Key Privacy Regulations


Personal information collected and processed by GW in the course of university operations is protected by various privacy laws and regulations, including but not limited to the Family Educational Rights and Privacy Act (FERPA), Gramm-Leach Bliley Act (GLBA), and the General Data Protection Regulation (GDPR).  

Under FERPA (Family Educational Rights and Privacy Act of 1974) the university is required to protect the privacy of  students' personally identifiable information.

Click to view our FERPA page.

The General Data Protection Regulation (GDPR) is a regulation in EU law, which protects the privacy of European Union’s (EU) residents' personal data.

Click to view our GDPR page.

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.

Click to view our GLBA page.

The Health Insurance Portability and Accountability Act (HIPAA) is a Federal law that requires the protection and confidential handling of protected health information.

Click to view our HIPAA page.

The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements designed to ensure that companies that process, store, or transmit credit card information maintain a secure environment.

All university departments that accept credit cards are required to participate in a PCI compliance program that is administered by Treasury Management in partnership with GW Information Technology.

For more information regarding compliance requirements, contact Treasury Management at [email protected].


PCI Data Security Standard Overview

PCI Compliance Guide

GW Credit Card & Merchant Services