Federal Law

The following federal laws apply to information security policy and practice at Cal Poly. This list is intended to be representative, not exhaustive. Use the links provided to learn more about a specific law. For more information about these and other federal laws, please visit the Library of Congress THOMAS Website or the United States Code Database.

• Gramm-Leach-Bliley Act of 1999 (GLBA) - Federal Trade Commission Regulations - 16CFR, Part 314 - Standards for Safeguarding Customer Information - Requires financial institutions, including colleges and universities, to develop plans and establish policies to protect customer information.
• The Family Educational Rights and Privacy Act of 1974 (FERPA) (Title 20 U.S.C. § 1232g; 34 CFR Part 99) - Identifies students’ privacy rights with respect to their educational records and how, what and when schools can disclose information about a student.
• Health Care Portability and Accountability Act of 1996 (HIPAA) - Establishes national standards to protect the privacy of personal health information.
• USA Patriot Act of 2001 (Public Law 107-56) - Provides expanded law enforcement authorities to enhance the federal government’s efforts to detect and deter acts of terrorism in the United States or against United States’ interests abroad.
• The Cyber Security Enhancement Act (Section 225 of the Homeland Security Act of 2002, H.R. 5710) - Increases criminal penalties for computer crimes, allows disclosure of customer records in life-threatening situations, prohibits electronic advertising of eavesdropping devices, expands emergency use by law enforcement of pen registers and trap and trace devices for electronic surveillance.
• Computer Fraud and Abuse Act (Title 18 USC § 1030) - Designed to reduce “hacking” of commercial computer systems; amended by the USA Patriot Act to increase the scope and related penalties for certain types of violations; expands the definition of loss to expressly include time spent investigating and responding for damage assessment and for restoration.
• Copyright Act of 1976; Digital Millennium Copyright Act of 1998 (DMCA) - Protects the intellectual property rights of copyright owners with respect to the publication, distribution and use of their works, including unauthorized copying and distribution of digital works such as music, movies, images, and software.
• The Higher Education Opportunity Act (Public Law 110-315) (HEOA) - Enacted in August 2008 and reauthorizes the Higher Education Act of 1965 (HEA). Includes specific provisions designed to reduce the illegal distribution of copyrighted works through peer-to-peer (P2P) file sharing. Read Cal Poly's plan for complying with those provisions. 
• Americans with Disabilities Act (ADA) and Section 508 of the Rehabilitation Act of 1973, as amended 29 U.S.C § 794(d) - Requires Federal agencies (and entities that receive Federal funds) to make electronic and information technology accessible to people with disabilities, including employees and members of the public.
• CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing) - Establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them.
• U.S. Patent and Trademark Office Website - Provides links to information about Federal patent and trademark law, which includes protection of Internet domain names.
• Anticybersquatting Consumer Protection Act - Amends certain trademark infringement, dilution, and counterfeiting laws to protect Internet domain names or other identifiers of online locations from unauthorized registration (“cybersquatting”).
• Citizen’s Guide to U.S. Federal Child Exploitation and Obscenity Laws - The Child Exploitation and Obscenity Section (CEOS) of the Department of Justice prosecutes individuals who violate federal law by sexually exploiting children and enforces the federal obscenity laws.
• The United States Constitution and Amendments - As a public institution, Cal Poly users may be subject to constitutional protections, such as freedom of speech, that may not apply to users in private business or non-public, private universities.
• The Freedom of Information Act (5 U.S.C. § 552, As Amended By Public Law No. 104-231, 110 Stat. 3048) - Ensures access to public information (agency rules, opinions, orders, records, and proceedings) maintained by Federal agencies.
• Fair and Accurate Credit Transactions Act of 2003- Creates measures to help prevent identify theft and to help victims of identity theft recover their credit reputations, including a National Fraud Alert System.
• Sarbanes-Oxley Act of 2002 (Public Company Accounting Reform and Investor Protection Act of 2002) - Protects investors by improving the accuracy and reliability of corporate disclosures. Covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility and enhanced financial disclosure.