Technology Security Laws and Regulations

Computers and information technology are an integral part of college and university life. The increased convenience and power of this technology also brings with it a wide range of compliance concerns, from social media and free speech considerations, to data privacy, identity theft, and copyright issues.

Americans With Disabilities Act (ADA)


The Americans With Disabilities Act (ADA) is a civil rights law that prohibits discrimination against individuals with disabilities in all areas of public life, including jobs, schools, transportation, and all public and private places that are open to the general public. The purpose of the law is to make sure that people with disabilities have the same rights and opportunities as everyone else.  This applies to campus technologies and websites as well.  

More Information

University Contacts: 

AVP for Information Technology / CIO:  cio@spu.edu
Educational Technology and Media:  etm@spu.edu
Disability Support Services: dss@spu.edu

Accessibility - Section 508 of the Rehabilitation Act


The Accessibility - Section 508 of the Rehabilitation Act of 1973 mandated that "all electronic and information technology used by the federal government be accessible to people with disabilities." Although the original intent of Section 508 was to provide accessibility in the federal sector, it has been widely accepted that colleges and universities are subject to its requirements under Title II because they almost universally receive some form of federal funding. Because of this, accessibility — especially in ICT — is becoming one of the most challenging areas for higher education to recognize and address proactively. 

More Information

University Contacts: 

AVP for Information Technology / CIO:  cio@spu.edu
Educational Technology and Media:  etm@spu.edu
Disability Support Services: dss@spu.edu

CAN-SPAM Act


The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. The CAN-SPAM Act covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on University websites.  The most critical requirement for SPU is honoring opt-out requests promptly but constituents not wishing to receive communications from the University.

More Information

University Contact: 

AVP for Information Technology / CIO:  cio@spu.edu

Computer Fraud and Abuse Act (CFAA)


The Computer Fraud and Abuse Act criminalizes unauthorized access to a "protected computer" with the intent to obtain information, defraud, obtain anything of value or cause damage to the computer. A "protected computer" is defined as a computer that is used in interstate or foreign commerce or communication or by or for a financial institution or the government of the United States. In light of the "interstate or foreign commerce" criterion, the act of "hacking" into a secure web site from an out-of-state computer, which may have occurred when the Princeton admissions officer accessed Yale’s "secure" web site, could be considered a CFAA violation (although both schools took pains to say that they were not seeking any civil or criminal prosecutions). The fact that both ECPA and CFAA are criminal statutes considerably raises the ante.

University Contact: 

AVP for Information Technology / CIO:  cio@spu.edu

Digital Millennium Copyright Act (DMCA)


The  Digital Millennium Copyright Act of 1998 (DMCA)  and the  Higher Education Opportunity Act (HEOA) of 2008  require that  SPU takes active measures against copyright violators when notified by the content owner and that the University manage's a digital copyright compliance program that consists of four components:

  1. Annual disclosure/education and awareness
  2. A strategy for effectively combating the distribution of unauthorized copyrighted materials
  3. Provision of alternative sources for authorized copies of copyrighted materials
  4. Strategic plan review

More Information

Violation Examples

The following data and activities are subject to digital copyright compliance regulations:

  • Third-party content shared through social media sites, such as YouTube, or peer-to-peer (P2P) file sharing technology, such as BitTorrent
  • Making copies of copyrighted works available or acquiring unauthorized copies of copyrighted works

University Contact

DMCA Agent for Seattle Pacific University:  CIS-DMCA@spu.edu

Electronic Communications Privacy Act (ECPA)


The  Electronic Communications Privacy Act broadly prohibits the unauthorized use or interception by any person of the contents of any wire, oral or electronic communication. Protection of the "contents" of such communications, however, extends only to information concerning the "substance, purport, or meaning" of the communications. In other words, the ECPA likely would not protect from disclosure to third parties information such as the existence of the communication itself or the identity of the parties involved. As a result, the monitoring by institutions of students’ network use or of network usage patterns, generally, would not be prohibited by the ECPA.

University Contact: 

AVP for Information Technology / CIO:  cio@spu.edu