Laws and Regulations

The Office of Information Security (OIS) coordinates compliance with several digital accessibility, information security, and privacy laws and regulations. Major regulations are referenced here.

Copyright (Copyright and Fair Use, DMCA)

• Copyright and Fair Use: Review the best practices on fair use.
• DMCA: The Digital Millennium Copyright Act of 1998 (DMCA) is a law that protects the rights of creators and controls how digital works are used.

Digital Accessibility (ADA, Section 504, Section 508, TAC 206, and TAC 213)

As a public institution of higher education, Texas A&M University-Corpus Christi (TAMU-CC) is required to comply with the Americans with Disabilities Act (ADA). As a federally funded institution, TAMU-CC is required to comply with US Section 504 and 508 of the Rehabilitation Act of 1973. Learn more about these federal laws on digital accessibility.

As a state-funded institution of higher education, TAMU-CC is required to comply with Texas Administrative Code, Title 1, Chapter 206 (TAC 206) and Chapter 213 (TAC 213). TAC 213 assigns the ultimate responsibility for the accessibility of information and communications technology (ICT) to the President of the University.

Responsibility to administer the digital accessibility requirements of digital accessibility laws and regulations institution-wide is granted to the university's Digital Accessibility Officer (DAO).

• Digital Accessibility Program Plan: TAC 213.41 requires an Electronic and Information Resources Accessibility Coordinator (EIRAC) be designated at each state institution of higher education. The TAMU-CC DAO is the current designated EIRAC. The DAO maintains the Digital Accessibility Program Plan.
• Feedback and accommodations: TAMU-CC has processes for providing digital accessibility accommodations in the Service Portal. Members of the TAMU-CC community can request specific services by reviewing the Accessibility link in the footer of every TAMU-CC webpage. They can also filed complaints through Complaint Form.
• ICT acquisition: TAC 206.70 and TAC 213, sections 30 through 38, require all information and communications technology "developed, procured, or changed by an institution of higher education" to comply with technical accessibility standards. This includes a process to review the compliance of ICT used by the TAMU-CC community which TAMU-CC employees can initiate in the Service Portal. A list of all ICT used by the TAMU-CC community will be maintained in this platform, which will include the accessibility status and renewal date for compliance review.
• Technical accessibility standards: Updates to Title II of the Americans with Disabilities Act include meeting the minimum technical accessibility standards of Web Content Accessibility Guidelines (WCAG) version 2.1, for Level A and Level AA. While these cover web content and mobile applications, ADA requires institutions of higher education to provide equitable access to all ICT, including a means to provide feedback and reasonable accommodations. This includes effective communications which covers all digital content (e.g., websites, electronic documents, email, social media). Therefore, TAMU-CC is adopting WCAG 2.1 AA as the minimum technical standards on all covered ICT acquisitions and appropriate WCAG success criteria on uncovered ICT acquisitions, excluding hardware. Required hardware standards are referenced in Section 508, Chapter 4, per TAC 213.
• Training: TAC 213.39 requires the President "ensure appropriate staff receives training necessary to meet accessibility-related rules". Multiple areas help ensure the information resources under their domain are compliance with digital accessibility laws and regulations. The Digital Accessibility Officer provides digital accessibility training opportunities and resources.

Related university policies [PDF]:

• 08.01.01.C1, Civil Rights Compliance
• 08.01.02.C0.01, Employee/Applicant Requests for Reasonable Accommodations Under the ADA
• 08.01.02.C0.02, Accommodations at University Facilities and Events
• 25.07.03.C0.01, Purchasing Administration
• 25.07.99.C1, Contract Administration
• 29.01.04.C0.01, Electronic and Information Resources Accessibility
• 33.05.02.C0.01, Required Training for Employees and Affiliates
• 61.01.02.C0.01, Public Information
• 61.99.99.C0.02, Web Presence
• 61.99.99.C0.04, Social Media Guidelines

Information Security (TAC 202)

As a state-funded institution of higher education, TAMU-CC is required to comply with Texas Administrative Code, Title 1, Chapter 202 (TAC 202). TAC 202 assigns the ultimate responsibility for the security of information resources to the President of the University.

Responsibility to administer the information security requirements of TAC 202 institution-wide is granted to the university's Chief Information Security and Privacy Officer (CISPO). The head or director of a unit is responsible for ensuring that compliance with TAC 202 is maintained for any information resources owned and operated by the unit.

• Annual Risk Assessment: TAC 202.71 and TAC 202.75 require that a risk assessment be performed and documented by units having ownership or custodial responsibility of information resources. These assessments must be performed at least annually. The President must formally approve the results of the information security assessment and any associated risk management plans.
• Control Catalog: TAC 202.76 requires the adoption of information security controls published by the Texas Department of Information Resources. System Regulation 29.01.03, Information Security [PDF] requires the adoption of information security controls published by The Texas A&M University System [PDF]. This means that all security controls found in the Cybersecurity Control Standards [PDF] are mandatory unless otherwise specified.

Related university policies [PDF]:

• IT Acceptable Use Policy
• 21.01.02.C0.01, Credit Card Collections 
• 25.07.03.C0.01, Purchasing Administration
• 25.07.99.C1, Contract Administration
• 29.01.99.C1, Security of Electronic Information Resources
• 33.05.02.C0.01, Required Training for Employees and Affiliates
• 61.01.02.C0.01, Public Information
• 61.99.99.C0.02, Web Presence
• 61.99.99.C0.04, Social Media Guidelines

Privacy (FERPA, GLBA, and HIPAA)

• FERPA: The Family Educational Rights and Privacy Act (FERPA) which protects the educational records of all students.
• GLBA: The Gramm Leach Bliley Act (GLBA) which requires financial institutions to protect the security and confidentiality of user information.
• HIPPA: The Health Insurance Portability and Accountability Act (HIPAA) requires the protection and confidential handling of protected health information. The university will maintain controls for health data privacy and security which protects Electronic Protected Health Information (ePHI).
• Privacy Policy: View the TAMU-CC Privacy and Security Notice.
• Notice of Privacy Practices: View the TAMU-CC Notice of Privacy Practices.

Payment Card Industry (PCI)

Payment Card Industry (PCI) security standards are required for TAMU-CC to accept credit cards for payment. University Procedure 21.01.02.C0.01, Credit Card Collections [PDF] includes those processes. Any questions concerning PCI compliance can be directed to Office of Information Security (OIS).

Prohibited Technologies in Texas

Texas A&M University-Corpus Christi provides information on prohibited technology and sensitive locations per the System prohibited technology guidelines.