2 PII = Personally Identifiable Information EMU is committed to protecting the privacy of personally identifiable information of its students, faculty, staff, and other individuals associated with the University.
3 Any information about an individual that can be used to distinguish or trace an individual s identity Social Security Number Date of Birth Mother s Maiden Name Biometric Records Any other information that is linked or linkable to an individual Medical Information Education Information Financial Information
4 The more information that is combined, the greater the risk of identifying a specific individual. Example: A social security number without a name is unlikely to result in the identification of an individual; however, a name and social security number are very likely to result in the identification of an individual.
5 1/2012 University of Miami 1,219 patients notified that flash drive stolen from pathologist s car 2/2012 University of NC at Charlotte 350,000 SSN and financial data on internet due to a configuration error 3/2012 Hackensack University Medical Center employee stole 445 patients names, addresses, DOB, SSN, drivers license numbers, and insurance information 3/2012 Brigham Young University 1,300 student s names, addresses, phone numbers and student ID numbers attached to an 4/12 Case Western Reserve University stolen university laptop containing 600 alumni's name and SSN Data Loss Business Government Education Medical 10% 12% 14% 64% Source:
8 Red Flags Rule is a federal regulation issued by the Federal Trade Commission (FTC) as part of the implementation of the Fair and Accurate Credit Transaction (FACT) Act of Red Flags Rule requires financial institutions and creditors to implement a written Identity Theft Prevention Program and to provide for the continued administration of this Identity Theft Prevention Program.
9 To detect Red Flags and stop identity thieves from using someone else s identifying information to commit fraud.
10 Covered Accounts an account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, such as a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account. Any account that the financial institution or creditor offers or maintains for which there is a reasonable foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks. Creditor any person, corporation, government or government subdivision or agency, trust, estate, partnership, cooperative, or association who regularly extends, renews, or continues credit; any person who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.
11 Identifying Information is any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including: Name Address Telephone number Social security number Employer or taxpayer identification number Computer Internet Protocol address Date of birth Government issued driver s license Alien registration number Government passport number Student identification number Routing code Identity Theft a fraud committed or attempted using the identifying information of another person without authority Red Flag a pattern, practice, or specific activity that indicates the possible existence of identity theft
12 The Red Flags Rule does not name specific types of institutions that must comply. Instead, compliance requirements are based on the types of accounts EMU has with students. The Rule is generally based on the existence of covered accounts. Covered accounts include student accounts in which the University does not require full tuition payment at the time of enrollment professional service providers (clinics) that bill after service is delivered student loans administered by the University (i.e. Federal Perkins Loans).
13 Under the Red Flags Rule, EMU is required to establish a written "Identity Theft Prevention Program. The plan includes procedures to detect, prevent, and respond to patterns, practices, or specific activities that may indicate identity theft. The program is approved by EMU Board of Regents and is updated and monitored according to changes in risk. The University Privacy Work Group is responsible for the oversight, training of staff, and audit compliance to accomplish the following: Identify Red Flags for new and existing covered accounts and incorporate those Red Flags into the Program Detect Red Flags that have been incorporated into the Program Respond to Red Flags identified in the Program appropriately to prevent and mitigate identity theft. Ensure the program is updated periodically to reflect changes in risks to students and customers.
14 1. Notification and Warnings from Credit Reporting Agencies Red Flags Report of fraud accompanying a credit report Notice or report from a credit agency of a credit freeze on an applicant Notice or report from a credit agency of an active duty alert for an applicant Receipt of a notice of address discrepancy in response to a credit report request Indication from a credit report of activity that is inconsistent with an applicant s usual pattern or activity
15 2. Suspicious Documents Red Flags Identification document or card that appears to be forged, altered or inauthentic Identification document or card on which a person s photograph or physical description is not consistent with the person presenting the document Other document with information that is not consistent with existing student information Application for services that appears to have been altered or forged
16 3. Suspicious Personal Identifying Information Red Flags Identifying information presented that is inconsistent with other information the student provides (example: inconsistent birth dates) Identifying information presented that is inconsistent with other sources of information (example: an address not matching an address on a loan application) Identifying information presented that is the same as information shown on other applications that were found to be fraudulent
17 4. Suspicious Covered Account Activity or Unusual Use of Account Red Flags Change of address for an account followed by a request to change the student s name Payments stop on an otherwise consistently up to date account Account used in a way that is not consistent with prior use Mail sent to the student is repeatedly returned as undeliverable Notice to the University that a student is not receiving mail sent by the University Notice to the University s that an account has unauthorized activity Breach in the University s computer system security Unauthorized access to or use of student account information
18 5. Alerts from Others Red Flag Notice to EMU from a student, identity theft victim, law enforcement or other person that the University has opened or is maintaining a fraudulent account for a person engaged in identity theft
19 Student Enrollment To detect any of the Red Flags identified above associated with the enrollment of a student, University personnel will take the following steps to obtain and verify the identity of the person opening the account Require certain identifying information such as name, date of birth, academic records, home address or other identification Verify the student s identity at time of issuance of student identification card (review driver s license or other governmentissued photo identification) Existing Accounts To detect any of the Red Flags identified about for an existing covered account, University personnel will take the following steps to monitor transactions on accounts Verify the identification of students if they request information (in person, via telephone, facsimile or ) Verify the validity of requests to change billing address by mail or and provide the student a reasonable means of promptly reporting incorrect billing address changes Verify changes in banking information given for billing and payment purposes Consumer ( Credit ) Report Requests To detect any of the Red Flags identified above for an employment or volunteer position for which a credit or background report is sought, University personnel will take the following steps to assist in identifying address discrepancies Require written verification from any applicant that the address provided by the applicant is accurate at the time the request for the credit report was made to consumer reporting agency In the event that notice of an address discrepancy is received, verify that the credit report pertains to the applicant for whom the requested report was made and report to the consumer reporting agency an address for the applicant that the University has reasonably confirmed is accurate
20 Preventing and Mitigating Identity Theft In the event that University personnel detect any identified Red Flags, such personnel shall take one or more of the following steps, depending on the degree of risk posed by the Red Flag: Continue to monitor a covered account for evidence of identity theft Contact the student or applicant for which the credit report was requested Change any passwords or other security devices that permit access to covered accounts Do not open a new covered account Provide the student with a new student identification number Notify the Program Administrators for determination of the appropriate step(s) to take Notify law enforcement Determine that no response is warranted under the particular circumstances Protecting Student Identifying Information To further prevent the likelihood of identity theft occurring with respect to covered accounts, the University will take the following steps as they relate to internal operating procedures Ensure that the EMU website is secure or provide clear notice that the website is not secure Ensure complete and secure destruction of paper documents and computer files containing student account information when a decision has been made to no longer maintain such information Ensure that office computers with access to covered account information are password protected Avoid use of social security numbers Ensure computer virus protection is up to date Require and keep only the kinds of student information that are necessary for University purposes
21 The Committee will periodically review and update this Program to reflect changes in risks to students and soundness of the University from identity theft. In doing so, the Committee will consider the University s experience with identity theft situations, changes in identity theft methods, changes in identity theft detection and prevention methods, and changes in the University s business arrangements with other entities. After considering these factors, the Program Administrators will determine whether changes to the Program, including the listing of Red Flags, are warranted. If warranted, the Committee will update the Program.
23 Establish proper handling of credit and debit card transactions processed by any department and/or group affiliated with the University. Ensure cardholder information, such as sensitive account and personal cardholder information is protected against theft and/or improper usage.
24 PCI DSS compliance is mandatory for any department that accepts, captures, stores, transmits and/or processes credit or debit card information. Only authorized and properly trained individuals may accept and/or access credit or debit card information. Credit and debit card payments may be accepted only using methods approved by the University Student Business Services Office. Credit and Debit card payments may only be accepted in the following manner: In person Via Telephone Via Fax Via Physical Mail (not e mail), with special approval
25 Each person who has access to credit or debit card information is responsible for protecting the information. The following pieces of information are considered confidential and must be protected from initial capture through destruction regardless of the storage mechanism used: Credit or debit card number and expiration date Cardholder Verification Value (CVV2) Personal Identification Number (PIN) Cardholder s name, address and/or phone number when used in combination with the above fields Credit and debit card information must be destroyed as soon as it is no longer necessary. Physical documents, such as customer receipts, merchant duplicate receipts, reports, etc., that contain credit or debit card information should be retained only as long as there is a valid business reason to do so, and no longer than 90 days. While the documents are retained, they must be stored in locked cabinets in a secured area with restricted access to authorized individuals on a need to know basis.
26 Credit and debit card information must be destroyed as soon as it is no longer necessary. Physical documents, such as customer receipts, merchant duplicate receipts, reports, etc., that contain credit or debit card information should be retained only as long as there is a valid business reason to do so, and no longer than 90 days. While the documents are retained, they must be stored in locked cabinets in a secured area with restricted access to authorized individuals on a need to know basis.
27 Departments must maintain checks and balances in the handling of credit and debit card information. All departments and offices must settle credit card terminals daily and report credit card revenue within 2 business days to the University Student Business Services Office via Cash Deposit Voucher. Each department that handles credit and/or debit card information must have documented procedures for complying with this policy and PCI DSS.
28 Department and office procedures must include, but are not limited to the following: Segregation of duties Deposits Reconciliation procedures Physical security Disposal Cash register procedures (if applicable) Suspected theft of credit or debit card information must be reported to the University Student Business Services Office and University Department of Public Safety.
30 Gramm Leach Bliley Act A Federal law requiring all financial institutions to develop, implement, and maintain safeguards to protect customer information Comprised of several parts, most notably the Privacy Rule (16 CFR 313) and the Safeguards Rule (16 CFR 314)
31 Privacy Rule each institution has an obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers nonpublic personal information Safeguards Rule requires all financial institutions to develop an information security program, which is defined as: administrative, technical, or physical safeguards used to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customer information
32 Customer Information any record containing non public personal information about a customer of a financial institution can be paper, electronic, or other form Non public personal information personally identifiable financial information that is provided by a consumer to a financial institution. Examples include: Social Security Number Date of Birth Financial Account Numbers or Credit Card Numbers Name, Address, and Phone Numbers (when collected with financial data) Details of any financial transaction
33 EMU significantly engages in providing student loans and other financial services and as such, falls within the definition of a Financial Institution under GLBA and must comply Examples of financial information regulated by GLBA include: Student or other loans Collection of delinquent loans Check cashing services Financial or investment advisory services Obtaining information from a consumer report Career counseling services for those seeking employment in finance, accounting or auditing
34 Privacy Rule The FTC has stated that any college or university that complies with FERPA and that is also a financial institution subject to the requirements of GLBA shall be deemed to be in compliance with GLBA s privacy rules if it is in compliance with FERPA
35 Safeguards Rule EMU has implemented a University wide information technology security program to protect customer information called the Information Security Program (ISP)
36 Shared between the Chief Information Officer (CIO) and the University s Registrar Adherence to the University s ISP and the requirements of the GLBA is the responsibility of supervisors and employees in departments that access data which is governed or regulated Operational areas across the University are responsible for implementing a unit level security plan
37 Implementation of the information security program is the shared responsibility of Information Technology, Records and Registration, Financial Aid, Student Business Services, Human Resources, and Payroll. Each unit is responsible for implementing programs to safeguard sensitive and protected data and to secure student information Example: IT Risk Mitigation Systems: IT maintains policies, procedures, and processes that protect against anticipated threats to the security or integrity of electronic students information and guard against unauthorized use of such information. This includes: Data access authorization policies Network firewalls, intrusion detection systems and intrusion prevention systems Digital forensic and security analysis programs
38 All University employees will be instructed in the importance of confidentiality of customer information before access to such is granted. Included in the instructions are the privacy requirements under: Family Educational Rights and Privacy Act (FERPA) Health Insurance Probability and Accountability Act (HIPAA) Safeguard Requirements of GLBA Michigan Freedom of Information Act (FOIA) exemptions
39 The University has established a policy for central reporting and tracking of serious incidents The Incident Response Team (IRT) is responsible for handling information system security incidents
40 EMU takes reasonable steps to select and retain service providers who maintain appropriate safeguards. The evaluation for choosing a service provider and contracts for service must meet strict provisions for securing confidential information
42 The Family Educational Rights and Privacy act of 1974 is a federal law designed to protect the privacy of current and former student's educational records and afford students certain rights with respect to their education records.
43 The right to inspect and review the student's education records within 45 days of the day EMU receives a request for access. The right to request the amendment of the student's education records that the student believes are inaccurate or misleading. The right to file a complaint with the U.S. Department of Education concerning alleged failures by EMU to comply with the requirements of FERPA. The right to consent to disclosures of personally identifiable information contained in the student's education records, except to the extent that FERPA authorizes disclosure without consent.
44 EMU has designated the following items as directory information and these items may be included in publications or disclosed upon request without consent: Name Address Address Telephone Listing Date and Place of Birth Enrollment Status Major field of study Participation in recognized activities and sports Weight and height of members of athletic teams Dates of attendance Degrees and awards received (including, but not limited to, the Dean's List) Most recent previous educational agency or institution attended by the student. EMU reserves the right to make directory information public unless a student's written objection (specifying the category of information not to be made public without prior consent) is filed at the Office of Records and Registration within 14 days after each term begins.
45 Disclosure of information from confidential educational records is limited to the eligible student or to others: To whom the eligible student releases the records Who have a Legitimate Educational Interest Who are entitled or permitted to know the content of the records by virtue of one or more FERPA exceptions
46 Grades Test Scores I.D. Numbers or Social Security Numbers Financial Records Disciplinary Records Class Schedule
47 Sole Possession Records Law Enforcement Unit Records Employment Records Medical Records Post Attendance Records
48 Always ensure that your computer is logged off or password protected when you are not present Do not share your passwords Do not download or store PII on laptops or any portable devices, unless absolutely necessary. Portable devices containing PII should be encrypted. Ensure that shared drives are secure when storing files containing PII. Ensure that all files containing PII are encrypted or utilize SFTP. Limit access to sensitive information; need to know basis only Ensure that all servers are appropriately protected, consult DoIT
49 Only ask for PII when absolutely necessary to conduct the business of the University If individuals supply supplemental PII that is not needed, destroy (shred) it or redact it immediately; DO NOT KEEP IT! All documents containing PII must be stored in locked cabinets; a ;locked office alone is not acceptable All documents containing PII must be destroyed when no longer needed; documents regularly collected must have a record retention schedule
50 Document the handling of PII within relevant procedures If student workers have access to PII, have then sign a confidentiality agreement and be sure to explain the importance of and the responsibility to protect the information Do not or fax documents containing PII; utilize the postal service or hand deliver As a general rule, do not share PII
51 What is Fraud? Misappropriation of funds, securities, supplies or other assets Impropriety in the handling or reporting of money or financial transactions False Reporting of Work Time Disclosing confidential and proprietary information to outside parties Accepting or seeking anything of material value from contractors, vendors, or persons providing services/materials to the University. Exception: Gifts, meals and entertainment less than a nominal amount in value Destruction, removal, or inappropriate use of records, furniture, fixtures, and equipment
52 What is Fraud? Forgery or alteration of any document or account belonging to Eastern Michigan University Destruction, alteration, mutilation, concealment, covering up, falsification, or making of a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence any investigation by or on behalf of the University The destruction, alteration, or concealment of any records used in the conduct of an audit
53 What do I do if I suspect fraud? Immediately contact the Vice President and Secretary to the Board of Regents, General Counsel, or the Chief Financial Officer Gloria Hage John Lumm Vicki Reaume DPS Visit Anonymous Ethics and Compliance Reporting
54 EMU Incident Response Team The Federal Trade Commission (FTC): GLBA at the FTC: ml
55 EMU Records and Registration: EMU Authorization to Release FERPA protected information form: Department of Education
56 Identity Theft Resource Center Federal Trade Commission Fighting Back Against Identity Theft: U.S. Department of Education, Office of the Inspector General Resource on Identity Theft for Students U.S. Identity Theft Task Force: Anonymous Ethics and Compliance Reporting:
PII Personally Identifiable Information Training and Fraud Prevention Topics What is Personally Identifiable Information (PII)? Why are we committed to protecting PII? What laws govern us? How do we comply?
IDENTITY THEFT DETECTION POLICY Approved By: President s Cabinet Date of Last Revision: May 5, 2009 Responsible Office/Department: Business and Finance Policy Statement Grand Valley State University (GVSU)
Oklahoma State University Policy and Procedures Rules and Identity Theft Prevention 3-0540 ADMINISTRATION & FINANCE July 2009 Introduction 1.01 Oklahoma State University developed this Identity Theft Prevention
SUBJECT: Effective Date: Policy Number: Identity Theft Prevention 08-24-11 2-105.1 Supersedes: Page Of 2-105 1 8 Responsible Authority: Vice President and General Counsel DATE OF INITIAL ADOPTION AND EFFECTIVE
Procedure 3.6: Rule (Identity Theft Prevention) Volume 3: Office of Business & Finance Managing Office: Office of Business & Finance Effective Date: December 2, 2014 I. Purpose In 2007, the Federal Trade
Green University Identity Theft Prevention Program Effective beginning October 31, 2008 1 I. PROGRAM ADOPTION Green University ( University ) developed this Identity Theft Prevention Program ("Program")
The Florida A&M University Identity Theft Prevention Program Effective May 1, 2009 I. PROGRAM ADOPTION This Identity Theft Prevention Program ("Program") is established pursuant to the Federal Trade Commission's
Wake Forest University Identity Theft Prevention Program Effective May 1, 2009 I. GENERAL It is the policy of Wake Forest University ( University ) to comply with the Federal Trade Commission's ( FTC )
Identity Theft Prevention Program DATE: 10/22/2015 VERSION 2015-1.0 Abstract Purpose of this document is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity
Oregon University System Identity Theft Prevention Program Effective May 1, 2009 Page 2 I. PROGRAM ADOPTION The Oregon University System ( System ) developed this Identity Theft Prevention Program ("Program")
Central Oregon Community College Identity Theft Prevention Program Effective beginning May 1, 2009 I. PROGRAM ADOPTION This program has been created to put COCC in compliance with Section 41.90 under the
Program Adoption THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM As a best practice and using as a guide the Federal Trade Commission s ( FTC ) Red Flags Rule, implementing
Florida International University Identity Theft Prevention Program Effective beginning August 1, 2009 I. PROGRAM ADOPTION Florida International University developed this Identity Theft Prevention Program
01.230 IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS) Authority: Board of Trustees History: Effective May 1, 2009 (approved initially April 24, 2009) Source of Authority: Related Links: Responsible Office:
Identity Theft Prevention Program Section: General Operations Title: Identity Theft Prevention Program Number: 56.300 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND
Florida Agricultural & Mechanical University Board of Trustees Policy Board of Trustees Policy Number: Date of Adoption: May 4, 2009 Date of Revision: June 6, 2013 Identity Theft Prevention Policy Subject
Pacific University Policy Governing Identity Theft Prevention Program Red Flag Guidelines Approved June 10, 2009 Program adoption Pacific University developed this identity Theft Prevention Program ( Program
Texas A&M University Commerce Identity Theft Prevention Program Effective beginning May 1, 2009 1 I. PROGRAM ADOPTION Texas A&M University - Commerce ( University ) developed this Identity Theft Prevention
MARSHALL UNIVERSITY BOARD OF GOVERNORS Policy No. FA-12 IDENTITY THEFT PREVENTION PROGRAM 1 General Information. 1.1 Scope: To identify, detect, and respond appropriately to any Red Flags that are detected
IDENTITY THEFT PREVENTION (Red Flag) POLICY The risk to the College, its employees and students from data loss and identity theft is of significant concern to the College and can be reduced only through
Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements 1.0 Introduction In 2003, Congress enacted the Fair and Accurate Credit Transactions Act of 2003, 15 U.S.C. Section 1681,
Identity Theft Prevention Policy and Procedure In accordance with the Fair and Accurate Credit Transactions Act of 2003 (FACTA), the college president shall be responsible for developing and maintaining
Policy: Red Flag Identity Theft Identification and Prevention Program Policy Number: 3030 Date of Current Revision: Executive Oversight: Executive Vice President Contact Office: Comptroller s Office Policy:
University of North Dakota Identity Theft Prevention Program Effective beginning May 1, 2009 I. PROGRAM ADOPTION University of North Dakota ( University ) developed this Identity Theft Prevention Program
Village of Brockport Identity Theft Prevention Program Effective December 1, 2009 Confirmed 7/21/14 I. PROGRAM ADOPTION The Village of Brockport ( Village ) developed this Identity Theft Prevention Program
Identity Theft Prevention Program Effective: November 1, 2009 I. BACKGROUND Galveston College ("College" / Institution ) developed this Identity Theft Prevention Program ("Program") pursuant to the Federal
Texas A&M International University Identity Theft Prevention Program 1 I. PROGRAM ADOPTION Texas A&M International University ( University ) developed this Identity Theft Prevention Program ( Program )
Administrative Regulation 8:8 Responsible Office: EVPFA Date Effective: 9/15/2009 Supersedes Version: No previous version Identity Theft Prevention Program (Approved by the Board of Trustees) Major Topics
River Bend Identity Theft Program 1 TITLE XVIII: IDENTITY THEFT PREVENTION PROGRAM Chapter 18.01. IDENTITY THEFT PREVENTION PROGRAM 2 Identity Theft Prevention Program SECTION Chapter 18.01: IDENTITY THEFT
University of Arkansas at Monticello Identity Theft Prevention Program Overview The University Of Arkansas System Board Of Trustees adopted an Identity Theft Prevention Program (ITP) in compliance with
University System of New Hampshire Identity Theft Prevention Program Approved by the USNH Board of Trustees on April 30, 2009 I. PROGRAM ADOPTION The University System of New Hampshire (USNH) developed
Identity Theft Prevention Program I. PROGRAM PURPOSE AND DEFINITIONS The purpose of this Identity Theft Prevention Program ( Program ) is to detect, prevent and mitigate identity theft in connection with
CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY Policy Number: 2008-02 Date Adopted: October 27, 2008 Department: Administrative SUBJECT: IDENTITY THEFT PREVENTION PROGRAM I. OBJECTIVE: A. To protect
What is FERPA? The Family Educational Rights and Privacy Act of 1974 (FERPA), as amended (also referred to as the Buckley Amendment), is a Federal law designed to protect the confidentiality of a student
COUNCIL POLICY NO. C-13 TITLE: POLICY: Identity Theft Prevention Program See attachment. REFERENCE: Salem City Council Finance Committee Report dated November 7, 2011, Agenda Item No. 3 (a) Supplants Administrative
Delta Township Compiled Policy Manual Title: Delta Township Identity Theft Policy Adoption Date: October 20, 2008 Revision Date: General Purpose: To establish an Identity Theft Prevention Program designed
LEGAL REQUIREMENTS Section 114 of the Federal Trade Commission s Fair and Accurate Credit Transactions Act of 2003 created the Red Flags Rule. This regulation requires the College to have an Identity Theft
University of Dayton Red Flag ID Theft Prevention Program I. Program Adoption The University of Dayton developed this Identity Theft Prevention Program ("Program") pursuant to the Federal Trade Commission's
Ouachita Baptist University Identity Theft Policy and Program Under the Federal Trade Commission s Red Flags Rule, Ouachita Baptist University is required to establish an Identity Theft Prevention Program
City of Caro Identity Theft Prevention Policy Purpose The purpose of this policy is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection
I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with
Identity Theft Prevention Program Approved by the Arizona Board of Regents on May 1, 2009 I. Purpose & Scope This Program was developed pursuant to the Federal Trade Commission s ( FTC ) Red Flag Rules
IDENTITY THEFT PROCEDURES FREQUENTLY ASKED QUESTIONS ABOUT IDENTITY THEFT INCIDENTS AND RED FLAGS Q1: How is a Red Flags incident different from a data security breach? A1: A data security breach is the
[Utility Name] Identity Theft Prevention Program Effective beginning, 2008 I. PROGRAM ADOPTION The [Utility Name] ("Utility") developed this Identity Theft Prevention Program ("Program") pursuant to the
City of Hercules Hercules Municipal Utility Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate
SOUTH TEXAS COLLEGE Identity Theft Prevention Program and Guidelines FTC Red Flags Rule Issued June 24, 2009 Table of Contents Section Section Description Page # 1 Section 1: Program Background and Purpose
WESTERN WASHINGTON UNIVERSITY S RED FLAGS IDENTITY THEFT PREVENTION PROGRAM IMPLEMENTING SECTIONS 114 AND 315 OF THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT OF 2003 David Coble Internal Control Officer
Policy: 208 Subject: Identity Theft Prevention Program Approved for Board Action: December 22, 2009 Dates Amended: I. PROGRAM ADOPTION Hawkeye REC ("REC") developed this Identity Theft Prevention Program
Red Flag Identity Theft Policy 1.) Policy and Program Rationale: Messiah College ( College ) has developed the Identity Theft Policy ( Policy) and Prevention Program ( Program ) pursuant to the Federal
Date Revised: Page 1 of 16 5-21 Identity Theft Prevention Program I. BACKGROUND As a result of the increasing instances of identity theft, the United States Congress passed the Fair and Accurate Credit
RESOLUTION TO ADOPT IDENTITY THEFT POLICY WHEREAS, in late 2008 the Federal Trade Commission (FTC) and federal banking agencies issued a regulation known as the Red Flag Rule under sections 114 and 315
University Policy: Identity Theft Prevention Policy Policy Category: Ethics, Integrity and Legal Compliance Policies Subject: Detection, prevention and mitigation of identity theft Office Responsible for
Office of the President University Policy SUBJECT: IDENTITY THEFT PREVENTION PROGRAM Effective Date: 6-17-09 Policy Number: 5.6 Supersedes: Page Of New 1 7 Responsible Authority: Senior Vice President,
DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED: I. Adoption of Identity Theft Prevention Program Doylestown Family Medicine, P.C.
I. Purpose & Scope This program was developed pursuant to the Federal Trade Commission s (FTC) Red Flag Rules promulgated pursuant to the Fair and Accurate Credit Transactions Act (the FACT Act). The University
Chatsworth Water Works Commission Identity Theft Prevention Program Effective beginning December 1, 2008 I. PROGRAM ADOPTION The Chatsworth Water Works Commission ("Utility") developed this Identity Theft
RANDOLPH COUNTY PUBLIC WORKS Identity Theft Prevention Program Adopted September 1, 2009 Effective beginning September 1, 2009 I. PROGRAM ADOPTION The Randolph County Public Works Department ( the Department
AUBURN WATER SYSTEM Identity Theft Prevention Program Effective October 20, 2008 I. PROGRAM ADOPTION Auburn Water System developed this Identity Theft Prevention Program ("Program") pursuant to the Federal
UNIVERSITY OF RICHMOND IDENTITY THEFT PREVENTION PROGRAM I. Program Adoption. After consideration of the size and complexity of the University s operations and account systems, and the nature and scope
ADRIAN COLLEGE IDENTITY THEFT POLICY Adrian College s Identity Theft Prevention Program I. Program Adoption The Vice President of Business Affairs has developed this Identity Theft Prevention Program (
University of St. Thomas Identity Theft Prevention Program (Red Flags Regulation Response) Revised: January 10, 2013 Program Adoption and Administration The University of St. Thomas ( University ) established
Doc. T08-109 Passed by the BoT 12/11/08 UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM The Board recognizes that some activities of the University are subject to the provisions of the Fair
IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009 Table of Contents Introduction to the Training Module.. i I. Introduction. 1 II. Definitions. 3 III. Recognizing Identity Theft.. 6 IV. Identifying
Travis County Water Control & Improvement District No. 17 Identity Theft Prevention Program Effective beginning November 20, 2008 I. PROGRAM ADOPTION The Travis County Water Control and Improvement District
COUNTY OF SONOMA AND SONOMA COUNTY COMMUNITY DEVELOPMENT COMMISSION IDENTITY THEFT PREVENTION PROGRAM In Accordance with the Fair and Accurate Credit Transactions Act of 2003 And 16 CFR 681.1 and 16 CFR
I. Purpose & Scope THE UNIVERSITY OF MICHIGAN IDENTITY THEFT PREVENTION PROGRAM The Identity Theft Prevention Program was developed pursuant to the Federal Trade Commission s Red Flag Rules promulgated
RANDOLPH COUNTY EMERGENCY SERVICES & TAX DEPARTMENT Identity Theft Prevention Program Adopted August 3, 2009 Effective beginning August 1, 2009 I. PROGRAM ADOPTION The Randolph County Emergency Services
Office of Employee Benefits Administrative Manual PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT 150 EFFECTIVE DATE: AUGUST 1, 2009 REVISION DATE: PURPOSE: Ensure that the Office of Employee Benefits
THE LUTHERAN UNIVERSITY ASSOCIATION, INC. d/b/a Valparaiso University IDENTITY THEFT PREVENTION PROGRAM SECTION 1: BACKGROUND The risk to Valparaiso University ("University"), its employees, students (in
[Institution or GPLS Name] Red Flag Rules - Identity Theft/Fraud Prevention Program Effective beginning, 2009 I. PROGRAM ADOPTION The [Institution or GPLS Name] developed this Identity Theft Prevention
5/23/2011 31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY WHEREAS, The Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159, requires municipalities to promulgate
Minnesota Municipal Utilities Association IDENTITY THEFT AND MUNICIPAL UTILITIES Identity Theft and Red Flags Rule requirements The Red Flags Rule implements portions of the Fair and Accurate Credit Transactions
CITY OF STATE OF GEORGIA ORDINANCE NO: AN ORDINANCE TO AMEND THE CODE OF ORDINANCES, CITY OF, GEORGIA TO PROVIDE A NEW ARTICLE, IDENTITY THEFT PREVENTION PROGRAM; TO COMPLY WITH FEDERAL REGULATIONS RELATING
The University of North Carolina at Chapel Hill Identity Theft Prevention Program The Board of Trustees of The University of North Carolina at Chapel Hill (the University ) adopts this Identity Theft Prevention
THE RED FLAGS RULE Detecting, Preventing, and Mitigating Identity Theft Training for Ball State University s Identity Theft Protection Program What is the Red Flag Rule? Congress passed the Fair and Accurate
Issued: 05/16/2014 Revised: Policy and College ( Seminary ) developed this Identity Theft Prevention Program ("Program") pursuant to the Federal Trade Commission's ( FTC ) Red Flags Rule, which implements