Information Technology is governed by several federal and state laws, as well as CSU-wide policies and university policies. It's our job to keep up-to-date on changes regarding these laws and policies to make sure as a university, we are conforming appropriately to all of them.
Federal & State Laws
FERPA is known as the Family Educational Rights To Privacy Act of 1974 and it covers what information the University can share with others. It also gives students the right to challenge information on their transcripts. Every year, CSUMB staff and faculty take a refresher Data Security course that includes FERPA content. You can find out more about your rights to privacy on the US Department of Education's Family Educational Rights To Privacy page and their Protecting Student Privacy page.
ADA is also known as the Americans with Disabilities Act is a federal civil rights law that prohibits discrimination against people with disabilities in everyday activities, including things like web content, documents, and applications. You can find out more on the Americans with Disabilities Act website.
CAN-SPAM Act also known as the The Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 is a law passed in 2003 establishing the United States' first national standards for the sending of commercial messaging, including e-mail and texts. This means we have to use clear headers, subject lines, and locations when sending to customers, like donors or ticket holders. We also have to provide a way for users to opt out. You can find out more about CAN-SPAM on the Federal Communications Commission (FCC) website. There is also a great resource regarding CAN-SPAM available on the Cornell Law website.
Section 508 of the Rehabilitation Act is a 1998 amendment to the 1972 Rehabilitation Act that requires Federal agencies (or those receiving federal funding) to make their electronic and information technology accessible to people with disabilities. You can find more about this amendment at the Section508.gov website.
State of California Information Technology Accessibility Policy states that information and services within California State Government, and provided via electronic and information technology be accessible to people with disabilities.
CSU-wide Policy
The California State University also has policies that govern all of their CSU campus. These policies can be found on the CSU PolicyStat page. Here are links to policies regarding Information Technology and Information Security:
- CSU Accessible Technology Initiative: All CSU programs, services, and activities should be accessible to all students, staff, faculty, and the general public. This encompasses all technology products used to deliver academic programs and services, student services, information technology services, and auxiliary programs and services.
- CSU Business Continuity Planning and Information Technology Disaster Recovery: a practical business practice and that campus presidents shall ensure the campus business continuity plan includes recovery of data processing services. In addition, the annual review of campus business continuity plans must certify that recovery of data processing services is included in the overall continuity plan.
- CSU Identity Access Management: The Campus Identity and Access Management program must identify responsibilities for governance of electronic identity records and associated business processes.
- CSU Illegal Electronic File Sharing and Protection of Electronic Copyrighted Material: Each university president will ensure that the campus policy governing acceptable use of information technology resources makes explicit that illegal file-sharing and other copyright violations are a violation of Title 5 of the California Code of Regulations (5 CA ADC ยง 41301).
- CSU Information Security Privacy of Personal Information: This policy provides direction and support for protecting the privacy of personal information managed by the CSU and guidance for collecting and accessing personal information.
- CSU Information Security Policy and Standards: The California State University (CSU) manages and protects the confidentiality, integrity, and availability of CSU information assets and establishes procedures that define the organizational scope of the CSU information security program.
- CSU Information Security Responsible Use Policy: It is the collective responsibility of all users to ensure the confidentiality, integrity, and availability of information assets owned, leased, or entrusted to the CSU and to use CSU assets in an effective, efficient, ethical, and legal manner.
- CSU Systemwide Records Information Retention and Disposition Schedules Implementation Policy: The objective of this executive order is to ensure compliance with legal and regulatory requirements while implementing appropriate operational best practices.
University Policy
The CSUMB Policy web page includes many university adopted policies including:
- Student Email Notification Policy which details how CSUMB uses your @csumb.edu email account as your main method of notification from CSUMB. You should definitely be sure to check your email on a regular basis as to not miss any important university communications.
- Policy on the Acceptable Use of Computing & Information Technology Resources: outlines the standards for acceptable use of University computing and information technology resources that include, but are not limited to, equipment, software, networks, data, and telecommunications equipment whether owned, leased, or otherwise provided by CSUMB.