SIMMONS COLLEGE OFFICE OF THE GENERAL COUNSEL RED FLAG RULE POLICY. Background of the Federal Legislation Known as Red Flag Rule



Similar documents
Red Flag Identity Theft Financial Policy 1.10

A Guide to Benedictine College and Identity Theft

These rules became effective August 1, 2009, and require certain agencies to implement an identity theft program and policy.

THE LUTHERAN UNIVERSITY ASSOCIATION, INC. d/b/a Valparaiso University IDENTITY THEFT PREVENTION PROGRAM

Ferris State University

TOURO UNIVERSITY WORLDWIDE AND TOURO COLLEGE LOS ANGELES IDENTITY THEFT PREVENTION POLICY 1.0 POLICY/PROCEDURE 2.0 PURPOSE 3.0 SCOPE 4.

University of Tennessee's Identity Theft Prevention Program

IDENTITY THEFT PREVENTION (Red Flag) POLICY

Model Identity Theft Policy and Adopting Resolution

MCPHS IDENTITY THEFT POLICY

Covered Areas: Those EVMS departments that have activities with Covered Accounts.

Xavier University. Fair & Accurate Credit Transactions Act (Red Flags Rule) Policy and Procedures

SOUTH TEXAS COLLEGE. Identity Theft Prevention Program and Guidelines. FTC Red Flags Rule

31-R-11 A RESOLUTION ADOPTING THE CITY OF EVANSTON IDENTITY PROTECTION POLICY. WHEREAS, The Fair and Accurate Credit Transactions Act of 2003,

B. Credit - Deferral of payment of a debt incurred for the purchase of goods services, including educational services.

USF System & Preventing Identity Fraud

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE. University of Cincinnati Red Flags Rule Protecting Against Identity Fraud

IDENTITY THEFT PREVENTION

DSU Identity Theft Prevention Policy No. DSU

IDENTITY THEFT PREVENTION PROGRAM

BOWLING GREEN of#<~ City of Bowling Gree~;? Administrative Instruction No. 20

Deer Park Independent School District. Identity Theft Policy and Board of Trustees Resolution

Identity Theft Prevention Program (Approved by the Board of Trustees)

The University of North Carolina at Charlotte Identity Theft Prevention Program

Pacific University. Policy Governing. Identity Theft Prevention Program. Red Flag Guidelines. Approved June 10, 2009

IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS)

RESOLUTION TO ADOPT IDENTITY THEFT POLICY

Identity Theft Prevention Program. Effective: November 1, 2009

RESOLUTION NO A RESOLUTION ADOPTING THE "CITY OF CHATTANOOGA IDENTITY THEFT POLICY" ATTACHED HERETO AND MADE A PART HEREOF BY REFERENCE.

Oklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention

COUNCIL POLICY STATEMENT

CHAPTER 12 IDENTITY PROTECTION AND IDENTITY THEFT PREVENTION POLICIES

Oregon University System Identity Theft Prevention Program Effective May 1, 2009

University of St. Thomas. Identity Theft Prevention Program. (Red Flags Regulation Response)

IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009

Identity Theft Prevention Program Derived from the FTC Red Flags Rule requirements

Wheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009

Central Oregon Community College. Identity Theft Prevention Program

I. Purpose. Definition. a. Identity Theft - a fraud committed or attempted using the identifying information of another person without authority.

University Identity Theft and Detection Program (NEW) All Campuses and All Service Providers Subject to the Red Flags Rule

Detecting, Preventing, and Mitigating Identity Theft

Number: Index

MOTLOW STATE COMMUNITY COLLEGE

NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES)

CENTENARY COLLEGE POLICIES UNDER THE FAIR & ACCURATE CREDIT TRANSACTION ACT S RED FLAG RULES

ST. CLOUD STATE UNIVERSITY IDENTITY THEFT PREVENTION PROGRAM Effective November 1, 2009

University of Arkansas at Monticello Identity Theft Prevention Program

Identity Theft Prevention Policy

identity TheFT PREVENTION Programs and Response

THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM

CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY

University of Nebraska - Lincoln Identity Theft Prevention Program

Christopher Newport University Policy and Procedures

Facts About FACTA Red Flag Identity Theft Prevention Program

AUBURN WATER SYSTEM. Identity Theft Prevention Program. Effective October 20, 2008

California State University, Chico. Identity Theft Prevention Red Flags Program

Identity Theft Prevention Program

Identity Theft Policy Created: June 10, 2009 Author: Financial Services and Information Technology Services Version: 1.0

Identity theft. A fraud committed or attempted using the identifying information of another person without authority.

Green University. Identity Theft Prevention Program. Effective beginning October 31, 2008

Identity Theft Prevention Program

Wake Forest University. Identity Theft Prevention Program. Effective May 1, 2009

Identity theft prevention program and red flag compliance policy.

University of North Dakota. Identity Theft Prevention Program

policy All terms used in this policy that are defined in 16 C.F.R shall have the same meaning provided in that section.

University Policy: Identity Theft Prevention Policy

Village of Brockport Identity Theft Prevention Program Effective December 1, 2009 Confirmed 7/21/14

Texas A&M International University Identity Theft Prevention Program

Red Flags Identity Theft Training Program. Fall 2015

Identity Theft Policy

COUNCIL POLICY NO. C-13

Minnesota State University, Mankato

Identity Theft Prevention Policy and Procedure

Identity Theft Prevention Program. Approved by the Arizona Board of Regents on May 1, 2009

David Coble Internal Control Officer

Ouachita Baptist University. Identity Theft Policy and Program

UNIVERSITY OF RICHMOND IDENTITY THEFT PREVENTION PROGRAM

IDENTITY THEFT DETECTION POLICY

Administrative Procedure 5800 Prevention of Identity Theft in Student Financial Transactions

Texas A&M University Commerce. Identity Theft Prevention Program Effective beginning May 1, 2009

McLennan Community College

Z1.01 Guideline: Identity Theft Prevention Program

Approved by the Audit Committee of the Board of Trustees, effective February 3, 2009.

Wholesale Broker Red Flag/Identity Theft Prevention Program Certification

RADLEY ACURA RED FLAG IDENTITY THEFT PROTECTION PROGRAM and ADDRESS DISCREPANCY PROGRAM

University of Alaska. Identity Theft Prevention Program

UCLA Policy 313: Prevention of Identity Theft

Identification of Red Flags, Detecting Red Flags, and Preventing and Mitigating Identity Theft

University of Dayton Red Flag ID Theft Prevention Program

The Florida A&M University. Identity Theft Prevention Program. Effective May 1, 2009

IDENTITY THEFT PREVENTION PROGRAM

University System of New Hampshire. Identity Theft Prevention Program

Identity Theft Prevention Program

Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation

Springfield Technical Community College Identity Theft Prevention Program

MARSHALL UNIVERSITY BOARD OF GOVERNORS

UNC Asheville. Red Flag Rule and NC Identity Protection Act Information

City of Caro Identity Theft Prevention Policy

Identity Theft Prevention Program Red Flag Rules Policy P Issued: May 2009

OLYMPIC COLLEGE POLICY

Transcription:

SIMMONS COLLEGE OFFICE OF THE GENERAL COUNSEL RED FLAG RULE POLICY Background of the Federal Legislation Known as Red Flag Rule The Federal Trade Commission (FTC) has issued a regulation known as the Red Flag Rule (Sections 114 and 315 of the Fair and Accurate Credit Transactions Act) to reduce identity theft. The Red Flag Rule is intended to detect, prevent and mitigate opportunities for identity theft. Simmons College is subject to this federal law and must develop and implement a written Identity Theft Protection Program to protect our constituencies and comply with the law. Why Does This Law Apply to Simmons? The Red Flag Rule applies to financial institutions and creditors with covered accounts. Although at first glance, universities and colleges do not appear to fall within the scope of the legislation, we know that Simmons fits the criteria because: We participate in the Federal Perkins Loan Program; We participate as a school lender in the Direct Lending Program; We offer institutional student loan programs; We offer a payment program through a third party; We hold payment plans and promissory notes for covered student accounts; In employee hiring process and for students in certain programs, we perform background checks and receive credit reports; and We use Datatel and other databases throughout the College that contain sensitive information on students, employees, alumni and donors. What is the Purpose of Instituting This Policy at Simmons? Many offices throughout Simmons College hold sensitive information, as defined by the Red Flag Rules. We are enacting this policy to protect our students, employees, contractors, alumni and donors from identity theft in accordance with Federal law. We are also adopting this policy to mitigate the potential for damages related to the loss or misuse of sensitive information. 1

More specifically, this policy will: Define sensitive information covered by the Red Flag Rule; Describe proper protocols for physical data security when stored and distributed; Describe proper protocols for electronic data security when stored and distributed; Identify risks in new/existing covered accounts that signify potentially fraudulent activity; Provide proper protocol for responding to risk if fraudulent activity has occurred; and Place us in compliance with the Red Flag Rule and reducing/managing risk. What is Sensitive Information and How Does This Policy Apply to Me? Sensitive information is personal information belonging to any student, donor, employee, contractor, alumni, or other constituent of Simmons College. This information may include, but is not limited to, social security numbers, medical information, payroll and benefits information, tax identification numbers, credit card information, etc. As a Simmons employee you may be privy to sensitive information in the course of your job. You are expected to use common sense judgment in securing confidential information as necessary. What are Some Examples of Sensitive Information I May Encounter? Below are examples of common sensitive information typically found in certain departments of the College. This list is not all inclusive and such information can be found in various departments other than those listed. All offices across the College must be mindful of confidentiality and protecting sensitive information. If you need clarification on what constitutes sensitive information, it is your responsibility to seek it from your direct supervisor. For example: If you work in any Admissions Office across the College: Student personal information including address, date of birth, contact information, and academic information protected under state or federal law, such as the Family Education Rights and Practices Act (FERPA) If you work in Advancement: Donor information, including address, asset information, financial data, business identification numbers, employer identification numbers, and credit card information If you work in the Campus Card Office: Credit Card information, including card number, cardholder name and address 2

If you work in Health Services or the Counseling Center: Medical information, including doctor names, insurance claims, prescriptions and other personal medical information If you work in Human Resources: Personal information for employees, such as social security number, address, other contact information, results of background and credit checks, and benefits statements/information If you work in Payroll: Payroll information including social security numbers, paychecks, salary data, paystubs, and benefits statements If you work in Student Financial Services: Tax identification numbers, parent and student tax information, business identification numbers, and employer identification numbers If you work in the Registrar s Office: Academic Records or other data protected under state or Federal laws, such as FERPA What are some Specific Potential Red Flags? The following have been identified as potential indicators of Red flag activity. Please keep in mind that this list is not all inclusive and it is your responsibility as a Simmons College employee to use common sense judgment and err on the side of caution in order to identify potential Red Flags. The Social Security number provided is the same as that submitted by another person with an account held by Simmons Address discrepancies noted in background check reports Students, applicants or employees offering suspicious documents Photograph or physical description on the identification is not consistent with the appearance of the person presenting the identification Personal identifying information provided is not consistent with other personal identifying information on file with the College Documents provided for identification appear to have been altered or forged Notification from students, borrowers, law enforcement, or service providers of unusual activity related to a covered account Notification from a credit bureau of fraudulent activity 3

An account that was closed for cause or identified for abuse of account privileges by a financial institution or creditor An application or transcript appears to have been altered or forged, or appears to have been destroyed and reassembled The College is notified that a borrower or student has not been receiving paper account statements Simmons is notified of unauthorized charges or transactions in connection with a student or borrower account A student account is used in a manner commonly associated with known patterns of fraud Change of address for an account is immediately followed by a request to change the student s name There is a breach in the College s computer system There is unauthorized access or use of student accounts Payments stop on an account that is otherwise consistently up-to-date If I Identify a Potential Red Flag, How do I Proceed? If you believe you have identified a red flag, please take the following steps to ensure swift action: 1. Gather all related documentation and write a description of the situation. 2. Bring all pertinent information to the attention of the General Counsel, the Director of Public Safety, the Sr. VP for Finance and Administration, the Director of Student Financial Services, or the Registrar. Once reported to the appropriate authority the next steps are: 3. Investigation of the red flag to determine if there has been a breach. 4. Taking additional action when appropriate. This may entail notification of the affected party, changing passwords or implementing other security measures, cooperating with law enforcement, etc. What is Simmons requiring that I do to Mitigate Red Flag Activity? In addition to reading this policy and attending Red Flag training, it is expected that you have read the Sensitive Information Policy regarding physical access (page 4) to computers and other technology devices that may result in impermissible disclosures of insensitive information. This policy gives examples of ways to protect sensitive information, both in hard copy distribution and electronically, such as: 4

Refraining from transmitting or sending sensitive information in email unless absolutely necessary and only in the event the data has been encrypted; Clearing all work areas, including desks, workstations, printers, common shared work areas, etc. of documents containing sensitive information at the end of each workday or when unsupervised; and Locking all filing cabinets, desk drawers, and any other applicable storage spaces containing sensitive information at the end of each workday or when unsupervised. To read the policy, please see http://www.simmons.edu/policies/it/. Who Will Administer the Program and How Often Will it be Updated? The Offices of the General Counsel and the Senior Vice President of Finance and Administration will be responsible for oversight and administration of this program. The policy will be reviewed on an annual basis to ensure that all aspects of the program are up-todate in the current business environment. You will be informed of any changes in the program as they occur. What about Oversight of Service Providers? Simmons College will collect documents from all vendors, confirming compliance with Red Flag Rules. Such compliance will be part of the annual review of the Red Flag Policy and the General Counsel will ensure that any specific requirements are addressed in any contract between parties, if applicable. Adopted: March 2011 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information