Regulatory Compliance

Rice University

• Different departments are responsible for different aspects of compliance. The Rice University Compliance Matrix is a helpful resource in this regard.
• Specific questions about compliance can be directed to the Rice Compliance Office.

Texas Law

• Texas Personal Information Data Privacy Notification and Encryption Law: Business and Commerce Code Chapter 521

Federal Law

• FTC Red Flags Rule - The Rice University Identity Theft Prevention Program was developed using the guidance provided by the Federal Trade Commission (FTC) “Red Flags Rule,” found in 16 C.F.R. 681.
• Family Educational Rights and Privacy Act (FERPA) – Student records are covered by the requirements of this act. See also the Office of the Registrar's FERPA web page.
• Health Insurance Portability and Accountability Act (HIPAA) – Describes protections for health information.
• Gramm Leach Bliley Act (GLBA) – Requires financial institutions to protect nonpublic personal information.

International Law

• Rice guidance on European Economic Area Privacy Notice and General Data Privacy Regulation (GDPR) - Outlines the collection, use, and disclosure of personal information provided to the university by individuals who are located in the European Economic Area (EEA).

Industry Regulation

• Payment Credit Industry Data Security Standards (PCI DSS) – Personal credit card information is covered by these data security standards and apply to anyone who is a merchant or handles credit card and debit card transactions. Read Rice's Credit Card and Debit Card Handling Guidelines.