Policy: Prevention, Detection, and Mitigation of Identity Theft
|Date: 10/22/10||Policy ID: FIN-031||Status: Final|
|Contact Office:||Comptroller (Office of the University)|
|Oversight Executive:||Executive Vice President and Chief Operating Officer|
|Applies To:||Academic Division, Medical Center, and College at Wise.|
|Table of Contents:|
|Reason for Policy:||In response to the increasing nationwide incidence of identity theft, the Federal Trade Commission, along with the banking regulatory agencies, issued a so-called “Red Flags Rule” intended to protect consumers from this crime. “Red Flags” are circumstances that should cause creditors and financial institutions to suspect that identity thieves may be using the identifying information of others to commit fraud.
The University is committed to complying with federal regulations concerning the detection, prevention, and mitigation of identity theft. In accordance with the Fair and Accurate Credit Transaction Act (FACTA) of 2003 and the subsequent “Red Flags Rule” of 2007, the University is required to establish a comprehensive, coordinated, and University-wide approach for facilitating the detection, prevention, and mitigation of identity theft.
|Definition of Terms in Statement:||
In compliance with 16 Code of Federal Regulations § 681.2, the following definitions shall apply to this Program:
Covered accounts: A consumer account or payment plan that involves multiple payments over time.
Identifying information: Any name or number that may be used, alone or in conjunction with any other information, to identify a specific person.
Identity theft: A fraud committed using the identifying information of another person.Red Flag: Suspicious information or activities that suggests the possibility of identity thieves using someone else’s identifying information at the University to commit fraud. Red flags fall into several categories including but not limited to:
In order to detect and stop identity thieves from using someone else’s identifying information at the University, an Identity Theft Prevention Program will be maintained. (This is distinct from data security which is covered under other University policies; see Related Information.) Identity theft is committed by using the identifying information of another person without his or her authority. Identifying information may include such things as a Social Security number, account number, date of birth, driver's license number, passport number, and other unique identification numbers or codes.The Identity Theft Prevention Program describes the characteristics of identity theft and helps detect, prevent, and mitigate the effects of identity theft in order to protect individuals and the University from fraudulent transactions. This program coordinates, reviews, and oversees policies and procedures in order to:
BACK TO TOP
A complete list of offices with covered accounts and guidance information related to the Identity Theft Prevention Program is provided at the University’s Red Flags Rule Program. (Of note, it has been determined that payroll deductions for University parking, intramurals, etc., are low-risk and therefore not included in the program.)
|Related Information:|| Supporting policies include, but are not limited to:
|Major Category:||Finance and Business Operations|
|Category Cross Reference:||Information Resource Management|
|Next Scheduled Review:||10/22/13|
|Approved By, Date:||Executive Vice President and Chief Operating Officer, 10/22/10|
|Revision History:||This is the first version of this policy.|
|Supersedes (previous policy):|