ÎÄÐù̽»¨

At the ÎÄÐù̽»¨, privacy is a foundational principle that guides how we handle personal information across academic, administrative, and digital environments. As a higher education institution, we are subject to a range of privacy laws that protect the rights of our students, faculty, staff, and broader community.

The Family Educational Rights and Privacy Act (FERPA) governs the confidentiality of student education records. It grants students the right to access their records and limits disclosure without their consent, ensuring that academic and personal information is handled with care and transparency. For more information, see the Office of the Registrar’s FERPA webpage.

The Health Insurance Portability and Accountability Act (HIPAA) applies to certain health-related services provided by the university, such as campus clinics or counseling centers. HIPAA safeguards medical records and other personal health information, requiring strict controls on access and disclosure.Ìý The University HIPAA Steering Committee has been established to provide shared governance for components of the University that are providing medical, treatment, and/or related services as well as other clinics at the University that provide health care services but that do not meet the definition of a HIPAA covered entity but nonetheless have an interest in HIPAA best practices and benefit from participating in the Committee’s work.Ìý ÌýFor more information, see University Policy RISK 12.10.030 – HIPAA Policy, and the HIPAA Steering Committee’s (login required).

The Children’s Online Privacy Protection Act (COPPA) is relevant when the university operates online services that may collect data from children under 13, such as outreach or educational programs. COPPA mandates parental consent and clear privacy notices to protect young users.

Consumer protection laws, including the Colorado Privacy Act (CPA) and the European Union’s General Data Protection Regulation (GDPR), may apply when the university processes personal data of individuals residing in Colorado or the EU. These laws emphasize transparency, data minimization, and individual rights such as access, correction, and deletion of personal data.Ìý For more information, see the University Privacy Policy.

Together, these laws form a complex but essential framework for the responsible stewardship of personal information. By aligning our practices with these standards, the University upholds the trust placed in us by our community and fosters a culture of respect, accountability, and digital ethics.