Cooley Law School is committed to the safeguarding and accurate maintenance of student records. The Family Educational Rights and Privacy Act (FERPA) of 1974 provides students with a number of rights regarding their educational records. General questions, concerns or informal complaints should be directed to the Office of the Registrar. Occasionally, students will need to release part or all of their student records to third parties such as parents, attorneys or employers. Cooley Law School will not release student records without the written consent of the student.
Privacy/The Gramm-Leach-Bliley Act
The Gramm Leach Bliley Act (GLBA) is a law that applies to financial institutions and includes privacy and information security provisions that are designed to protect consumer financial data. This law applies to how higher education institutions collect, store, and use student financial records (e.g., records regarding tuition payments and/or financial aid) containing personally identifiable information (Educause, GLB Act).
GLBA regulations include both a Privacy Rule (16 CFR 313) and a Safeguards Rule (16 CFR 314), both of which are enforced by the Federal Trade Commission (FTC) for higher education institutions. Colleges and universities are deemed to be in compliance with the GLBA Privacy Rule if they are in compliance with the Family Educational Rights and Privacy Act (FERPA).
The GLBA Financial Privacy Rule was created to regulate the collection and disclosure of nonpublic personal information between a financial institution and its customers.
The Safeguards Rule requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure. In addition to developing their own safeguards, companies covered by the Rule are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care (Electronic Code of Federal Regulation, Part 314). Under this mandate, Cooley Law School is required to develop, implement, and maintain a comprehensive information security program that contains administrative, technical, and physical safeguards that are appropriate to its size and complexity, the nature and scope of its activities, and the sensitivity of any customer information at issue.
Privacy / PCI DSS
The Payment Card Industry (PCI) Data Security Standard (DSS) is an information security standard developed to enhance cardholder data security for organizations that store, process or transmit credit card data. Its primary purpose is to reduce vulnerability of cardholder information and prevent credit card fraud by increasing controls where cardholder data is stored, processed, or transmitted.
Compliance to the PCI DSS is achieved by meeting a minimum set of requirements