Security Compliance Program
WPI’s telecommunications systems - its computers, servers, wired and wireless data networks, and phone systems – are essential tools for conducting the day-to-day business of the university. Data processing, data storage, and electronic communications technology have made it possible for WPI to more effectively and efficiently perform such essential tasks as registering students for courses, recording their educational records and academic progress and managing the complexities of WPI’s financial data.
However, all these technologies have risks as well as benefits. One of the greatest concerns about the use of systems that store and transmit information electronically is the increased risks that data will be intercepted, stolen, or corrupted; that confidential information will be inadvertently released to those who should not see it; and that individual rights will be violated.
WPI takes seriously its obligation to operate its electronic data and communications systems in a secure manner. It has developed a host of policies and guidelines that outline procedures that should be followed by members of the WPI community to assure the university lives up to that obligation.
As part of an extensive Information Security Compliance Program, WPI has created the following referenced policies to respond to seven federal acts that deal with a wide range of legalities associated with information security. Compliance with these seven acts has significant financial and legal implications. The entire WPI community is encouraged to learn more about these acts and gain an appreciation of the direct link between technical security and compliance. The policies can be reviewed at the following links:
- Policies for the Family Educational Rights and Privacy Act (FERPA):
- Policies for the Health Insurance Portability and Accountability Act (HIPAA):
Financial Records and the Gramm-Leach-Bliley Act (GLBA):
Since WPI holds many sources of customer financial information, the above act requires personnel and systems be trained and in place for proper communication, security and storage of such information. Compliance is evidenced through the university’s FERPA policy referenced above.
Digital Millenium Copyright Act (DMCA)
Policy for the Technology, Education, and Copyright Harmonization Act (TEACH)
- Policies for the Electronic Communications Privacy Act (ECPA) and the Computer Fraud and Abuse Act:
- Policy for The USA Patriot Act (including WPI’s policy on information requests) -