Health information is protected under the Health Information Portability and Accountability Act (HIPAA).  The HIPAA Privacy Office manages privacy of HIPAA-protected health information.


Student records are protected under the Family Educational Rights and Privacy Act (FERPA).  The University Regsistrars manage student privacy, including notification of student privacy rights. 


The European Commision issued data privacy rules known as the General Data Protection Regulation (GDPR).  GDPR governs data collected about individuals located in the EU.  

Other Privacy Regulations

Currently a number of US states (Conneciticut, California, Virginia, Washington) and nations (Brazil, Canada,  Uganda, United Kingdon) have or are in the process of developing privacy statutes.   For information on  specific  regional privacy requirements, contact the Privacy Office 


The University has implemented minimum security standards based on data risk classification.  Please see Yale Cybersecurity for details.