Privacy Education & Laws

Welcome to UMBC’s privacy education page, designed to help you take steps to protect your privacy and understand the key regulations that protect personal information.

Best Practices

At UMBC we are committed to helping our students, faculty, and staff protect their personal information in an increasingly digital world. Members of the UMBC community handle a variety of sensitive data, including personal information, research data, and intellectual property. Whether you’re accessing online coursework, using campus resources, or engaging with social media, safeguarding your privacy is essential to ensuring a safe and secure experience. This guide is designed to provide practical tips and best practices to help you protect your personal data, navigate online interactions safely, and reduce the risks associated with digital threats. Here are some top privacy best practices to help protect your personal information:

1. Protect Your Personal Information

  • Avoid sharing sensitive personal information (e.g., Social Security number, home address, financial details, campus ID) on public or unsecured platforms.
  • Be cautious when filling out online forms; only provide necessary information to trusted sources.

2. Use Strong and Unique Passwords

  • Create strong, unique passwords for each account, especially for myUMBC and your personal email.
  • Use a password manager to help store and generate strong passwords.
  • Enable two-factor or multi-factor authentication (MFA) wherever possible.

3. Be Wary of Phishing and Scams

  • Avoid clicking on suspicious links or downloading attachments from unknown sources.
  • Be cautious of emails or messages requesting personal information, even if they appear to be from UMBC staff.
  • Forward suspicious messages in your UMBC email to security@umbc.edu and report it as phishing in Gmail.

4. Protect Personal Devices

  • Set up strong passwords, biometric security, or PINs for smartphones, tablets, and laptops.
  • Enable device encryption and lock screens to prevent unauthorized access if a device is lost or stolen.
  • Keep operating systems and software updated to protect against vulnerabilities.

5. Be Cautious When Using Public Wi-Fi

  • Avoid accessing sensitive information (e.g., university accounts, banking) over public or unsecured Wi-Fi networks.
  • When using public Wi-Fi, consider using a Virtual Private Network (VPN) to encrypt your connection.

6. Use Secure Storage for Files and Documents

  • Use secure platforms like UMBC’s official systems (e.g., cloud storage, email) when sharing assignments or research materials.
  • Be mindful of sharing files via peer-to-peer networks, as these may expose your personal data or infect your devices with malware.
  • Avoid leaving sensitive information on shared computers or devices.

7. Be Mindful of Social Media Sharing

  • Limit the amount of personal information shared publicly (e.g., location, phone numbers, personal details).
  • Review privacy settings on social media platforms to control who can see your posts, photos, and other information.
  • Check what permissions apps are requesting on your phone or computer and deny access to information they don’t need.
  • Review privacy settings and adjust them to limit access to your personal data.

8. Beware of Oversharing in Academic Environments

  • When engaging in online discussions or group work, be cautious about disclosing personal or sensitive information to peers.
  • Consider the level of privacy in virtual classrooms, especially in recorded sessions, and clarify with instructors if you have concerns about privacy.
  • Be mindful of how personal information is displayed in online courses, forums, or group work environments.

9. Log Out of Shared or Public Computers

  • Always log out of your accounts when using shared or public computers, especially at the library or in a lab.
  • Clear browsing data and ensure no personal information is left behind after using a shared machine.

10. Understand UMBC’s Data Policies

  • Familiarize yourself with UMBC’s data protection and privacy policies.
  • Understand how your personal data is collected, stored, and used by UMBC, especially in regards to academic records and personal information.
  • Know your rights concerning your data, such as how to request access to, to change, or to delete your information.

 

Privacy Laws

Privacy laws play a critical role in safeguarding sensitive data and ensuring that institutions like UMBC handle information responsibly and ethically. This guide provides an overview of important privacy laws—such as FERPA, GDPR, and HIPAA—that govern how personal data is collected, stored, and shared. By understanding these laws, you can better protect your own information, recognize your rights, and ensure compliance within the university environment.

 

The Maryland Higher Education Privacy Law is a state law that specifically focuses on protecting the privacy of student and faculty data within public higher education institutions. This law outlines how universities and colleges must handle personal information, ensuring that sensitive data—such as academic records, financial details, and personal identifiers—is collected, stored, and shared responsibly. It grants students and staff greater control over their information while setting guidelines for how institutions manage and secure it. Understanding this law helps members of the university community safeguard their personal data and remain informed about their privacy rights within the educational environment.

 

The Maryland Online Data Privacy Act of 2024 is a state law designed to enhance the protection of Maryland residents’ personal information in the digital space. It imposes strict requirements on businesses and other organizations that collect, use, or share personal data online, ensuring greater transparency and control for individuals. Key provisions include the right for users to access, correct, and delete their data, as well as limitations on how companies can track and target individuals. For university students, faculty, and staff, understanding this law is essential when interacting with online services and platforms, especially when personal data is involved.

 

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. It grants students the right to access their records, request corrections, and control the disclosure of personal information from those records. FERPA applies to all educational institutions that receive federal funding, ensuring that student data is handled with confidentiality and care. Understanding FERPA helps students and their families know their rights when it comes to the privacy of their academic information.

 

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy and security of individuals’ health information. It establishes standards for how healthcare providers, insurers, and other covered entities must handle and protect personal health data. For students, faculty, and staff who interact with medical services on campus or in research settings, HIPAA ensures that sensitive health information remains confidential and secure. Understanding HIPAA helps you recognize your rights when it comes to accessing, sharing, and safeguarding health-related information.

HITECH expands on HIPAA and incentivizes healthcare organizations, including university health services, to adopt secure electronic health record systems, providing more stringent privacy and security protections for electronic health data.

 

The Gramm-Leach-Bliley Act (GLBA) is a federal law that requires financial institutions, including universities offering financial aid or student loans, to protect the privacy and security of sensitive financial information. The law mandates that institutions implement safeguards to prevent unauthorized access to personal financial data, such as Social Security numbers, loan details, and payment information. For universities, complying with GLBA ensures that student and staff financial records are handled responsibly, reducing the risk of identity theft and data breaches. Understanding GLBA is crucial for maintaining the privacy of financial information within the higher education environment.

 

The Electronic Communications Privacy Act (ECPA) is a federal law that protects the privacy of electronic communications, including emails, phone calls, and stored digital data. ECPA sets guidelines for when and how electronic communications can be intercepted or accessed, requiring proper authorization or consent in most cases. For universities, this law ensures that student and employee communications are safeguarded from unauthorized monitoring or disclosure, creating a more secure digital environment. Understanding ECPA helps university members recognize their rights and the limitations on access to their private communications.

 

The Right to Financial Privacy Act (RFPA) is a federal law that protects the confidentiality of personal financial information by limiting when and how government agencies can access an individual’s financial records. For universities that handle student financial aid, tuition payments, or other financial services, RFPA ensures that student and staff financial data cannot be shared with federal authorities without proper consent or legal authorization. Understanding RFPA is important for both university administrators and students to safeguard sensitive financial information and maintain privacy.

 

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) to protect the privacy of individuals’ personal data. It applies to organizations worldwide that handle the personal data of persons located in the EU, including universities engaged in international research or programs. GDPR gives individuals greater control over how their data is collected, used, and shared, ensuring transparency and accountability. Understanding GDPR is important for students, faculty, and staff, particularly when dealing with international collaborations or managing personal data in compliance with global privacy standards.