Regulations, Guides and Standards

Regulations, Guides, and Standards:

The Family Educational Rights & Privacy Act (FEPRA) addresses a students rights to their individual educational records. As a student over the age of 18 years or enrolled in a postsecondary institution, their primary rights under FERPA are the right to review and inspect their educational records, the right to have their educational records amended or corrected and the right to control disclosure of certain portions of the educational records.
You can find more information about FERPA on the U.S. Department of Education’s website.
Faculty and staff should click here for Northeastern-specific FERPA information related to student data.

Mass. 201 CMR 17.00, which are the Massachusetts regulations for the Protection of
Personal Information of Residents of the Commonwealth of Massachusetts.

Massachusetts General Laws Chapter 266, Sections 33(a) and 120(f), which impose
sanctions for, among other acts, destroying electronically processed and stored data
or gaining unauthorized access to a database or computer system.

Massachusetts General Laws Chapter 272, Section 99, which regulates and prohibits
recording of communications without the permission of participants, including but not
limited to telephone conversations. The law also includes prohibitions on possession,
editing, and disclosure of recordings.

United States Code, Title 18, Section 1030 et seq., Computer Fraud and Abuse Act,
which imposes sanctions for, among other acts, knowingly accessing a computer
without authorization or in excess of authorized access, knowingly causing damage
to protected computers, or trafficking in password information.

United States Code, Title 18, Section 2510 et seq., Electronic Communications
Privacy Act, which imposes sanctions for, among other acts, interception of wire, oral
or electronic communications.

United States Code, Title 18, Sections 2701 et seq., Stored Wire and Electronic
Communications and Transactional Records Act, which imposes sanctions for,
among other acts, intentionally accessing without authorization, a facility through
which electronic communication service is provided, or intentionally exceeding
authorization to access a facility, thereby obtaining, and thereby obtaining, altering,
or preventing authorized access to a wire or electronic communication while it is in
electronic storage.

United States Code, Title 47, Section 223 (H)(1) et seq., Communications Act of 1934
(as amended), which imposes sanctions for, among other acts, use of any device or
software that can be used to originate telecommunications or other types of
communications that are transmitted in whole or in part by the internet, without
disclosing the sender’s identity, and with intent to annoy, abuse, threaten or harass
any person who receives the communications.