IDENTITY THEFT PREVENTION PROGRAM
|
|
- Jayson Melton
- 6 years ago
- Views:
Transcription
1 IDENTITY THEFT PREVENTION PROGRAM Implemented October 2009 Page 1
2 Table of Contents Background... 3 Purpose... 3 Definitions... 3 Pretext Calling... 4 Receiving Telephone Calls... 5 Change of Address... 5 Protecting Hard Copy Material... 6 Protecting Information in Electronic Format... 6 Releasing Student Information... 6 Releasing Employee Information... 6 Overall Security... 7 Red Flag Indicators... 7 Preventing and Mitigating Identity Theft... 8 Written Notification: Identity Theft... 9 Procedures, Request for Information... 9 Assisting Victims of Identity Theft Service Provider Arrangements Program Oversight Updating the Program Links Page 2
3 Background The Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) have issued regulations (the Red Flags Rules) requiring financial institutions and creditors to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of The programs must be in place and must provide for the identification, detection, and response to patterns, practices, or specific activities known as red flags that could indicate identity theft. Riverland Community College (hereinafter College ) has developed this program (hereinafter Program ) pursuant to those rules. Purpose The purpose of this document is to establish an Identify Theft Prevention Program in compliance with Part 681 of Title 16 of the Code of Federal Regulations implementing Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003 designed to detect, prevent and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for continued administration of the Program. These guidelines are intended to heighten awareness and: 1. Identify relevant red flags for covered accounts it offers or maintains and incorporate those red flags into the Program; 2 Detect red flags that have been incorporated into the Program; 3 Respond appropriately to any red flag that has been detected to prevent and mitigate identity theft; and 4 Ensure the Program is updated periodically to reflect changes in risks to students and employees or to the safety and soundness of the creditor from identity theft. The Program shall incorporate existing policies and procedures that control reasonably foreseeable risks. Definitions Identity Theft means fraud committed or attempted using the identifying information of another person without authority. A Covered Account means an account the College offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions or an account that the College offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the College from identity theft. A Red Flag is a pattern, practice, or specific activity that indicates the possible existence of identity theft. Program Administrator is the individual designated with primary responsibility for the Program at the College. Page 3
4 Identifying Information is any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including: Name (including maiden and/or former name) Address Telephone number Social security number or taxpayer identification number Driver s license or identification number Alien registration or passport number Customer number Employee identification number Computer s Internet Protocol (IP) address Credit card number and expiration date, including cardholder name and address Student loan information Income tax documents Deferred tuition payments Bank account and routing numbers Other items that may be used in conjunction with personal information may be: Paychecks Pay stubs Flexible benefits plan Doctor names and claims Insurance claims Any related personal medical information Pretext Calling Pretext calling is a fraudulent means of obtaining an individual s personal information. Armed with limited information, such as a customer s name, address and/or social security number, a pretext caller may pose as a customer or an employee in an attempt to convince another employee to divulge confidential information. One way that wrongdoers improperly obtain personal information of customers in order to commit identity theft is by contacting someone, posing as a customer or someone authorized to have the customer s information, and convincing an employee to release customer identifying information. It is important that each employee understand this and know what to do if they think it is happening. The list below identifies potential pretext caller situations. While calls that resemble these examples are not necessarily pretext calls, extra care should be taken to ensure the authenticity of the call: a. A caller who cannot provide all relevant information; b. An employee caller whose Caller ID does not agree with that employee s location; c. A caller who is abusive and attempts to get information through intimidation; Page 4
5 d. A caller who tries to distract a College employee by being overly friendly or engaging the employee in unrelated chit-chat in an effort to change the employee s focus and, e. Any caller who appears to be trying to get the employee to circumvent MnSCU or College policy through some tactic that is intended to persuade the employee. Pretext callers may nibble employees until they build a complete customer profile. Callers may also nibble for information about College employees. After numerous successful attempts the pretext caller has obtained sufficient information to create a complete profile. As such, College employees need to treat all information as highly sensitive and confidential. It is important to document and detail any unusual telephone calls that you may receive. Receiving Telephone Calls Before giving information to a caller, the College employee should verify to whom they are talking by saying: Due to security requirements please verify your name, your tech ID, address, date of birth, and or phone number. If the caller is anyone other than the person identified on the account, we should not give information without a written consent from the client. Caution: Be very careful when talking to anyone other than the person on the account. If they seem to be fumbling, or fishing for information from you - be aware! If a customer asks you to change their name- request they send official documentation such as a copy of the driver s license, marriage certificate or divorce papers, or legal documents changing their name along with a written request to do this. If a customer requests you change their social security or taxpayer ID number, request they send official documentation (copy of the new social security card or verification of taxpayer ID number change) along with a written request to do this. Change of Address If a client calls to change their address, the College employee should verify whom they are talking to by saying: Due to security requirements please verify your name, your tech ID, address, date of birth, and or phone number. If the caller is anyone other than the person identified on the account, we should not give information without a written consent from the client. Once the information is verified, the address may be changed. For student loans, the Student Loan Servicer, ECSI, will be sending an to the student: You recently changed your address and if this was not you, please contact us immediately. For non- Page 5
6 student loan accounts, if applicable, the College employee completing the name change will send a verification letter to the client stating the change of address and requesting they contact us if this action was not appropriate. Protecting Hard Copy Material All employees shall comply with the following requirements: a. File cabinets, desk drawers, overhead cabinets, and any other storage space containing documents with Identifying Information must be locked when not in use. b. Storage rooms containing documents with Identifying Information and record retention areas must be locked at the end of each workday or when unsupervised. c. Desks, workstations, work areas, printers and fax machines, and common shared work areas must be cleared of all documents containing Identifying Information when not in use. d. Records may only be destroyed in accordance with retention policy and applicable law. Identifying Information must be destroyed in a secure manner. Protecting Information in Electronic Format All employees will comply with the following requirements: a. Identifying Information shall not be stored on unsecured or unprotected desktop or laptop computers. b. Sensitive information shall not be stored on home computers, personal mobile devices, or portable media. c. Securely store and distribute all sensitive information in an electronic format. d. Never send Identifying Information by . e. Credit card information should only be stored in compliance with Payment Card Industry Data Security Standards (PCIDSS). Releasing Student Information A parent may obtain information involving an adult son or daughter with a signed FERPA release form submitted by the student. Employees who have access to data must understand and comply with the FERPA regulations that state information is not provided unless approved in writing. Students are required to give this written authorization to the Registrar s Office if their information is to be shared with another party. Releasing Employee Information The College is sensitive to the personal data that is maintained in employee personnel files and will not share information except with the written consent of the employee. Page 6
7 Overall Security Social Security numbers are not used as student or employee identification numbers. Access to non-directory student data in ISRS is restricted based on employees duties. Employees who have approved access to the administrative information database may only use the information to perform official College duties. Employees with access to non-directory student data must be trained regularly on FERPA and Red Flag regulations. Red Flag Indicators The following Red Flags are potential indicators of fraud. Anytime a Red Flag, or a situation closely resembling a Red Flag, is apparent, it should be investigated for verification. a. Alerts, notifications, or warnings from a consumer reporting agency. Examples of these Red Flags include the following: A fraud or active duty alert included with a consumer report; A notice of credit freeze from a consumer reporting agency in response to a request for a consumer report; A notice of address discrepancy from a consumer reporting agency as defined in (b) of the Fairness and Accuracy in Credit Transactions Act; and A consumer report that indicates a pattern of activity inconsistent with the history and usual pattern of activity of an applicant or customer b. Suspicious documents. Examples of these Red Flags include the following: Documents provided for identification that appear to have been altered or forged; The photograph or physical description on the identification is not consistent with the appearance of the student, faculty, staff, and other constituent presenting the identification; Other information on the identification is not consistent with information provided by the person opening a new covered account or student, faculty, staff, and other constituent presenting the identification; Other information on the identification is not consistent with readily accessible information that is on file with the College; and An application appears to have been altered or forged, or gives the appearance of having been destroyed and reassembled. c. Suspicious personally identifying information. Examples of these Red Flags include the following: Personally identifying information provided is inconsistent when compared against external information sources used by the College; Personally identifying information provided is associated with known fraudulent activity as indicated by internal or third-party sources used by the College; Personally identifying information provided is of a type commonly associated with fraudulent activity as indicated by internal or third-party sources used by the College; Page 7
8 The SSN provided is the same as that submitted by another student, faculty, staff, or constituent; Personally identifying information provided is not consistent with personal identifying information that is on file with the College; and When using security questions (mother s maiden name, pet s name, etc.), the person opening the covered account cannot provide authenticating information beyond that which generally would be available from a wallet or consumer report. d. Unusual use of, or suspicious activity related to, the Covered Account. Examples of these Red Flags include the following: Shortly following the notice of a change of address for a covered account, the College receives a request for new, additional, or replacement goods or services, or for the addition of authorized users on the account; Payments stop on an otherwise consistently up-to-date account; Account used in a way that is not consistent with prior use; A request to mail something to an address not listed on file; Mail sent to the student is repeatedly returned as undeliverable; Notice to the College that a student is not receiving mail sent by the College; Notice that an account has unauthorized activity; A request made from a non-college issued account; Breach in the College s or ECSI s computer system security; and Unauthorized access to or use of client account information. e. Alerts from Others Notice from a customer, Identity Theft victim, law enforcement, or other person that the College has opened or is maintaining a fraudulent account for a person engaged in Identity Theft. Preventing and Mitigating Identity Theft In the event College personnel detect any identified Red Flags, such personnel shall take one or more of the following steps, depending on the degree of risk posed by the Red Flag: a. Continue to monitor a Covered Account for evidence of Identity Theft; b. Contact the customer or employee; c. Change any passwords or other security devices that permit access to Covered Accounts; d. Not open a new Covered Account; e. Provide the customer or employee with a new College identification number; f. Notify the Program Administrator for determination of the appropriate step(s) to take; g. Notify law enforcement; h. File or assist in filing a Suspicious Activities Report ( SAR ); or i. Determine that no response is warranted under the particular circumstances. Page 8
9 Written Notification: Identity Theft The customer or employee is required to notify Minnesota State Colleges & Universities in writing if they suspect they are a victim of identity theft. The initial notification may be made by phone or in writing. The account will be marked but, the customer or employee must complete the Notification of Suspected Identity Theft form (attached). If a College employee receives such information directly from a working partner, the employee should take information given by the victim (i.e., the information must come directly from the customer or employee). Do not give any information regarding the account to the customer or employee. It is critical that we first verify we are dealing with the victim of Identity Theft rather than the perpetrator of the crime. Inform the customer or employee that we will contact them after verifying the Police Case Number or FTC affidavit of identity theft. Procedures, Request for Information If an apparent victim of Identity Theft makes an appropriate request for information, the College Compliance Officer shall supply the account or loan application and the business transaction records to the apparent victim. An appropriate request must: a. Be in writing: b. Be mailed to: Riverland Community College th Avenue NW Austin, MN Before supplying the information to the victim, the Compliance Officer must require the victim to provide the following: c. Positive proof of identification using one or more current, valid photo identification including: - U.S. driver s license - State issued identification card - Passport - Military identification card d. Proof of claim of Identity Theft including both: - A copy of a police report evidencing the claim of the victim of identity theft; and - A properly completed copy of a FTC affidavit of identity theft. The Compliance Officer will complete the Request of Information Related to Identity Theft and submit the form to the Program Administrator for approval to block the reporting of identity theft information to Credit Reporting Agency. (For student loans this step must be processed by ECSI as they are the servicer of our loans). The Program Administrator shall maintain the Request Form and attached records for five (5) years after the date of receipt. The Compliance Officer should keep a copy of these records as well. Page 9
10 Assisting Victims of Identity Theft a. Suggest that the customer or employee contact the fraud department of each of the three major credit bureaus and request that the credit bureaus place a fraud alert and a victim s statement in the customer s credit file. The fraud alert puts creditors on notice that the customer has been the victim of fraud and the victim s statement asks creditors not to open additional accounts without first contacting the customer. The following are the phone numbers of the three national credit bureaus: - Equifax (800) Experian (888) Trans Union (800) b. Suggest the customer or employee request from the credit bureaus a free credit report. Credit bureaus must provide a free credit report if the customer believes the report is inaccurate due to fraud. c. Suggest the customer or employee contact all financial institutions and creditors where the customer or employee has accounts. The customer or employee should request that they restrict access to the account, change any password or close the account altogether, if there is evidence that the account has been the target of Identity Theft. d. Suggest the customer or employee file a police report to document the crime. e. Suggest the customer or employee contact the Federal Trade Commission (FTC) Identity Theft Hotline at (877) ID-THEFT ( ). The FTC puts the information into a secure consumer fraud database and shares it with local, state and federal law enforcement agencies. You may also refer the customer or employee to the following website: these resources can provide the customer with step-by-step assistance in handling Identity Theft. Service Provider Arrangements In the event the College engages a service provider to perform an activity in connection with one or more Covered Accounts, the College must take the following steps to ensure the service provider performs its activity in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of Identity Theft. a. Require, by contract, that the service provider has such policies and procedures in place; and b. Require, by contract, that the service provider review the College s Program and report any Red Flags to the responsible Program Administrator of the College or employee with primary oversight of the service provider relationship. Page 10
11 To comply with these requirements, review current contracts that may concern MnSCU Covered Accounts and, if appropriate, propose an amendment containing the following provision: RED FLAG RULES. Vendor agrees that in fulfilling the duties of this agreement, Vendor is responsible for complying with the Federal Trade Commission s Red Flag Rules, implementing Section 114 of the Fair and Accurate Credit Transactions Act of The Vendor agrees to have policies and procedures to detect relevant Red Flags that may arise in the performance of this agreement and to take appropriate steps to prevent or mitigate identify theft relating to this agreement. Vendor shall provide a copy of its written program to MnSCU. If requested by MnSCU, Vendor shall report any Red Flags concerning MnSCU s covered accounts and this contract to MnSCU s authorized representative. Attachment 1 to this guideline document contains a sample amendment containing this language. Authorized representatives for these contracts should also obtain a copy of the vendor s written program. Finally, the provision should be included in new contracts with vendors implicating MnSCU s covered accounts. Program Oversight Responsibility for developing, implementing and updating this Program lies with the College s Vice President of Finance and Facilities. The Vice President is responsible for: Program administration; Ensuring appropriate training of the College s employees on the Program; Reviewing staff reports regarding the detection of red flags on the identified Covered Accounts and the steps for preventing and mitigating identity theft; Determining which steps of preventions and mitigation should be taken in particular circumstances; and Considering periodic changes to the Program. Updating the Program The Program will be periodically reviewed and updated to reflect changes in risks to students and employees. 1. The Program will be re-evaluated annually to determine whether all aspects of the Program are current and applicable in the current business environment. 2. Periodic reviews will include an assessment of which accounts are covered by the Program. 3. As part of the review, Red Flags may be revised, replaced, or eliminated. 4. Revisions involving actions to take in the event that fraudulent activity is discovered may be needed to reduce damage to the College, its employees, and students. Page 11
12 Links Federal Trade Commission Federal Register 11/9/ Federal Trade Commission Press Release 10/31/ Information for Financial Aid Professionals Press Release 10/14/ Page 12
ST. CLOUD STATE UNIVERSITY IDENTITY THEFT PREVENTION PROGRAM Effective November 1, 2009
TABLE OF CONTENTS BACKGROUND:... 2 PURPOSE:... 2 DEFINITIONS:... 2 GUIDELINES:... 3 1. Identify theft... 3 2. Changing Account Data... 3 3. Pretext Calling... 3 4. Receiving Telephone Calls:... 4 5. Receiving
Minnesota State University, Mankato
Minnesota State University, Mankato Identity Theft Prevention Program (Updated July 2009) BACKGROUND Red Flag Overview, Summary of Law and Regulation: The Federal Trade Commission (FTC), the federal bank
University of Tennessee's Identity Theft Prevention Program
IDENTITY THEFT PREVENTION PROGRAM 1. BACKGROUND The University of Tennessee (UT) developed this Identity Theft Prevention Program pursuant to the Federal Trade Commission s Red Flags Rule, Section 114
Ferris State University
Ferris State University BUSINESS POLICY TO: All Members of the University Community 2009:08 DATE: May 2009 I. BACKGROUND IDENTITY THEFT PREVENTION PROGRAM The risk to the University, and its students,
IDENTITY THEFT PREVENTION
IDENTITY THEFT PREVENTION Policy Title: Identity Theft Prevention Program Policy Type: Administrative Policy Number: #41-07 (2014) Approval Date: 05/12/2015 Responsible Office: University Controller Responsible
IDENTITY THEFT PREVENTION (Red Flag) POLICY
IDENTITY THEFT PREVENTION (Red Flag) POLICY The risk to the College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only through
Red Flag Identity Theft Financial Policy 1.10
Issued: 05/16/2014 Revised: Policy and College ( Seminary ) developed this Identity Theft Prevention Program ("Program") pursuant to the Federal Trade Commission's ( FTC ) Red Flags Rule, which implements
Identity Theft Prevention Program (Approved by the Board of Trustees)
Administrative Regulation 8:8 Responsible Office: EVPFA Date Effective: 9/15/2009 Supersedes Version: No previous version Identity Theft Prevention Program (Approved by the Board of Trustees) Major Topics
The University of North Carolina at Charlotte Identity Theft Prevention Program
The University of North Carolina at Charlotte Identity Theft Prevention Program Program Adoption As a best practice and using as a guide the Federal Trade Commission s ( FTC ) Red Flags Rule ( Rule ),
A Guide to Benedictine College and Identity Theft
IDENTITY THEFT PREVENTION PROGRAM The risk to Benedictine College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only through
MCPHS IDENTITY THEFT POLICY
SECTION 1: BACKGROUND MCPHS IDENTITY THEFT POLICY The risk to the College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only
SOUTH TEXAS COLLEGE. Identity Theft Prevention Program and Guidelines. FTC Red Flags Rule
SOUTH TEXAS COLLEGE Identity Theft Prevention Program and Guidelines FTC Red Flags Rule Issued June 24, 2009 Table of Contents Section Section Description Page # 1 Section 1: Program Background and Purpose
These rules became effective August 1, 2009, and require certain agencies to implement an identity theft program and policy.
Red Flag Policy Protecting your privacy is of paramount importance at Missouri Southern State University, and we are dedicated to the responsible handling of your personal information. We are very committed
Identity Theft Prevention Program
Identity Theft Prevention Program DATE: 10/22/2015 VERSION 2015-1.0 Abstract Purpose of this document is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity
Wake Forest University. Identity Theft Prevention Program. Effective May 1, 2009
Wake Forest University Identity Theft Prevention Program Effective May 1, 2009 I. GENERAL It is the policy of Wake Forest University ( University ) to comply with the Federal Trade Commission's ( FTC )
01.230 IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS)
01.230 IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS) Authority: Board of Trustees History: Effective May 1, 2009 (approved initially April 24, 2009) Source of Authority: Related Links: Responsible Office:
The Florida A&M University. Identity Theft Prevention Program. Effective May 1, 2009
The Florida A&M University Identity Theft Prevention Program Effective May 1, 2009 I. PROGRAM ADOPTION This Identity Theft Prevention Program ("Program") is established pursuant to the Federal Trade Commission's
Identity theft. A fraud committed or attempted using the identifying information of another person without authority.
SUBJECT: Effective Date: Policy Number: Identity Theft Prevention 08-24-11 2-105.1 Supersedes: Page Of 2-105 1 8 Responsible Authority: Vice President and General Counsel DATE OF INITIAL ADOPTION AND EFFECTIVE
I. Purpose. Definition. a. Identity Theft - a fraud committed or attempted using the identifying information of another person without authority.
Procedure 3.6: Rule (Identity Theft Prevention) Volume 3: Office of Business & Finance Managing Office: Office of Business & Finance Effective Date: December 2, 2014 I. Purpose In 2007, the Federal Trade
Central Oregon Community College. Identity Theft Prevention Program
Central Oregon Community College Identity Theft Prevention Program Effective beginning May 1, 2009 I. PROGRAM ADOPTION This program has been created to put COCC in compliance with Section 41.90 under the
THE LUTHERAN UNIVERSITY ASSOCIATION, INC. d/b/a Valparaiso University IDENTITY THEFT PREVENTION PROGRAM
THE LUTHERAN UNIVERSITY ASSOCIATION, INC. d/b/a Valparaiso University IDENTITY THEFT PREVENTION PROGRAM SECTION 1: BACKGROUND The risk to Valparaiso University ("University"), its employees, students (in
Green University. Identity Theft Prevention Program. Effective beginning October 31, 2008
Green University Identity Theft Prevention Program Effective beginning October 31, 2008 1 I. PROGRAM ADOPTION Green University ( University ) developed this Identity Theft Prevention Program ("Program")
Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009
Pacific University Policy Governing Identity Theft Prevention Program Red Flag Guidelines Approved June 10, 2009 Program adoption Pacific University developed this identity Theft Prevention Program ( Program
Model Identity Theft Policy and Adopting Resolution
Model Identity Theft Policy and Adopting Resolution, Tennessee RESOLUTION NO. A RESOLUTION ADOPTING AN IDENTITY THEFT POLICY WHEREAS, The Fair and Accurate Credit Transactions Act of 2003, an amendment
THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM
Program Adoption THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM As a best practice and using as a guide the Federal Trade Commission s ( FTC ) Red Flags Rule, implementing
NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES)
NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES) Section 1. NSHE... 2 Section 2. UNR... 4 Section 3. WNC... 9 Chapter 13,
Oklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention
Oklahoma State University Policy and Procedures Rules and Identity Theft Prevention 3-0540 ADMINISTRATION & FINANCE July 2009 Introduction 1.01 Oklahoma State University developed this Identity Theft Prevention
Identity Theft Prevention Program
Smyth County Policy Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in
Identity Theft Prevention Program
Identity Theft Prevention Program I. PROGRAM PURPOSE AND DEFINITIONS The purpose of this Identity Theft Prevention Program ( Program ) is to detect, prevent and mitigate identity theft in connection with
Village of Brockport Identity Theft Prevention Program Effective December 1, 2009 Confirmed 7/21/14
Village of Brockport Identity Theft Prevention Program Effective December 1, 2009 Confirmed 7/21/14 I. PROGRAM ADOPTION The Village of Brockport ( Village ) developed this Identity Theft Prevention Program
CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY
CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY Policy Number: 2008-02 Date Adopted: October 27, 2008 Department: Administrative SUBJECT: IDENTITY THEFT PREVENTION PROGRAM I. OBJECTIVE: A. To protect
Oregon University System Identity Theft Prevention Program Effective May 1, 2009
Oregon University System Identity Theft Prevention Program Effective May 1, 2009 Page 2 I. PROGRAM ADOPTION The Oregon University System ( System ) developed this Identity Theft Prevention Program ("Program")
Texas A&M University Commerce. Identity Theft Prevention Program Effective beginning May 1, 2009
Texas A&M University Commerce Identity Theft Prevention Program Effective beginning May 1, 2009 1 I. PROGRAM ADOPTION Texas A&M University - Commerce ( University ) developed this Identity Theft Prevention
Identity Theft Prevention Policy
Eastern Kentucky University Policy and Regulation Library 6.#.#P Volume 6, Volume Title: Financial Affairs Chapter #, Chapter Title Section #, Name: Identity Theft Prevention Policy Approval Authority:
21.01.04.Z1.01 Guideline: Identity Theft Prevention Program
Texas A&M Health Science Center Guidelines 21.01.04.Z1.01 Guideline: Identity Theft Prevention Program Approved October 7, 2009 Reviewed February 26, 2015 Supplements System Regulation 21.01.04 Reason
Identity Theft Prevention Policy and Procedure
Identity Theft Prevention Policy and Procedure In accordance with the Fair and Accurate Credit Transactions Act of 2003 (FACTA), the college president shall be responsible for developing and maintaining
IDENTITY THEFT DETECTION POLICY
IDENTITY THEFT DETECTION POLICY Approved By: President s Cabinet Date of Last Revision: May 5, 2009 Responsible Office/Department: Business and Finance Policy Statement Grand Valley State University (GVSU)
Identity Theft Policy Created: June 10, 2009 Author: Financial Services and Information Technology Services Version: 1.0
Identity Theft Policy Created: June 10, 2009 Author: Financial Services and Information Technology Services Version: 1.0 Scope: The risk to Loyola University Chicago and its faculty, staff and students
IDENTITY THEFT PREVENTION PROGRAM
IDENTITY THEFT PREVENTION PROGRAM In compliance with Part 681 of Title 16 of the Code of Federal Regulations implementing Sections 114 of the Fair and Accurate Credit Transactions Act of 2003 ("FACTA"),
University of Arkansas at Monticello Identity Theft Prevention Program
University of Arkansas at Monticello Identity Theft Prevention Program Overview The University Of Arkansas System Board Of Trustees adopted an Identity Theft Prevention Program (ITP) in compliance with
Texas A&M International University Identity Theft Prevention Program
Texas A&M International University Identity Theft Prevention Program 1 I. PROGRAM ADOPTION Texas A&M International University ( University ) developed this Identity Theft Prevention Program ( Program )
Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements
Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements 1.0 Introduction In 2003, Congress enacted the Fair and Accurate Credit Transactions Act of 2003, 15 U.S.C. Section 1681,
MARSHALL UNIVERSITY BOARD OF GOVERNORS
MARSHALL UNIVERSITY BOARD OF GOVERNORS Policy No. FA-12 IDENTITY THEFT PREVENTION PROGRAM 1 General Information. 1.1 Scope: To identify, detect, and respond appropriately to any Red Flags that are detected
Covered Areas: Those EVMS departments that have activities with Covered Accounts.
I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with
UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM
Doc. T08-109 Passed by the BoT 12/11/08 UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM The Board recognizes that some activities of the University are subject to the provisions of the Fair
COUNCIL POLICY STATEMENT
COUNCIL POLICY STATEMENT Policy No. 44 General Subject: Finance Specific Subject: Identity Theft Policy and Prevention Program Date Approved: October 20, 2008 The following policy is to implement the requirements
31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY. WHEREAS, The Fair and Accurate Credit Transactions Act of 2003,
5/23/2011 31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY WHEREAS, The Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159, requires municipalities to promulgate
University of North Dakota. Identity Theft Prevention Program
University of North Dakota Identity Theft Prevention Program Effective beginning May 1, 2009 I. PROGRAM ADOPTION University of North Dakota ( University ) developed this Identity Theft Prevention Program
Number: 56.300. Index
Identity Theft Prevention Program Section: General Operations Title: Identity Theft Prevention Program Number: 56.300 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND
University of Alaska. Identity Theft Prevention Program
University of Alaska Identity Theft Prevention Program Effective beginning October 31, 2009 I. PROGRAM ADOPTION The University of Alaska ( University ) developed this Identity Theft Prevention Program
identity Theft Prevention and Identification Requirements For Utility
[Utility Name] Identity Theft Prevention Program Effective beginning, 2008 I. PROGRAM ADOPTION The [Utility Name] ("Utility") developed this Identity Theft Prevention Program ("Program") pursuant to the
University Policy: Identity Theft Prevention Policy
University Policy: Identity Theft Prevention Policy Policy Category: Ethics, Integrity and Legal Compliance Policies Subject: Detection, prevention and mitigation of identity theft Office Responsible for
University of St. Thomas. Identity Theft Prevention Program. (Red Flags Regulation Response)
University of St. Thomas Identity Theft Prevention Program (Red Flags Regulation Response) Revised: January 10, 2013 Program Adoption and Administration The University of St. Thomas ( University ) established
Policy: 208 Subject: Identity Theft Prevention Program Approved for Board Action: December 22, 2009 Dates Amended:
Policy: 208 Subject: Identity Theft Prevention Program Approved for Board Action: December 22, 2009 Dates Amended: I. PROGRAM ADOPTION Hawkeye REC ("REC") developed this Identity Theft Prevention Program
Florida Agricultural & Mechanical University Board of Trustees Policy
Florida Agricultural & Mechanical University Board of Trustees Policy Board of Trustees Policy Number: Date of Adoption: May 4, 2009 Date of Revision: June 6, 2013 Identity Theft Prevention Policy Subject
MOTLOW STATE COMMUNITY COLLEGE
Page 1 of 5 MOTLOW STATE COMMUNITY COLLEGE SUBJECT: FACTA Red Flag Rule and Identity Theft Prevention Program I. BACKGROUND In late 2007 the Federal Trade Commission (FTC) and Federal banking agencies
Chatsworth Water Works Commission. Identity Theft Prevention Program. Effective beginning December 1, 2008
Chatsworth Water Works Commission Identity Theft Prevention Program Effective beginning December 1, 2008 I. PROGRAM ADOPTION The Chatsworth Water Works Commission ("Utility") developed this Identity Theft
Identity Theft Prevention Program. Effective: November 1, 2009
Identity Theft Prevention Program Effective: November 1, 2009 I. BACKGROUND Galveston College ("College" / Institution ) developed this Identity Theft Prevention Program ("Program") pursuant to the Federal
NORTHEAST COMMUNITY COLLEGE ADMINISTRATIVE PROCEDURE NUMBER: AP-3250.0 FOR POLICY NUMBER: BP 3250 IDENITY THEFT PREVENTION PROGRAM PROCEDURES
NORTHEAST COMMUNITY COLLEGE ADMINISTRATIVE PROCEDURE NUMBER: AP-3250.0 FOR POLICY NUMBER: BP 3250 IDENITY THEFT PREVENTION PROGRAM PROCEDURES 1. PROCEDURE SUMMARY STATMENT The purpose of this procedure
Springfield Technical Community College Identity Theft Prevention Program
Springfield Technical Community College Identity Theft Prevention Program PROGRAM ADOPTION Springfield Technical Community College ( College ) developed this Identity Theft Prevention Program ( Program
IDENTITY THEFT PREVENTION PROGRAM
IDENTITY THEFT PREVENTION PROGRAM Concordia Board of Regents May 2009 A Resolution Adopting the Identity Theft Prevention Program WHEREAS, The Federal Trade Commission, under Part 681 of Title 16 in the
City of Hercules Hercules Municipal Utility Identity Theft Prevention Program
City of Hercules Hercules Municipal Utility Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate
II. F. Identity Theft Prevention
II. F. Identity Theft Prevention Effective Date: May 3, 2012 Revises Previous Effective Date: N/A, New Policy I. POLICY: This Identity Theft Prevention Policy is adopted in compliance with the Federal
USF System & Preventing Identity Fraud
POLICY USF System USF USFSP USFSM Number: 0-109 Subject: Identity Theft Program Procedures and Protocol Responsible Office: Business and Finance Date of Origin: 1-11-11 Date Last Amended: Date Last Reviewed:
CHAPTER 12 IDENTITY PROTECTION AND IDENTITY THEFT PREVENTION POLICIES
CHAPTER 12 IDENTITY PROTECTION AND IDENTITY THEFT PREVENTION POLICIES Section 1-12-1: Purpose 1-12-2: Definitions 1-12-3: Scope 1-12-4: Identity Protection Policy 1-12-5: Identity Theft Prevention Policy
IDENTITY THEFT AND MUNICIPAL UTILITIES
Minnesota Municipal Utilities Association IDENTITY THEFT AND MUNICIPAL UTILITIES Identity Theft and Red Flags Rule requirements The Red Flags Rule implements portions of the Fair and Accurate Credit Transactions
Identity Theft Policy
Identity Theft Policy Policy/Procedure Section 1: Background The risk to Dickinson College (the College ), its employees and students from data loss and identity theft is of significant concern to the
University Identity Theft and Detection Program (NEW) All Campuses and All Service Providers Subject to the Red Flags Rule
NUMBER: BUSF 4.12 SECTION: SUBJECT: Finance and Planning University Identity Theft and Detection Program (NEW) DATE: March 3, 2011 Policy for: Procedure for: Authorized by: Issued by: All Campuses and
IDENTITY THEFT PREVENTION PROGRAM
LEGAL REQUIREMENTS Section 114 of the Federal Trade Commission s Fair and Accurate Credit Transactions Act of 2003 created the Red Flags Rule. This regulation requires the College to have an Identity Theft
Approved by the Audit Committee of the Board of Trustees, effective February 3, 2009.
Red Flag Identity Theft Policy 1.) Policy and Program Rationale: Messiah College ( College ) has developed the Identity Theft Policy ( Policy) and Prevention Program ( Program ) pursuant to the Federal
Identity Theft Prevention Program. Approved by the Arizona Board of Regents on May 1, 2009
Identity Theft Prevention Program Approved by the Arizona Board of Regents on May 1, 2009 I. Purpose & Scope This Program was developed pursuant to the Federal Trade Commission s ( FTC ) Red Flag Rules
3344-19-01 Identity theft prevention program and red flag compliance policy.
3344-19-01 Identity theft prevention program and red flag compliance policy. (A) Program adoption Cleveland state university has developed this identity theft prevention program ( program ) pursuant to
City of Caro Identity Theft Prevention Policy
City of Caro Identity Theft Prevention Policy Purpose The purpose of this policy is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection
TITLE XVIII: IDENTITY THEFT PREVENTION PROGRAM
River Bend Identity Theft Program 1 TITLE XVIII: IDENTITY THEFT PREVENTION PROGRAM Chapter 18.01. IDENTITY THEFT PREVENTION PROGRAM 2 Identity Theft Prevention Program SECTION Chapter 18.01: IDENTITY THEFT
Florida International University. Identity Theft Prevention Program. Effective beginning August 1, 2009
Florida International University Identity Theft Prevention Program Effective beginning August 1, 2009 I. PROGRAM ADOPTION Florida International University developed this Identity Theft Prevention Program
Identity Theft Prevention Program
The University of North Carolina at Chapel Hill Identity Theft Prevention Program The Board of Trustees of The University of North Carolina at Chapel Hill (the University ) adopts this Identity Theft Prevention
CENTENARY COLLEGE POLICIES UNDER THE FAIR & ACCURATE CREDIT TRANSACTION ACT S RED FLAG RULES
(FACTA) April 30, 2009 Approved by: Audit Committee of the Board of Trustees CENTENARY COLLEGE POLICIES UNDER THE A RESOLUTION ADOPTING AN IDENTITY THEFT POLICE Centenary College ( College ) developed
University of Nebraska - Lincoln Identity Theft Prevention Program
I. Purpose & Scope This program was developed pursuant to the Federal Trade Commission s (FTC) Red Flag Rules promulgated pursuant to the Fair and Accurate Credit Transactions Act (the FACT Act). The University
Delta Township Compiled Policy Manual
Delta Township Compiled Policy Manual Title: Delta Township Identity Theft Policy Adoption Date: October 20, 2008 Revision Date: General Purpose: To establish an Identity Theft Prevention Program designed
RESOLUTION NO. 25706 A RESOLUTION ADOPTING THE "CITY OF CHATTANOOGA IDENTITY THEFT POLICY" ATTACHED HERETO AND MADE A PART HEREOF BY REFERENCE.
~. RESOLUTION NO. 25706 A RESOLUTION ADOPTING THE "CITY OF CHATTANOOGA IDENTITY THEFT POLICY" ATTACHED HERETO AND MADE A PART HEREOF BY REFERENCE. WHEREAS, The Fair and Accurate Credit Transactions Act
ELKHORN RURAL PUBLIC POWER DISTRICT POLICY #1230. Identity Theft Prevention Policy
ELKHORN RURAL PUBLIC POWER DISTRICT 1230-1 I. POLICY SUMMARY POLICY #1230 Identity Theft Prevention Policy It shall be the policy of Elkhorn Rural Public Power District ( District ) to take all reasonable
POLICY TITLE: IDENTITY THEFT PROTECTION POLICY
POLICY TITLE: IDENTITY THEFT PROTECTION POLICY I. Purpose The purpose of this policy is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection
University of Dayton Red Flag ID Theft Prevention Program
University of Dayton Red Flag ID Theft Prevention Program I. Program Adoption The University of Dayton developed this Identity Theft Prevention Program ("Program") pursuant to the Federal Trade Commission's
Administrative Procedure 5800 Prevention of Identity Theft in Student Financial Transactions
Reference: Fair and Accurate Credit Transactions Act, ( Pub. L. 108-159) The purpose of the Identity Theft Prevention Program (ITPP) is to control reasonably foreseeable risks to students from identity
Christopher Newport University Policy and Procedures
Policy: Red Flag Identity Theft Identification and Prevention Program Policy Number: 3030 Date of Current Revision: Executive Oversight: Executive Vice President Contact Office: Comptroller s Office Policy:
[Institution or GPLS Name] Red Flag Rules - Identity Theft/Fraud Prevention Program. Effective beginning, 2009
[Institution or GPLS Name] Red Flag Rules - Identity Theft/Fraud Prevention Program Effective beginning, 2009 I. PROGRAM ADOPTION The [Institution or GPLS Name] developed this Identity Theft Prevention
SIMMONS COLLEGE OFFICE OF THE GENERAL COUNSEL RED FLAG RULE POLICY. Background of the Federal Legislation Known as Red Flag Rule
SIMMONS COLLEGE OFFICE OF THE GENERAL COUNSEL RED FLAG RULE POLICY Background of the Federal Legislation Known as Red Flag Rule The Federal Trade Commission (FTC) has issued a regulation known as the Red
IDENTITY THEFT PREVENTION PROGRAM
IDENTITY THEFT PREVENTION PROGRAM I. PROGRAM PURPOSE AND DEFINITIONS A. Purpose The YOSKOVICH FUNERAL HOME ("Funeral Home") developed this Identity Theft Prevention Program ("Program") pursuant to the
CATAWBA COUNTY IDENTITY THEFT RED FLAGS POLICY
UI. PROGRAM ADOPTION CATAWBA COUNTY IDENTITY THEFT RED FLAGS POLICY Catawba County s Identity Theft Prevention Program ("Program") was developed to comply with the Federal Trade Commission's Red Flags
DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED:
DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED: I. Adoption of Identity Theft Prevention Program Doylestown Family Medicine, P.C.
Ouachita Baptist University. Identity Theft Policy and Program
Ouachita Baptist University Identity Theft Policy and Program Under the Federal Trade Commission s Red Flags Rule, Ouachita Baptist University is required to establish an Identity Theft Prevention Program
Red Flag Rules Information and Training
Red Flag Rules Information and Training What are Red Flag Rules? The Red Flag Rules: - Are enforced by the Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit
UNIVERSITY OF CALIFORNIA, MERCED Red Flag and Security Incident Reporting Policy
UNIVERSITY OF CALIFORNIA, MERCED Red Flag and Security Incident Reporting Policy RESPONSIBLE OFFICIAL : Executive Vice Chancellor/Provost RESPONSIBLE OFFICIAL : Business & Financial Services EFFECTIVE
Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation
Guidelines to FTC Red Flag Rule(reformatted) Appendix A to Part 681 Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation Section 681.2 of this part requires each financial institution
University System of New Hampshire. Identity Theft Prevention Program
University System of New Hampshire Identity Theft Prevention Program Approved by the USNH Board of Trustees on April 30, 2009 I. PROGRAM ADOPTION The University System of New Hampshire (USNH) developed
Deer Park Independent School District. Identity Theft Policy and Board of Trustees Resolution
Deer Park Independent School District Identity Theft Policy and Board of Trustees Resolution Deer Park, Texas ORDINANCE AND RESOLUTION A RESOLUTION ADOPTING AN IDENTITY THEFT POLICY WHEREAS, The Fair and
RESOLUTION TO ADOPT IDENTITY THEFT POLICY
RESOLUTION TO ADOPT IDENTITY THEFT POLICY WHEREAS, in late 2008 the Federal Trade Commission (FTC) and federal banking agencies issued a regulation known as the Red Flag Rule under sections 114 and 315
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE. University of Cincinnati Red Flags Rule Protecting Against Identity Fraud
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Cincinnati Red Flags Rule Protecting Against Identity Fraud Objectives Background What is the FTC Red Flags Rule? Why do we need
RANDOLPH COUNTY PUBLIC WORKS. Identity Theft Prevention Program. Adopted September 1, 2009 Effective beginning September 1, 2009
RANDOLPH COUNTY PUBLIC WORKS Identity Theft Prevention Program Adopted September 1, 2009 Effective beginning September 1, 2009 I. PROGRAM ADOPTION The Randolph County Public Works Department ( the Department
City of Watauga Utility Billing Department Identity Theft Prevention Program. Effective beginning November 1, 2008
City of Watauga Utility Billing Department Identity Theft Prevention Program Effective beginning November 1, 2008 A. PROGRAM ADOPTION The City of Watauga Utility Billing Department ("Utility") developed