The Issue Of Data Security - 3261 Words

Abstract: Data security has become a concern for every individual in our country. We hear about data loss from businesses like Target and University of Maryland at College Park and it is easy to wonder where the next security breach will be and whether it will affect us personally. This is intended as a look at the existing data security policies that receive the most public attention, Family Educational Rights and Privacy Act of 1974 (FERPA) (34 CFR) and Health Information Portability and Accountability Act of 2000 (HIPAA) (45 CFR. 76 CFR)with a focus on how these statutes apply to database security and design. These regulations affect every American in some way since nearly every person has been either a student, the parent of a†¦show more content†¦HIPAA was crafted to provide patients and their representative similar access to collected medical data. HITECH is an amendment and clarification for HIPAA focused on incentivizing the transfer to electronic medical records for medic al providers. Together, these regulations are intended to provide data collectors with guidance for what data should be considered PII, and how data can be reported and to whom. This discussion is limited to the effects these regulations have on database design and security. In effect, this is a paper on data at rest. Reporting requirements after data loss has occurred and methods for de-personalizing data for institutional research are beyond the scope of this paper. Networking technical specifications that would protect data in motion versus data at rest are similarly outside what can be discussed in a paper of this size. Overview of the Regulations FERPA pertains to the data an institution might collect about a student during the expected course of business in an education process. FERPA does not directly apply to data collected during research, unless the source of the original data was the educational institution’s student records. Most of the FERPA regulation pertains to how and when a parent or adult student must be asked for permission to include the data in institutional reporting, requiring that the student or their agent be allowed view access to their data and