office
    The DHS Privacy Office was the first statutorily-required privacy office in any federal agency.
    http://www.dhs.gov/topic/privacy
     
  • Federal Trade Commission
    The FTC is a bipartisan federal agency with a unique dual mission to protect consumers and promote competition.
    https://www.ftc.gov/
     
  • South Carolina Department of Consumer Affairs
    The South Carolina Department of Consumer Affairs is the state’s consumer protection agency. One of the agency’s divisions is its Identity Theft Unit.
    http://www.consumer.sc.gov/Pages/default.aspx
     
  • South Carolina Department of Archives and History
    One of the missions of the South Carolina Department of Archives and History is to work with state agency and local government officials in the proper management of their records.  
    http://rm.sc.gov/Pages/default.aspx
     
  • U.S. Department of Education — Privacy Technical Assistance Center (PTAC) 
    The U.S. Department of Education established the PTAC as a resource regarding FERPA and data privacy, confidentiality and security practices. It includes documents, videos, webinars, and other tools, resources, and opportunities to receive assistance to improve privacy, security, and confidentiality of student data systems. These resources are intended to promote compliance with FERPA and other best practices. 
  • Federal Privacy Council
    The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf, across the Federal Government. 
  • State Treasurer of South Carolina
    The State Treasurer of South Carolina has issued a policy for agencies’ Payment Card Industry Data Security Standards (PCI DSS) compliance responsibilities, as well as materials to assist agencies in their compliance efforts.
     

Other Resources

  • Best Practices: Elements of a Federal Privacy Program
    Created by the Federal CIO Council Privacy Committee, “Basic Practices: Elements of A Federal Privacy Program” outlines seven elemental building blocks of robust privacy programs. While intended for use by federal programs, this document outlines best practices that apply to a variety of organizations and business operations.
     
  • National Conference of State Legislatures
    The National Conference of State Legislatures (NCSL) is a bipartisan organization that tracks state privacy and security laws nationwide to provide resources, such as overviews and indexes, to the public.
  • Data.gov
    Data.gov is managed and hosted by the U.S. General Services Administration and provides the public with data, tools and resources to conduct research, design data visualizations and more.