Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
|
|
- Christal Harrell
- 8 years ago
- Views:
Transcription
1 Index Section 5.1 Purpose Section 5.2 Definitions Section 5.3 Validation Information Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts... 5 Section 5.6 General Security Guidelines... 5 Section 5.7 Administrative Procedures....6 Section 5.8 Examples of Red Flags.7 Section 5.9 Appendix A Other Security Procedures
2 Section 5.1 Purpose: These procedures are implemented pursuant to Lowell Light & Power s policy to establish and maintain an Identify Theft Prevention Program consistent with the Federal regulations and guidelines for the Fair and Accurate Credit Transaction Act of 2003 (FACT Act). These procedures are designed to supplement existing procedures for transactions involving customer accounts and are not intended to replace them. However, these procedures supersede any other LLP procedures wherever a conflict may exist involving the proper handling and safeguarding of customers personal identification information. The purpose of these procedures is to establish an Identity Theft Prevention Program to detect, prevent, and mitigate identity theft. These procedures are reasonably expected to: A. Identify relevant Red Flags and incorporate them into the Program; B. Detect those Red Flags that have been incorporated into the Program; C. Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft; and D. Ensure the Program is updated periodically to address changing risks. Section 5.2 Definitions Identity Theft: Red Flag: Section 5.3 Fraud that is committed using identifying information of another person. Means a pattern, practice or specific activity that indicates the possible existence of identity theft. It is important that Red Flags be treated as indicators of possible identity theft and not de facto evidence of identity theft. Validation Information The successful implementation of the Identity Theft Prevention Program depends upon the proper training of all employees with access to customers personal identification information. Personal identification information that thieves attempt to steal includes, but is not limited to: A. Full Name B. Phone Number C. Date of Birth (DOB) D. Social Security Number E. Address F. Photo ID, such as Driver s License or other Government Issued ID, including Passports. G. Tax ID Number (TIN) H. Credit Card Number I. Personal Identification Number (PIN) J. Bank Account Number K. Utility Account Number 5-2
3 Careful validation of identity in the process of opening an account is an effective tool in deterring identity theft. It is also important to be vigilant whenever executing transactions on existing accounts. To assist in validating Personal Identification Information LLP will use the services of a Consumer Reporting Agency (CRA), Utility Exchange. Employees should not confront any individual suspected of committing identity theft. It is our duty to report to the police any suspected patterns of identity theft. It is the duty of the police to conduct the investigations. Section 5.4 Procedures for Opening New Accounts In Person: A. Obtain sufficient personal identification information to allow you to form a reasonable belief that the customer is who they claim to be, including: a. Full name b. Date of Birth (DOB) c. Address d. Phone Number e. Social Security Number (SSN) f. United States Government or State Government issued photo ID, such as a State of Michigan issued driver s license, military ID or passport. Note: Driver s licenses or other photo IDs (except for passports) issued by a foreign government are not acceptable. g. Copy of a Mortgage or Lease Agreement h. Previous Address B. If you take a SSN, then you must validate that information by contacting the CRA (Credit Reporting Agency) before you accept it as proof. SSNs are a preferred form of identification but are not required unless applying by phone. If the customer prefers not to give their SSN, then they must present acceptable photo ID in person. C. Obtain personal identification information in writing from the customer, record the information on the Electric Application and immediately place the Electric Application in the safe, cash drawer, or LLP designated file drawer for safe keeping. D. Check for Red Flags (see attached examples of Red Flags). If a Red Flag is detected follow the prescribed Next Step in the Red Flag check list. If you are unsure of the next step, consult with your supervisor before processing the request for a new account. Red Flags must be resolved before a new account can be established. If necessary, you should contact the CRA to verify the customer s identity. 5-3
4 E. Avoid taking personal identification information verbally when other customers can overhear the conversation. Have the customer write it down on the application or have the customer present a hard copy of the requested information. Insure that no other customers or non-qualified employees can see the remittance processing or the P.C. monitor at any time. F. Insure that there is no written personal identification information left in view of other customers or non-qualified employees. Any notations on paper, other than the Electric Application, regarding the customer must immediately be shredded. Personal identification information is confidential and should be safeguarded at all times. By Telephone, FAX or Online: A. Obtain sufficient personal identification information to allow you to form a reasonable belief that the person is who they claim to be, including but, not limited to: a. Full Name b. Phone Number c. Date of Birth (DOB) d. Social Security Number (SSN) or Tax ID Number (TIN) e. Address f. Photo ID, such as United States Government or State Government issued photo ID, such as a State of Michigan issued driver s license, military ID, or passport. g. Previous address that matches the CRA data. h. The customer needs to come into the office to sign the Electric Application and have the personal identification information verified. B. Applications for new accounts not made in person must include a SSN/TIN. Before you accept the SSN/TIN as proof of identity you must validate that information by contacting the CRA. C. Check for Red Flags (see attached Examples of Red Flags). If a Red Flag is detected follow the prescribed Next Step in the Red Flag check list. If you are unsure of the Next Step, consult with your supervisor before processing the request for a new account. Red Flags must be resolved before a new account can be established. If necessary, you should contact the CRA to verify the customer s identity. D. FAX machines that receive personal identification information from the customer must be located in a secure area and the transmission must be collected several times an hour. The documents must be safeguarded in a secure place until they can be properly destroyed pursuant to the LLP Records Retention Schedule and Disposal Schedule (Section 6-Accounting). 5-4
5 Section 5.5 Procedures for Existing Accounts: A. Watch for Red Flags whenever executing transactions on customer accounts. B. Do not share account information with anyone other than the account holder without the account holder s permission and never provide a caller or non-llp employee with any personal identification information. C. A change of mailing address requires the same level of authentication as opening a new account. Customers must provide personal identification to establish a billing address different than the customer s service/account address. D. Safeguard all credit card information at all times. These documents should be stored in a secure location until they can be properly destroyed consistent with the Records Retention and Disposal Schedule. Note: LLP shall comply with Payment Card Industry (PCI) Data Security Standards. E. You must authenticate customer s identification before transacting business with them by telephone. They must give you personal identification information. Section 5.6 General Security Guidelines A. All employees with access to customers personal identification information are required to complete the Identity Theft Prevention Program training and complete an annual update. B. Safeguard our customers personal identification information like it was your own. C. Whenever a work station area is left unattended all personal identification information should be secured out of sight. D. Secure your work station area. Log off your computer whenever leaving your work station area. E. Follow proper user ID and password protocol whenever leaving your work station area. F. Do not leave customer s personal identification information on your computer screen or paper documents longer than necessary to execute transactions. G. Avoid including anyone s SSN in any s or written communications. If a SSN is included in an electronic or paper document that document becomes confidential and must be handled accordingly. H. Trash containers located in the lobby area near the customer counter where customers write down personal identification information should be secured at all times. The contents should be treated as confidential and shredded. 5-5
6 I. Suspicious behavior in the lobby/customer area should be reported to a supervisor: a. Eavesdropping on other customers transacting business at the customer counter. b. Searching through the trash container in the lobby. J. All documents containing personal identification information must be stored in a secure location until they can be properly destroyed. The destruction of such material shall be documented. K. Computer printouts containing personal identification information must be safeguarded at all times. There must be an unbroken chain of custody for the documents from the time they are created until they are properly filed in a safe place or destroyed. L. LLP shall comply with Payment Card Industry (PCI) Data Security Standards. M. LLP Information Technology Resource Center (Daffron and Associates) shall adhere to appropriate industry standards for security protocol when protecting our customers personal identification information (see attached, Appendix A-Other Security Procedures). N. LLP employee s personal identification information shall be held to the same security standards as our customers information. O. All new hires that will have access to personal identification information will be screened and receive the appropriate Identity Theft Prevention Program Training. Section 5.7 Administrative Procedures: A. Develop and implement reasonable policies and procedures for an Identity Theft Prevention Program that complies with federal guidelines implementing the FACT Act. B. Insure all supervisors and employees receive the necessary training to effectively implement the Program. C. Receive reports of Red Flags that require mitigation. D. Conduct periodic risk assessments of the Program E. Periodically review and update the Program procedures. F. Insure continued compliance with the FACT Act. G. Prepare annual reports for the Privacy Officer to present to the General Manager and the Board 5-6
7 Red Flags Identification Examples of Red Flags The Lowell Light & Power identifies the following Red Flags to detect potential fraud. These are not intended to be all-inclusive and other suspicious activity may be investigated as necessary. Notifications and Warnings from Credit Reporting Agencies Report of fraud accompanying a credit report; Notice or report from a credit agency of a credit freeze on a customer or applicant; Identification document or card that appears to be forged, altered or not authentic; Identification document or card on which a person s photograph or physical description is not consistent with the person presenting the document; Other document with information that is not consistent with existing customer information (such as if a person s signature on a check appears forged); Application for service that appears to have been altered or forged. Suspicious Personal Identifying Information Identifying information presented that is inconsistent with other information the customer provides (example: inconsistent birth dates); Identifying information presented that is inconsistent with other sources of information (for instance, an address not matching an address on a credit report); Identifying information presented that is consistent with fraudulent activity (such as an invalid phone number or fictitious billing address); Social security number presented that is the same as one given by another customer; A person fails to provide complete personal identifying information on an application when reminded to do so; A person s identifying information is not consistent with the information that is on file for the customer. 5-7
8 Suspicious Account Activity or Unusual Use of Account Payments stop on an otherwise consistently up-to-date account; Account used in a way that is not consistent with prior use (example: very high activity); Mail sent to the account holder is repeatedly returned as undeliverable; Notice to the Utility that a customer is not receiving mail sent by the Utility; Notice to the Utility that an account has unauthorized activity; Breach in the Utility's computer system security; Unauthorized access to or use of customer account information. Alerts from Others Notice to the Utility from a customer, identity theft victim, law enforcement or other person that it has opened or is maintaining a fraudulent account for a person engaged in Identity Theft. Next Step, New Account: Request additional ID or refuse to open an account. Do not open an account and/or ask applicant to return with better ID (note this on application). Request a verifiable address when bills are requested to be mailed somewhere other than to the service address. Next Step, Existing Account: Close account; discontinue service. Visit or send mailing to new occupant informing need to open a new account. Demand payment from proper party using service. Notify customer of record of unusual usage pattern on alternate residence or other suspicious activity. 5-8
9 Appendix A Other Security Procedures The following are not part of or required by the Federal Trade Commission s Identity Theft Red Flags Rule. The following is a list of other security procedures used to protect consumer information and to prevent unauthorized access. 1. Paper documents, files, and electronic media containing secure information will be stored in locked file cabinets 2. Only specially identified employees with a legitimate need will have keys to the room and cabinet. 3. Files containing personally identifiable information are kept in locked file cabinets except when an employee is working on the file. 4. Employees are not to leave sensitive papers out on their desks when they are away from their workstations. 5. Employees should store files when leaving their work areas. 6. Employees log off their computers when leaving their work areas. 5-9
10 7. Employees lock file cabinets when leaving their work areas. 8. Access to offsite storage facilities is limited to employees with a legitimate business need. 9. Any sensitive information shipped using outside carriers or contractors will be encrypted. 10. Any sensitive information shipped will be shipped using a shipping service that allows tracking of the delivery of this information. 11. Visitors who must enter areas where sensitive files are kept must be escorted by an employee of the utility. 12. No visitor will be given any entry codes or allowed unescorted access to the office. 13. Computer passwords will be required. 14. Access to sensitive information will be controlled using strong passwords. Employees will choose passwords with a mix of letters, numbers, and characters. User names and passwords will be different. 15. User names and passwords will be different. 16. Passwords will be changed at least monthly. 17. Passwords will not be shared or posted near workstations. 18. Password-activated screen savers will be used to lock employee computers after a period of inactivity. 19. When installing new software, immediately change vendor-supplied default passwords to a more secure strong password. 20. Sensitive information that is sent to third parties over public networks will be encrypted. 21. Sensitive information that is stored on computer network or portable storage devices used by your employees will be encrypted transmissions within your business will be encrypted if they contain personally identifying information. 5-10
11 23. Anti-virus and anti-spyware Policies will be run on individual computers and on servers daily. 24. When sensitive data is received or transmitted, secure connections will be used. 25. The use of laptops is restricted to those employees who need them to perform their jobs. 26. Laptops are stored in a secure place. If a laptop must be left in a vehicle, it is locked in a trunk. 27. Laptop users will not store sensitive information on their laptops. 28. Laptops which contain sensitive data will be encrypted. 29. Employees must never leave a laptop visible in a car, at a hotel luggage stand, or packed in checked luggage. 30. The computer network will have a firewall where your network connects to the Internet. 31. Any wireless network in use is secured. 32. Maintain central log files of security-related information to monitor activity on your network. 33. Monitor incoming and outgoing traffic for signs of a data breach. 34. Implement a breach response plan; see item number Check references or do background checks before hiring employees who will have access to sensitive data. 36. New employees sign an agreement to follow your company s confidentiality and security standards for handling sensitive data. 37. Access to customer s personal identify information is limited to employees with a need to know. 38. Procedures exist for making sure that workers who leave your employ or transfer to another part of the company no longer have access to sensitive information. 39. Implement a regular schedule of employee training. 5-11
12 40. Employees will be alert to attempts at phone phishing. 41. Employees are required to notify the general manager immediately if there is a potential security breach, such as a lost or stolen laptop. 42. Service providers notify you of any security incidents they experience, even if the incidents may not have led to an actual compromise of our data. 43. Paper records will be shredded before being placed into the trash. 44. Paper shredders will be available in the office, and at the home of any employee doing work at home. 45. Any data storage media will be disposed of by shredding, punching holes in, or by incinerating. 46. Employees who violate security policy are subject to discipline, up to and including discharge. 5-12
Identity Theft Prevention Program Compliance Model
September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All
More informationAUBURN WATER SYSTEM. Identity Theft Prevention Program. Effective October 20, 2008
AUBURN WATER SYSTEM Identity Theft Prevention Program Effective October 20, 2008 I. PROGRAM ADOPTION Auburn Water System developed this Identity Theft Prevention Program ("Program") pursuant to the Federal
More informationDRAFT National Rural Water Association Identity Theft Program Model September 22, 2008
DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008 This model has been designed to help water and wastewater utilities comply with the Federal Trade Commission s (FTC)
More informationCounty Identity Theft Prevention Program
INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such
More informationTravis County Water Control & Improvement District No. 17. Identity Theft Prevention Program. Effective beginning November 20, 2008
Travis County Water Control & Improvement District No. 17 Identity Theft Prevention Program Effective beginning November 20, 2008 I. PROGRAM ADOPTION The Travis County Water Control and Improvement District
More informationCITY OF ANDREWS IDENTITY THEFT PREVENTION PROGRAM
CITY OF ANDREWS IDENTITY THEFT PREVENTION PROGRAM Approved: February 26, 2010 Reviewed: March 18, 2015 I. PROGRAM ADOPTION The City of Andrews ( Utility ) developed this Identity Theft Prevention ( Program
More informationCITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY
CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY Policy Number: 2008-02 Date Adopted: October 27, 2008 Department: Administrative SUBJECT: IDENTITY THEFT PREVENTION PROGRAM I. OBJECTIVE: A. To protect
More informationThe University of North Carolina at Charlotte Identity Theft Prevention Program
The University of North Carolina at Charlotte Identity Theft Prevention Program Program Adoption As a best practice and using as a guide the Federal Trade Commission s ( FTC ) Red Flags Rule ( Rule ),
More informationIdentity Theft Prevention Program
Identity Theft Prevention Program I. PROGRAM PURPOSE AND DEFINITIONS The purpose of this Identity Theft Prevention Program ( Program ) is to detect, prevent and mitigate identity theft in connection with
More informationFacts About the South Dakota Identity Theft Program
South Dakota Association of Rural Water Systems Identity Theft Prevention Program Compliance Model All utilities are required to comply with this regulation. The Red Flag Rule requires any entity where
More informationTHE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM
Program Adoption THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM As a best practice and using as a guide the Federal Trade Commission s ( FTC ) Red Flags Rule, implementing
More informationCOUNCIL POLICY NO. C-13
COUNCIL POLICY NO. C-13 TITLE: POLICY: Identity Theft Prevention Program See attachment. REFERENCE: Salem City Council Finance Committee Report dated November 7, 2011, Agenda Item No. 3 (a) Supplants Administrative
More informationIDENTITY THEFT PREVENTION
IDENTITY THEFT PREVENTION Policy Title: Identity Theft Prevention Program Policy Type: Administrative Policy Number: #41-07 (2014) Approval Date: 05/12/2015 Responsible Office: University Controller Responsible
More informationCovered Areas: Those EVMS departments that have activities with Covered Accounts.
I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with
More informationIdentity Theft Prevention Program. Effective: November 1, 2009
Identity Theft Prevention Program Effective: November 1, 2009 I. BACKGROUND Galveston College ("College" / Institution ) developed this Identity Theft Prevention Program ("Program") pursuant to the Federal
More informationState Of Florida's Real Estate Law
Office of the President University Policy SUBJECT: IDENTITY THEFT PREVENTION PROGRAM Effective Date: 6-17-09 Policy Number: 5.6 Supersedes: Page Of New 1 7 Responsible Authority: Senior Vice President,
More information01.230 IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS)
01.230 IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS) Authority: Board of Trustees History: Effective May 1, 2009 (approved initially April 24, 2009) Source of Authority: Related Links: Responsible Office:
More informationidentity Theft Prevention and Identification Requirements For Utility
[Utility Name] Identity Theft Prevention Program Effective beginning, 2008 I. PROGRAM ADOPTION The [Utility Name] ("Utility") developed this Identity Theft Prevention Program ("Program") pursuant to the
More informationPolicy: 208 Subject: Identity Theft Prevention Program Approved for Board Action: December 22, 2009 Dates Amended:
Policy: 208 Subject: Identity Theft Prevention Program Approved for Board Action: December 22, 2009 Dates Amended: I. PROGRAM ADOPTION Hawkeye REC ("REC") developed this Identity Theft Prevention Program
More informationTITLE XVIII: IDENTITY THEFT PREVENTION PROGRAM
River Bend Identity Theft Program 1 TITLE XVIII: IDENTITY THEFT PREVENTION PROGRAM Chapter 18.01. IDENTITY THEFT PREVENTION PROGRAM 2 Identity Theft Prevention Program SECTION Chapter 18.01: IDENTITY THEFT
More informationIdentity Theft Prevention Program
Identity Theft Prevention Program DATE: 10/22/2015 VERSION 2015-1.0 Abstract Purpose of this document is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity
More informationCity of Hercules Hercules Municipal Utility Identity Theft Prevention Program
City of Hercules Hercules Municipal Utility Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate
More informationIDENTITY THEFT PREVENTION (Red Flag) POLICY
IDENTITY THEFT PREVENTION (Red Flag) POLICY The risk to the College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only through
More informationVillage of Brockport Identity Theft Prevention Program Effective December 1, 2009 Confirmed 7/21/14
Village of Brockport Identity Theft Prevention Program Effective December 1, 2009 Confirmed 7/21/14 I. PROGRAM ADOPTION The Village of Brockport ( Village ) developed this Identity Theft Prevention Program
More informationCentral Oregon Community College. Identity Theft Prevention Program
Central Oregon Community College Identity Theft Prevention Program Effective beginning May 1, 2009 I. PROGRAM ADOPTION This program has been created to put COCC in compliance with Section 41.90 under the
More information3344-19-01 Identity theft prevention program and red flag compliance policy.
3344-19-01 Identity theft prevention program and red flag compliance policy. (A) Program adoption Cleveland state university has developed this identity theft prevention program ( program ) pursuant to
More informationUniversity of Arkansas at Monticello Identity Theft Prevention Program
University of Arkansas at Monticello Identity Theft Prevention Program Overview The University Of Arkansas System Board Of Trustees adopted an Identity Theft Prevention Program (ITP) in compliance with
More informationUNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM
Doc. T08-109 Passed by the BoT 12/11/08 UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM The Board recognizes that some activities of the University are subject to the provisions of the Fair
More informationPROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs
PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs The Identity Theft and Fraud Protection Act (Act No. 190) allows for the collection, use
More informationIdentity Theft Prevention Program
Smyth County Policy Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in
More informationGreen University. Identity Theft Prevention Program. Effective beginning October 31, 2008
Green University Identity Theft Prevention Program Effective beginning October 31, 2008 1 I. PROGRAM ADOPTION Green University ( University ) developed this Identity Theft Prevention Program ("Program")
More informationIDENTITY THEFT PREVENTION PROGRAM
IDENTITY THEFT PREVENTION PROGRAM I. PROGRAM PURPOSE AND DEFINITIONS A. Purpose The YOSKOVICH FUNERAL HOME ("Funeral Home") developed this Identity Theft Prevention Program ("Program") pursuant to the
More informationDetecting, Preventing, and Mitigating Identity Theft
THE RED FLAGS RULE Detecting, Preventing, and Mitigating Identity Theft Training for Ball State University s Identity Theft Protection Program What is the Red Flag Rule? Congress passed the Fair and Accurate
More informationIdentity theft. A fraud committed or attempted using the identifying information of another person without authority.
SUBJECT: Effective Date: Policy Number: Identity Theft Prevention 08-24-11 2-105.1 Supersedes: Page Of 2-105 1 8 Responsible Authority: Vice President and General Counsel DATE OF INITIAL ADOPTION AND EFFECTIVE
More informationRed Flag Rules Information and Training
Red Flag Rules Information and Training What are Red Flag Rules? The Red Flag Rules: - Are enforced by the Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit
More informationII. F. Identity Theft Prevention
II. F. Identity Theft Prevention Effective Date: May 3, 2012 Revises Previous Effective Date: N/A, New Policy I. POLICY: This Identity Theft Prevention Policy is adopted in compliance with the Federal
More informationFlorida International University. Identity Theft Prevention Program. Effective beginning August 1, 2009
Florida International University Identity Theft Prevention Program Effective beginning August 1, 2009 I. PROGRAM ADOPTION Florida International University developed this Identity Theft Prevention Program
More informationASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010
ASCINSURE SPECIALTY RISK PRIVACY/SECURITY PLAN July 15, 2010 OBJECTIVE This Security Plan (the Plan ) is intended to create effective administrative, technical and physical safeguards for the protection
More information[Institution or GPLS Name] Red Flag Rules - Identity Theft/Fraud Prevention Program. Effective beginning, 2009
[Institution or GPLS Name] Red Flag Rules - Identity Theft/Fraud Prevention Program Effective beginning, 2009 I. PROGRAM ADOPTION The [Institution or GPLS Name] developed this Identity Theft Prevention
More informationThe Florida A&M University. Identity Theft Prevention Program. Effective May 1, 2009
The Florida A&M University Identity Theft Prevention Program Effective May 1, 2009 I. PROGRAM ADOPTION This Identity Theft Prevention Program ("Program") is established pursuant to the Federal Trade Commission's
More informationPROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT
Office of Employee Benefits Administrative Manual PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT 150 EFFECTIVE DATE: AUGUST 1, 2009 REVISION DATE: PURPOSE: Ensure that the Office of Employee Benefits
More informationChatsworth Water Works Commission. Identity Theft Prevention Program. Effective beginning December 1, 2008
Chatsworth Water Works Commission Identity Theft Prevention Program Effective beginning December 1, 2008 I. PROGRAM ADOPTION The Chatsworth Water Works Commission ("Utility") developed this Identity Theft
More informationOuachita Baptist University. Identity Theft Policy and Program
Ouachita Baptist University Identity Theft Policy and Program Under the Federal Trade Commission s Red Flags Rule, Ouachita Baptist University is required to establish an Identity Theft Prevention Program
More informationBOWLING GREEN of#<~ City of Bowling Gree~;? Administrative Instruction No. 20
SECTION 1: BACKGROUND THE CITY OF BOWLING GREEN of#
More informationWake Forest University. Identity Theft Prevention Program. Effective May 1, 2009
Wake Forest University Identity Theft Prevention Program Effective May 1, 2009 I. GENERAL It is the policy of Wake Forest University ( University ) to comply with the Federal Trade Commission's ( FTC )
More informationAdministrative Procedure 5800 Prevention of Identity Theft in Student Financial Transactions
Reference: Fair and Accurate Credit Transactions Act, ( Pub. L. 108-159) The purpose of the Identity Theft Prevention Program (ITPP) is to control reasonably foreseeable risks to students from identity
More informationIdentity Theft Prevention Program Derived from the FTC Red Flags Rule requirements
Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements 1.0 Introduction In 2003, Congress enacted the Fair and Accurate Credit Transactions Act of 2003, 15 U.S.C. Section 1681,
More informationUniversity of North Dakota. Identity Theft Prevention Program
University of North Dakota Identity Theft Prevention Program Effective beginning May 1, 2009 I. PROGRAM ADOPTION University of North Dakota ( University ) developed this Identity Theft Prevention Program
More informationMCPHS IDENTITY THEFT POLICY
SECTION 1: BACKGROUND MCPHS IDENTITY THEFT POLICY The risk to the College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only
More informationTexas A&M University Commerce. Identity Theft Prevention Program Effective beginning May 1, 2009
Texas A&M University Commerce Identity Theft Prevention Program Effective beginning May 1, 2009 1 I. PROGRAM ADOPTION Texas A&M University - Commerce ( University ) developed this Identity Theft Prevention
More informationIDENTITY THEFT AND MUNICIPAL UTILITIES
Minnesota Municipal Utilities Association IDENTITY THEFT AND MUNICIPAL UTILITIES Identity Theft and Red Flags Rule requirements The Red Flags Rule implements portions of the Fair and Accurate Credit Transactions
More informationSOUTH TEXAS COLLEGE. Identity Theft Prevention Program and Guidelines. FTC Red Flags Rule
SOUTH TEXAS COLLEGE Identity Theft Prevention Program and Guidelines FTC Red Flags Rule Issued June 24, 2009 Table of Contents Section Section Description Page # 1 Section 1: Program Background and Purpose
More informationI. Purpose. Definition. a. Identity Theft - a fraud committed or attempted using the identifying information of another person without authority.
Procedure 3.6: Rule (Identity Theft Prevention) Volume 3: Office of Business & Finance Managing Office: Office of Business & Finance Effective Date: December 2, 2014 I. Purpose In 2007, the Federal Trade
More information21.01.04.Z1.01 Guideline: Identity Theft Prevention Program
Texas A&M Health Science Center Guidelines 21.01.04.Z1.01 Guideline: Identity Theft Prevention Program Approved October 7, 2009 Reviewed February 26, 2015 Supplements System Regulation 21.01.04 Reason
More information31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY. WHEREAS, The Fair and Accurate Credit Transactions Act of 2003,
5/23/2011 31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY WHEREAS, The Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159, requires municipalities to promulgate
More informationDelta Township Compiled Policy Manual
Delta Township Compiled Policy Manual Title: Delta Township Identity Theft Policy Adoption Date: October 20, 2008 Revision Date: General Purpose: To establish an Identity Theft Prevention Program designed
More informationMARSHALL UNIVERSITY BOARD OF GOVERNORS
MARSHALL UNIVERSITY BOARD OF GOVERNORS Policy No. FA-12 IDENTITY THEFT PREVENTION PROGRAM 1 General Information. 1.1 Scope: To identify, detect, and respond appropriately to any Red Flags that are detected
More informationUniversity System of New Hampshire. Identity Theft Prevention Program
University System of New Hampshire Identity Theft Prevention Program Approved by the USNH Board of Trustees on April 30, 2009 I. PROGRAM ADOPTION The University System of New Hampshire (USNH) developed
More informationIdentity Theft Prevention Program
The University of North Carolina at Chapel Hill Identity Theft Prevention Program The Board of Trustees of The University of North Carolina at Chapel Hill (the University ) adopts this Identity Theft Prevention
More informationCATAWBA COUNTY IDENTITY THEFT RED FLAGS POLICY
UI. PROGRAM ADOPTION CATAWBA COUNTY IDENTITY THEFT RED FLAGS POLICY Catawba County s Identity Theft Prevention Program ("Program") was developed to comply with the Federal Trade Commission's Red Flags
More informationThese rules became effective August 1, 2009, and require certain agencies to implement an identity theft program and policy.
Red Flag Policy Protecting your privacy is of paramount importance at Missouri Southern State University, and we are dedicated to the responsible handling of your personal information. We are very committed
More informationpolicy All terms used in this policy that are defined in 16 C.F.R. 681.2 shall have the same meaning provided in that section.
Name of Policy: Identity theft detection, prevention, and mitigation. Policy Number: 3364-15-12 Approving Officer: President Responsible Agent: Compliance Officer Scope: All University of Toledo Campuses
More informationNEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES)
NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES) Section 1. NSHE... 2 Section 2. UNR... 4 Section 3. WNC... 9 Chapter 13,
More informationIdentification of Red Flags, Detecting Red Flags, and Preventing and Mitigating Identity Theft
George Mason University Identity Theft Prevention Program - Procedures Revised September 30, 2012 Identification of, ing, and Preventing and Mitigating Identity Theft IDENTIFICATION OF COVERED ACCOUNT
More informationTHE LUTHERAN UNIVERSITY ASSOCIATION, INC. d/b/a Valparaiso University IDENTITY THEFT PREVENTION PROGRAM
THE LUTHERAN UNIVERSITY ASSOCIATION, INC. d/b/a Valparaiso University IDENTITY THEFT PREVENTION PROGRAM SECTION 1: BACKGROUND The risk to Valparaiso University ("University"), its employees, students (in
More informationST. CLOUD STATE UNIVERSITY IDENTITY THEFT PREVENTION PROGRAM Effective November 1, 2009
TABLE OF CONTENTS BACKGROUND:... 2 PURPOSE:... 2 DEFINITIONS:... 2 GUIDELINES:... 3 1. Identify theft... 3 2. Changing Account Data... 3 3. Pretext Calling... 3 4. Receiving Telephone Calls:... 4 5. Receiving
More informationIDENTITY THEFT DETECTION POLICY
IDENTITY THEFT DETECTION POLICY Approved By: President s Cabinet Date of Last Revision: May 5, 2009 Responsible Office/Department: Business and Finance Policy Statement Grand Valley State University (GVSU)
More informationRed Flag Identity Theft Financial Policy 1.10
Issued: 05/16/2014 Revised: Policy and College ( Seminary ) developed this Identity Theft Prevention Program ("Program") pursuant to the Federal Trade Commission's ( FTC ) Red Flags Rule, which implements
More informationIDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009
IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009 Table of Contents Introduction to the Training Module.. i I. Introduction. 1 II. Definitions. 3 III. Recognizing Identity Theft.. 6 IV. Identifying
More informationFlorida Agricultural & Mechanical University Board of Trustees Policy
Florida Agricultural & Mechanical University Board of Trustees Policy Board of Trustees Policy Number: Date of Adoption: May 4, 2009 Date of Revision: June 6, 2013 Identity Theft Prevention Policy Subject
More informationChristopher Newport University Policy and Procedures
Policy: Red Flag Identity Theft Identification and Prevention Program Policy Number: 3030 Date of Current Revision: Executive Oversight: Executive Vice President Contact Office: Comptroller s Office Policy:
More informationUniversity of Alaska. Identity Theft Prevention Program
University of Alaska Identity Theft Prevention Program Effective beginning October 31, 2009 I. PROGRAM ADOPTION The University of Alaska ( University ) developed this Identity Theft Prevention Program
More informationA Guide to Benedictine College and Identity Theft
IDENTITY THEFT PREVENTION PROGRAM The risk to Benedictine College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only through
More informationOregon University System Identity Theft Prevention Program Effective May 1, 2009
Oregon University System Identity Theft Prevention Program Effective May 1, 2009 Page 2 I. PROGRAM ADOPTION The Oregon University System ( System ) developed this Identity Theft Prevention Program ("Program")
More informationFerris State University
Ferris State University BUSINESS POLICY TO: All Members of the University Community 2009:08 DATE: May 2009 I. BACKGROUND IDENTITY THEFT PREVENTION PROGRAM The risk to the University, and its students,
More informationIdentity Theft Prevention Policy and Procedure
Identity Theft Prevention Policy and Procedure In accordance with the Fair and Accurate Credit Transactions Act of 2003 (FACTA), the college president shall be responsible for developing and maintaining
More informationWholesale Broker Red Flag/Identity Theft Prevention Program Certification
Wholesale Broker Red Flag/Identity Theft Prevention Program Certification Federal regulations require that all financial institutions and their affiliates create an identity theft prevention program in
More informationUniversity of Nebraska - Lincoln Identity Theft Prevention Program
I. Purpose & Scope This program was developed pursuant to the Federal Trade Commission s (FTC) Red Flag Rules promulgated pursuant to the Fair and Accurate Credit Transactions Act (the FACT Act). The University
More informationFacts About FACTA Red Flag Identity Theft Prevention Program
FACTA Red Flag Identity Theft Prevention Program FACTA Red Flag Policy Program, page 1 of 6 Contents Overview 3 Definition of Terms 3 Covered Accounts..3 List of Red Flags 3 Suspicious Documents...4 Suspicious
More informationModel Identity Theft Policy and Adopting Resolution
Model Identity Theft Policy and Adopting Resolution, Tennessee RESOLUTION NO. A RESOLUTION ADOPTING AN IDENTITY THEFT POLICY WHEREAS, The Fair and Accurate Credit Transactions Act of 2003, an amendment
More informationDOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED:
DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED: I. Adoption of Identity Theft Prevention Program Doylestown Family Medicine, P.C.
More informationTexas A&M International University Identity Theft Prevention Program
Texas A&M International University Identity Theft Prevention Program 1 I. PROGRAM ADOPTION Texas A&M International University ( University ) developed this Identity Theft Prevention Program ( Program )
More informationIDENTITY THEFT PREVENTION PROGRAM
IDENTITY THEFT PREVENTION PROGRAM Implemented October 2009 Page 1 Table of Contents Background... 3 Purpose... 3 Definitions... 3 Pretext Calling... 4 Receiving Telephone Calls... 5 Change of Address...
More informationRANDOLPH COUNTY PUBLIC WORKS. Identity Theft Prevention Program. Adopted September 1, 2009 Effective beginning September 1, 2009
RANDOLPH COUNTY PUBLIC WORKS Identity Theft Prevention Program Adopted September 1, 2009 Effective beginning September 1, 2009 I. PROGRAM ADOPTION The Randolph County Public Works Department ( the Department
More informationIdentity Theft Prevention Program. Approved by the Arizona Board of Regents on May 1, 2009
Identity Theft Prevention Program Approved by the Arizona Board of Regents on May 1, 2009 I. Purpose & Scope This Program was developed pursuant to the Federal Trade Commission s ( FTC ) Red Flag Rules
More informationNumber: 56.300. Index
Identity Theft Prevention Program Section: General Operations Title: Identity Theft Prevention Program Number: 56.300 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND
More informationUniversity of Tennessee's Identity Theft Prevention Program
IDENTITY THEFT PREVENTION PROGRAM 1. BACKGROUND The University of Tennessee (UT) developed this Identity Theft Prevention Program pursuant to the Federal Trade Commission s Red Flags Rule, Section 114
More informationUNION COUNTY S IDENTITY THEFT PREVENTION PROGRAM
UNION COUNTY S IDENTITY THEFT PREVENTION PROGRAM This program shall become effective November 1, 2008. Adopted this the 20 th day of October, 2008. I. PREFACE The purpose of this program is to detect,
More informationInteragency Guidelines on Identity Theft Detection, Prevention, and Mitigation
Guidelines to FTC Red Flag Rule(reformatted) Appendix A to Part 681 Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation Section 681.2 of this part requires each financial institution
More informationWritten Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.
Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR
More informationUniversity of St. Thomas. Identity Theft Prevention Program. (Red Flags Regulation Response)
University of St. Thomas Identity Theft Prevention Program (Red Flags Regulation Response) Revised: January 10, 2013 Program Adoption and Administration The University of St. Thomas ( University ) established
More informationRed Flags Identity Theft Training Program. Fall 2015
Red Flags Identity Theft Training Program Fall 2015 Background In 2003, U.S. Congress enacted the Fair and Accurate Credit Transactions Act of 2003 (FACTA). FACTA requires creditors to adopt policies and
More informationOklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention
Oklahoma State University Policy and Procedures Rules and Identity Theft Prevention 3-0540 ADMINISTRATION & FINANCE July 2009 Introduction 1.01 Oklahoma State University developed this Identity Theft Prevention
More informationUniversity Identity Theft and Detection Program (NEW) All Campuses and All Service Providers Subject to the Red Flags Rule
NUMBER: BUSF 4.12 SECTION: SUBJECT: Finance and Planning University Identity Theft and Detection Program (NEW) DATE: March 3, 2011 Policy for: Procedure for: Authorized by: Issued by: All Campuses and
More informationDSU Identity Theft Prevention Policy No. DSU 802.7.001
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 IDENTITY THEFT PREVENTION DSU Policy No. 802.7.001 SOURCE: Fair and Accurate
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationIdentity Theft Prevention Program (Approved by the Board of Trustees)
Administrative Regulation 8:8 Responsible Office: EVPFA Date Effective: 9/15/2009 Supersedes Version: No previous version Identity Theft Prevention Program (Approved by the Board of Trustees) Major Topics
More informationEXHIBIT A Identity Theft Protection Program. Definitions. For purposes of the Policy, the following definitions apply (1);
EXHIBIT A Identity Theft Protection Program Definitions. For purposes of the Policy, the following definitions apply (1); A. City means: the City of Troy, Montana B. Covered Account means: An account that
More informationUNIVERSITY OF RICHMOND IDENTITY THEFT PREVENTION PROGRAM
UNIVERSITY OF RICHMOND IDENTITY THEFT PREVENTION PROGRAM I. Program Adoption. After consideration of the size and complexity of the University s operations and account systems, and the nature and scope
More information