IT Governance

As a state agency, and a public university, Lamar University is required to comply with Federal and state security and privacy laws, Executive orders, TSUS Rules and university policies.

State laws may change annually but generally remain stable, for at least 2 years.

The following presents a non-comprehensive list of federal and state laws.


State and Federal Security Laws

- Criminal Justice Information Services (CJIS) Security Policy
- Computer Fraud and Abuse Act of 1986
- Computer Security Act of 1987
- Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1
- Internal Revenue Services (IRS) Publication 1075
- Texas Administrative Code 202 (Information Security Standards)
- Texas Government Code, Chapter 2054 (Information Resources)
Texas Government Code, Chapter 2059 (Texas Computer Network Security System)
- Texas Penal Code, Title 7, Chapter 33 (Computer Crimes)
- Texas Cybersecurity Framework


State and Federal Privacy Laws

- Family Education Rights and Privacy Act (FERPA)
- Gramm-Leach-Bliley Act of 1999 (GLBA)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Privacy Act of 1974
- Texas Patient Privacy
- Texas Health and Safety Code (Medical Records Privacy)
- Texas Occupations Code, Chapter 159, (Physician – Patient Communication)
- Texas Business and Commerce Code, Ch 503 (Biometric Identifiers)
- Texas Business and Commerce Code, Ch 521 (Unauthorized Use of Identifying Information)
- Texas Government Code, Chapter 552 (Public Information)