The First Preventers Program and Tools is designed to help schools, organizations, and communities meet and exceed many local, state, and federal compliance mandates. In the chart below you will find a number of laws and acts that the Program helps to meet the compliance requirements for.
If you don’t see one listed here and would like to know more, feel free to contact us directly for more information.
|Law or Act Name||Industry||Description|
|Family Educational Rights and|
Privacy Act (FERPA)
|K12, Higher Education||34 CFR § 99.8 What provisions apply to records of a law enforcement unit?
(a) (1) "Law enforcement unit" means any individual, office, department, division, or other component of an educational agency or institution, such as a unit of commissioned police officers or non-commissioned security guards, that is officially authorized or designated by that agency or institution to-
(i) Enforce any local, State, or Federal law, or refer to appropriate authorities a matter for enforcement of any local, State, or Federal law against any individual or organization other than the agency or institution itself; or
(ii) Maintain the physical security and safety of the agency or institution.
(2) A component of an educational agency or institution does not lose its status as a "law enforcement unit" if it also performs other, non-law enforcement functions for the agency or institution, including investigation of incidents or conduct that constitutes or leads to a disciplinary action or proceedings against the student.
(b) (1) Records of law enforcement unit means those records, files, documents, and other materials that are- (i) Created by a law enforcement unit;
(ii) Created for a law enforcement purpose; and
(iii) Maintained by the law enforcement unit.
(2) Records of law enforcement unit does not mean –
(i) Records created by a law enforcement unit for a law enforcement purpose that are maintained by a component of the educational agency or institution other than the law enforcement unit; or
(ii) Records created and maintained by a law enforcement unit exclusively for a non-law enforcement purpose, such as a disciplinary action or proceeding conducted by the educational agency or institution.
(c)(1)Nothing in the Act prohibits an educational agency or institution from contacting its law enforcement unit, orally or in writing, for the purpose of asking that unit to investigate a possible violation of, or to enforce, any local, State, or Federal law.
(2) Education records, and personally identifiable information contained in education records, do not lose their status as education records and remain subject to the Act, including the disclosure provisions of § 99.30, while in possession of the law enforcement unit.
(d) The Act neither requires nor prohibits the disclosure by any educational agency or institution of its law enforcement unit records.
|Health Insurance Portability and Accountability Act (HIPAA), 45 CFR § 164.512 Uses and disclosures for which an authorization or opportunity to agree or object is not required.||K12, Higher Education, Healthcare, Corporate, General||(j) Standard: Uses and disclosures to avert a serious threat to health or safety—
(1) Permitted disclosures. A covered entity may, consistent with applicable law and standards of ethical conduct, use or disclose protected health information, if the covered entity, in good faith, believes the use or disclosure:
(i)(A) Is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public; and
(B) Is to a person or persons reasonably able to prevent or lessen the threat, including the target of the
(ii) Is necessary for law enforcement authorities to identify or apprehend an individual:
(A) Because of a statement by an individual admitting participation in a violent crime that the covered entity reasonably believes may have caused serious physical harm to the victim; or
(B) Where it appears from all the circumstances that the individual has escaped from a correctional institution or from lawful custody, as those terms are defined in § 164.501.
(2) Use or disclosure not permitted. A use or disclosure pursuant to paragraph (j)(1)(ii)(A) of this section may not be made if the information described in paragraph (j)(1)(ii)(A) of this section is learned by the covered entity:
(i) In the course of treatment to affect the propensity to commit the criminal conduct that is the basis for the disclosure under paragraph (j)(1)(ii)(A) of this section, or counseling or therapy; or
(ii) Through a request by the individual to initiate or to be referred for the treatment, counseling, or therapy described in paragraph (j)(2)(i) of this section.
(3) Limit on information that may be disclosed. A disclosure made pursuant to paragraph (j)(1)(ii)(A) of this section shall contain only the statement described in paragraph (j)(1)(ii)(A) of this section and the protected health information described in paragraph (f)(2)(i) of this section.
(4) Presumption of good faith belief. A covered entity that uses or discloses protected health information pursuant to paragraph (j)(1) of this section is presumed to have acted in good faith with regard to a belief described in paragraph (j)(1)(i) or (ii) of this section, if the belief is based upon the covered entity's actual knowledge or in reliance on a credible representation by a person with apparent knowledge or authority.
Learn more by visiting HHS.gov.
|Recommended Practices for Virginia College Threat Assessment||Higher Education||Section V. Confidentiality and Information Sharing
4. Threat assessment files should be maintained in the law enforcement security records of the institution rather than in the subject’s education records or employment records.
6. Institutions that do not have an internal law enforcement agency may designate a particular office or school official to maintain threat assessment records. In all cases, threat assessment records should be regarded as law enforcement/security related records, even if the person in charge of maintaining the records is not a sworn law enforcement officer. The person designated as the campus safety official for the purpose of fulfilling Clery Act requirements may be appropriate.
7. The creation of a threat assessment file will not prevent use of other records according to existing practices. For example, disciplinary actions that would ordinarily be included in the subject’s educational or employment record should continue to be placed in those records. Incidents of threatening behavior that would ordinarily be recorded in an institutional file, such as an employment record, should continue to be placed in those locations.
|American National Standard (ASIS/SHRM WVPI.1-2011): Workplace Violence Prevention and Intervention||General, Corporate||Section 6.2.7 Centralized Record Keeping.
The workplace violence prevention and intervention program should include a system of centralized record keeping, making sure that all reports made under workplace violence prevention policy are recorded and tracked. A system of centralized record keeping becomes especially important in large organizations, where offenders can at times move to various positions within the organization. Record keeping will also allow for ongoing monitoring of incidents to identify high-risk areas within the workplace, or customers, clients, or patients who repeatedly demonstrate problematic behavior.
All information in such reports should be handled with the highest degree of confidentiality and shared on a strict “need-to-know” basis for the purposes of Incident Management and follow-up monitoring by current and future management.
Bill 179 "David's Law"
|K12||- School district are required to include cyberbullying
policies into district policies and notify
parents if their child has been the victim
of bullying or is the alleged aggressor.
- The bill requires school districts to develop an anonymous system to report bullying and threats.
- School districts have a greater ability to investigate off campus bullying if they see it
materialize in school, enabling school districts and law enforcement agencies to collaborate on investigations.
- The legislation enables law enforcement to
unmask anonymous social media users who
|GLBA & Institutes of Higher Education (IHE)||Higher Education||In 2003, the Institutes of Higher Education (IHE) were added to the list of those who must
comply with the requirements of GLBA, however, the IHE were never audited specically on
the requirements outlined within the GLBA safeguards and guidelines.
As of 2018, the Education Department (ED) has added these requirements to the audit list for
Institutes of Higher Education due to their work with Financial aid and other Financial
|Title IX||K12, Higher Education||Title IX applies to institutions that receive federal financial assistance from the Department of Education, including state and local educational agencies. These agencies include approximately 16,500 local school districts, 7,000 postsecondary institutions, as well as charter schools, for-profit schools, libraries, and museums. Also included are vocational rehabilitation agencies and education agencies of 50 states, the District of Columbia, and territories and possessions of the United States.
Educational programs and activities that receive ED funds must operate in a nondiscriminatory manner. Some key issue areas in which recipients have Title IX obligations are: recruitment, admissions, and counseling; financial assistance; athletics; sex-based harassment; treatment of pregnant and parenting students; discipline; single-sex education; and employment. Also, a recipient may not retaliate against any person for opposing an unlawful educational practice or policy, or made charges, testified or participated in any complaint action under Title IX. For a recipient to retaliate in any way is considered a violation of Title IX.
Click here to learn more.
|Clery Act||Higher Education||The Clery Act requires colleges and universities that receive federal funding to disseminate a public annual security report (ASR) to employees and students every October 1st. This ASR must include statistics of campus crime for the preceding 3 calendar years, plus details about efforts taken to improve campus safety. The Act also requires certain real-time statistics to be accessible to the public.
ASRs must also include policy statements regarding (but not limited to) crime reporting, campus facility security and access, law enforcement authority, incidence of alcohol and drug use, and the prevention of/response to sexual assault, domestic or dating violence, and stalking.