Regulated Data

Regulated Data
Thompson Hall at dusk

The university is mandated by federal, state and/or local law, or university policy to enforce privacy and security safeguards for regulated data. This area of the Data Services website will help guide you through the use and best practices for safeguarding this type of data.

Regulated Data focuses on the policies, procedures, standards, and best practices needed by the UNH scholarly and enterprise communities to understand and meet regulatory compliance requirements when generating, storing, using, sharing, and managing regulated data.  The management of data that are subject to regulatory compliance requirements include HIPAA, FERPA, PCI,GLBA,CUI, CJIS, GDPR, and NDA’s.

Establishment of a regulatory data governance structure is essential to ensuring University-wide adherence to regulatory compliance requirements. This governance structure promotes campus-wide compliance by providing clear guidance on special handling and management requirements for different types of regulated data and reducing user confusion related to its creation, use, storage, handling, and destruction. In addition, the ability to consistently and effectively demonstrate a robust understanding of best practice use cases involving regulated data by the scholarly community will promote greater success in sponsored research.


Family Educational Rights & Privacy Act (FERPA)

The Family Educational Rights & Privacy Act or FERPA (the Buckley Amendment) is a federal law that protects the privacy of student educational records.


Learn about FERPA

Health Insurance Portability & Accountability Act (HIPAA)

HIPAA is an expansive set of rules that includes establishment of national standards for the privacy and security of electronic health care transactions and records. 

Learn about HIPAA

Gramm Leach Bliley Act (GLBA)

The Gramm Leach Bliley Act or GLBA is a federal law that requires financial institutions to ensure the confidentiality, integrity, and availability of customer information. 

Learn about GLBA

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a European Union regulation that dictates data and privacy protection requirements for all individuals within the European Union (EU) and the European Economic Area (EEA).

Learn about GDPR

Payment Card Industry - Data Security Standard (PCI-DSS)

The Payment Card Industry - Data Security Standard (PCI-DSS) is a global security standard that provides the security requirements defined by the Payment Card Industry Security Standards Council and the 5 major Payment Card Brands. 

Learn about PCI-DSS