Red Flags/Identity Theft Prevention Policy: Purpose

Size: px
Start display at page:

Download "Red Flags/Identity Theft Prevention Policy: Purpose"

Transcription

1 Red Flags/Identity Theft Prevention Policy: Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and stored in internal records. Regulatory agencies are charged with the responsibility to ensure that information security controls and procedures of educational institutions are in compliance with the intent of regulations designed to protect the identity of employees and students. Therefore, it is important for employees to understand the basic security requirements and provide ongoing assistance in the prevention, detection, and mitigation of identity theft to Morehouse s students, parents of students, employees and applicants. Applicability This policy applies to all Faculty and Staff members. Source The College policy. Definitions Identity Theft: A fraud committed or attempted using the identifying information of another person without authority. Red Flag: A pattern, practice, or specific activity that indicates the possible existence of identity theft. Covered Account: All student loans and/or other accounts that are administered by Morehouse under which multiple payments are made on behalf of a student or parent of a student. Applicant and employee background and credit checks are also considered to be covered accounts. Identifying Information: Any name or number that may be used alone, or in conjunction with other information, to identify a specific person, including name,address, telephone number, social security number, date of birth, government- issued driver s license or identification number, alien registration number, government passport number, employer or taxpayer identification 1

2 number, student identification number, computer internet Protocol address, computer access code or secured password. Program Coordinator: The individual designated with primary responsibility for oversight of the identity theft prevention program. Data Breach of Security: The unauthorized acquisition of data that compromises the security, confidentiality or integrity of personal information of students, parents or guardians of students, or employees at Morehouse. Compromise of Systems: An apparent exploit of a vulnerability in system software, hardware or a procedural weakness that may provide unauthorized access to the system environment. Personal Information: Includes, but is not limited to individual names, social security numbers, credit or debit card numbers, personal/student identification numbers, driver s license numbers, passport numbers, dates of birth, health records when the disclosure of the information in question would reasonably be considered to be harmful or an invasion of privacy. Policy I. REQUIREMENTS OF THE RED FLAGS IDENTITY THEFT RULE: A. Under the Red Flags Rule, Morehouse is required to develop and implement an Identity Theft Prevention Program tailored to its size, complexity, and nature of its operation. The Program must contain reasonable policies and procedures to: 1. Identify relevant red flags for new and existing covered accounts and incorporate those Red Flags into the Program. 2. Detect Red Flags that have been incorporated into the Program. 3. Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft. 4. Ensure the Program is updated periodically to reflect changes in risk to individuals or to the safety and soundness of protecting the individuals from identity theft. II. IDENTIFICATION OF RELEVANT RED FLAGS: A. In order to identify relevant Red Flags, Morehouse considers the types of accounts that it offers and maintains, methods it provides to 2

3 open accounts, methods it provides to access its accounts, and its previous experiences with Identity Theft. Morehouse identifies the following relevant Red Flags in each of the listed categories: 1. Notifications and Warnings from Credit Reporting Agencies 1. Report of fraud accompanying a credit report. 2. Notice or report from a credit agency of a credit freeze on an applicant or employee. 3. Notice or report from a credit agency of an active duty alert for an applicant. 4. Receipt of a notice of address discrepancy in response to a credit report request. 5. Indication from a credit report of activity that is inconsistent with an applicant s usual pattern or activity. 2. Suspicious Documents 1. Identification document or card that appears to be forged, altered, or gives the appearance of having been destroyed and reassembled. 2. Identification document or card on which a person s photograph or physical description is not consistent with the person presenting the document. 3. Identification document or other identifying document is inconsistent with existing identifying information. 4. Applications that appear to have been forged or altered. 5. Identifying information is inconsistent with previous information provided 6. Identifying Photo or physical description on identification document or card is inconsistent with the appearance of the individual presenting the identification. 7. Other documents with information are inconsistent with existing identifying information. 3. Suspicious Personal Identifying Information: 1. Identifying information presented that is inconsistent with other information provided (example: inconsistent birth dates). 2. Identifying information presented is inconsistent with other sources of information (an address that does not match an existing address). 3

4 3. Identifying information presented that is the same as information shown on other applications that were found to be fraudulent. 4. Identifying information presented that is consistent with fraudulent activity (such as an invalid phone number or fictitious billing address). 5. Social security number presented that is the same as one given by another person. 6. Social security number presented is identified as being used by more than one individual. 7. An address or phone number presented that is the same as that of another student, applicant or employee. 8. An individual fails to provide complete personal identifying information on an application when reminded to do so. 9. A person s identifying information is not consistent with the information that is on file for that person. 4. Suspicious Covered Account Activity or Unusual Use of Account 1. Change of address for an account followed by a request to change the person s name. 2. Payments stop on an otherwise consistently up-to-date account. 3. Account used in a way that is not consistent with prior use. 4. Mail sent to the individual is repeatedly returned as undeliverable. 5. Notice to Morehouse that a person is not receiving mail sent to them by the college. 6. Notice to Morehouse that an account has unauthorized activity. 7. Breach in Morehouse s computer system security. 8. Unauthorized access to or use of student account and/or employee information. 9. Notice to Morehouse from an individual, identity theft victim, law enforcement official, or other person that they have opened or are maintaining a fraudulent account for a person engaged in identity theft. 10. Morehouse s computer system is compromised. 4

5 III. DETECTING RED FLAGS: A. Enrollment: 1. To detect any of the Red Flags identified above associated with the enrollment of an individual, Morehouse personnel will take the following steps to contain and verify the identity of the person opening the account: 1. Require certain identifying information such as name, date of birth, academic records, home address, or other identification. 2. Verify the person s identity at time of issuance of identification card (review of driver s license or other government issued photo identification). B. Existing Accounts 1. To detect any of the Red Flags identified above for an existing covered account, Morehouse personnel will take the following steps to monitor transactions on an account: 1. Verify the identification of the individual if they request information (in person, via telephone, via facsimile, via ). 2. Verify the validity of requests to change billing addresses by mail or and provide the individual a reasonable means of promptly responding incorrect billing address changes. 3. Verify changes in banking information given for billing, payment and direct deposit purposes. C. Credit Report Requests 1. To detect any of the Red Flags identified above for an employment position for which a credit or background check report is sought, Human Resources will take the following steps to identify address discrepancies: 1. Require written verification from an applicant or employee that the address provided by them is accurate at the time the request for the credit report or background check is made to the reporting agency. 2. In the event that notice of an address discrepancy is received, verify that the credit report pertains to the applicant or employee for whom the requested report was made, and report to the credit agency an address for 5

6 the applicant or employee that Morehouse has reasonably confirmed is correct. IV. PREVENTING AND MITIGATING IDENTITY THEF: A. In the event that Morehouse personnel detect any identified Red Flags, personnel will take one or more of the following steps, depending on the degree of risk posed by the Red Flag: 1. Prevent and Mitigate 1. Continue to monitor a covered account for evidence of identity theft. 2. Obtain additional verification from the student, parent of student, applicant or employee. 3. Determine from the student or parent of a student the reasons payments have stopped on an account or that mail has been returned. 4. Obtain additional verification from a student or parent of a student of a reported address change. 5. Obtain information from the student or applicant why the social security number provided has multiple users, is associated with different names, or associated with known fraud activity. 6. Contact the individual for which a credit report was run. 7. Change any passwords or other security devices that permit access to covered accounts. 8. Do not open a new covered account. 9. Provide a new identification or account number. 10. Notify the Program Administrator for determination of the appropriate step(s) to take. 11. Notify law enforcement. 12. File or assist in filing a Suspicious Activities Report. 13. Determine that no response is warranted under the particular circumstances. 14. Complete due diligence documentation which details the steps that were taken. B. Protect Identifying Information 1. In order to further prevent the likelihood of identity theft occurring with respect to covered accounts, Morehouse will take the following steps with respect to its internal operating procedures to protect identifying information: 6

7 1. Ensure that its Web site is secure or provide clear notice that the Web site is not secure. 2. Maintain all information on students and employees in a secure fashion in accordance with industry best practices. 3. Subject to state record retention requirements, ensure complete and secure destruction of personal paper documents and computer files of information on students and employees containing account and personal information when there is no longer a legal or business purpose for the retention of the information and in conformity with all applicable records retention policies. 4. Ensure that office computers with access to covered account information are password protected. 5. Avoid the use of social security numbers. 6. Ensure that computer virus protection is up to date. 7. Require and keep only the kinds of individual information that is necessary for college purposes. 8. Restrict access to personal information on or about students and employees to only those persons needed to maintain systems, maintain data, meet legal requirements, or perform valid business functions. 9. Ensure that file cabinets, desk drawers, overhead cabinets, and any other storage space containing documents with sensitive information is locked when not in use. 10. Ensure that storage rooms containing documents with sensitive information and record retention areas are locked at the end of each workday or when unsupervised. 11. Clear desks and workstations, work areas, common shared work areas, printers and fax machines of all documents containing sensitive information when not in use. 12. Erase, remove, or shred whiteboards and writing tablets or dry- erasing boards, etc., in common shared work areas when not in use. 13. Use a cross-cut approved shredding device before discarding documents which contain sensitive information. 14. Ensure that all sensitive information transmitted or electronically stored is encrypted. 7

8 15. Encrypt and protect, by password, all sensitive information sent externally and send to approved recipients only. When sensitive information is sent via e- mail, include this statement. This message may contain confidential and/or proprietary information and is intended for the person to whom it was originally addressed. Any use by others is strictly prohibited. V. Morehouse or its employees SHALL NOT: Publicly post or display, or intentionally communicate or otherwise make available to the general public any personal information of and about students or employees. Require an individual to send personal information over the computer network unless it meets a valid business purpose and a secure network transmission is used. Transfer data containing personal information to another business unit, private entity or public entity, over the network unless it meets a valid business purpose and a secure network transmission is used. Mail personal information on a post card or any other mailer not requiring an envelope. Mailed personal information must not be printed on the envelope or visible within unopened envelopes. Require an individual to use his or her social security number to access an internet website or other network resource, unless a password or unique personal identification or other authentication device is also required to access the site or resource. Display a social security number as entered to access an internet website or other network resource. Print an individual s social security number on any materials that are mailed to the individual unless by law, or as a part of an application or enrollment process or to establish, amend, or terminate an account, contract, or policy, or to confirm accuracy of the social security number. Print an individual s social security number on any card required by the individual to access products or services provided by the college. 8

9 VI. PERIODIC UPDATES TO THE PLAN: A. The Program Administrator will periodically review and update the Program to reflect changes in risks to individuals and its soundness, and to determine whether all aspects of the Program are up-to-date and applicable in the current business environment. Periodic reviews will include an assessment of accounts covered by the Program. As part of the review, Red Flags may be revised, replaced or eliminated. Actions to take in the event that fraudulent activity is discovered may also require revision to reduce damage to the college, its students and employees. VII. STAFF TRAINING AND REPORTS: A. Morehouse staff responsible for implementing the Program will be trained in the detection of and responses to Red Flags. In addition, such training will be conducted on an annual basis in all elements of this policy, in the detection of Red Flags, including the responsive steps to be taken when a Red Flag is detected. To ensure maximum effectiveness, employees will continue to receive additional training as changes to the Program are made. Employees are expected to notify the Program Administrator once they become aware of an incident of identity theft or of the college s failure to comply with this Program. At least annually or as otherwise requested, the Program administrator will report to Senior Management and the Audit Committee of the Board of Trustees on compliance with this Program. The report should address such issues as effectiveness of the policies and procedures in addressing the risk of identity theft in connection with the opening and maintenance of covered accounts, service provider arrangements, and significant incidents involving identity theft, management responses, and recommendations for changes to the Program. VIII. OVERSIGHT OF SERVICE PROVIDER AGREEMENTS: A. Morehouse will take steps to ensure that all service providers perform their activities in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft. The policies and procedures will be designed to detect, prevent, and mitigate the risk of identity theft whenever Morehouse engages a service provider to perform an activity in connection with one or more covered accounts. Morehouse will maintain on file certifications from all service providers and/or third party administrator that they are Red Flags compliant. 9

10 Require, by contract, that service providers have such policies and procedures in place. Require, by contract, that service providers review our program and report any Red Flags to the Program Administrator or employee who has primary oversight of the service provider relationship. Morehouse currently has Service Provider agreements with the following agencies: 1. Student Refund Management Higher One, Inc. 2. Tuition Payment Plans Sallie Mae Tuition Pay Plan Higher Education Services 3. Billing Agency for the Perkins Loan Campus Partners IX. RELATED DOCUMENTS: Federal Trade Commission s Red Flag Rule, 16 C.F.R Section 114 of the Fair and Accurate Credit Transactions Act, 15 U.S.C. 1681m (e). Revision History Last revision completed on 2/16/

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS STOCKTON UNIVERSITY PROCEDURE Identity Theft Prevention Program Procedure Administrator: Director of Risk Management and Environmental/Health/Safety Authority: Fair and Accurate Credit Transactions Act

More information

Identity Theft Prevention Program. Effective beginning August 1, 2009

Identity Theft Prevention Program. Effective beginning August 1, 2009 Identity Theft Prevention Program Effective beginning August 1, 2009 I. PROGRAM ADOPTION Christian Brothers University developed this Identity Theft Prevention Program pursuant to the Federal Trade Commission's

More information

Prevention of Identity Theft in Student Financial Transactions AP 5800

Prevention of Identity Theft in Student Financial Transactions AP 5800 Reference: Fair and Accurate Credit Transactions Act (Pub. L. 108-159) The Board recognizes that some activities of the Shasta-Tehama-Trinity Joint Community College District, "District," are subject to

More information

Red Flags Program. Purpose

Red Flags Program. Purpose Red Flags Program Purpose The purpose of this Red Flags Rules Program is to document the protocol adopted by the University of Memphis in compliance with the Red Flags Rules. Many offices at the University

More information

Seattle University Identity Theft Prevention Program. Purpose. Definitions

Seattle University Identity Theft Prevention Program. Purpose. Definitions Seattle University Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in connection

More information

[Utility Name] Identity Theft Prevention Program

[Utility Name] Identity Theft Prevention Program [Utility Name] Identity Theft Prevention Program Effective beginning, 2008 Minnesota Municipal Utilities Association Sample Red Flag policy I. PROGRAM ADOPTION The [Utility Name] ("Utility") developed

More information

( Utility Name ) Identity Theft Prevention Program

( Utility Name ) Identity Theft Prevention Program ***DRAFT*** ( Utility Name ) Identity Theft Prevention Program Implemented as of, 2008 *** This document is intended to give guidance to municipal utilities in their understanding of the FTC Red Flag Rule.

More information

Ouachita Baptist University. Identity Theft Policy and Program

Ouachita Baptist University. Identity Theft Policy and Program Ouachita Baptist University Identity Theft Policy and Program Under the Federal Trade Commission s Red Flags Rule, Ouachita Baptist University is required to establish an Identity Theft Prevention Program

More information

Red Flag Policy and Identity Theft Prevention Program

Red Flag Policy and Identity Theft Prevention Program Unified Government of Wyandotte County and Kansas City, Kansas Adopted: 5/11/2011 Red Flag Policy and Identity Theft Prevention Program Authority: The Mayor and the Board of Commissioners are responsible

More information

City of New Haven Water, Sewer and Natural Gas Utilities Identity Theft Prevention Program

City of New Haven Water, Sewer and Natural Gas Utilities Identity Theft Prevention Program City of New Haven Identity Theft Prevention Program, October 2008, page City of New Haven Water, Sewer and Natural Gas Utilities Identity Theft Prevention Program Adopted by Resolution of the Mayor and

More information

IDENTITY THEFT PREVENTION Policy Statement

IDENTITY THEFT PREVENTION Policy Statement Responsible University Officials: Vice President for Financial Operations and Treasurer Responsible Office: Office of Financial Operations Origination Date: October 13, 2009 IDENTITY THEFT PREVENTION Policy

More information

Identity Theft Prevention Policy

Identity Theft Prevention Policy Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening

More information

University of North Texas System Administration Identity Theft Prevention Program

University of North Texas System Administration Identity Theft Prevention Program University of North Texas System Administration Identity Theft Prevention Program I. Purpose of the Identity Theft Prevention Program The Federal Trade Commission ( FTC ) requires certain entities, including

More information

IDENTITY THEFT PREVENTION PROGRAM

IDENTITY THEFT PREVENTION PROGRAM IDENTITY THEFT PREVENTION PROGRAM COLDWELL BANKER-D ANN HARPER REALTY PROPERTY MANAGEMENT JULY 1, 2013 COLDWELL BANKER-D ANN HARPER REALTY PROPERTY MANAGEMENT, located in SAN ANTONIO, TX 78258 developed

More information

Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT

Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT The Utility maintains accounts for its customers to pay for utility service where bills are

More information

Identity Theft Policies and Procedures

Identity Theft Policies and Procedures Identity Theft Policies and Procedures Davis & Wehrle, LLC 1104 S. Mays, Suite 105 Round Rock, TX 78664-6700 United States (512) 346-1131 Davis & Wehrle Identity Theft Policies & Procedures September 2017

More information

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. Gramm Leach Bliley Act 15 U.S.C. 6801-6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 11/30/2016 1 Objectives for GLBA Training GLBA Overview Safeguards Rule

More information

RED FLAGS IDENTITY THEFT PREVENTION PROGRAM

RED FLAGS IDENTITY THEFT PREVENTION PROGRAM RED FLAGS IDENTITY THEFT PREVENTION PROGRAM Due to being identified as a service provider, MED-1 Solutions, LLC, and its Affiliate Complete Billing Services ( MED-1 ) has adopted this Identity Theft Prevention

More information

Employee Security Awareness Training Program

Employee Security Awareness Training Program Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,

More information

Regulation P & GLBA Training

Regulation P & GLBA Training Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed

More information

Table of Contents. PCI Information Security Policy

Table of Contents. PCI Information Security Policy PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology

More information

The Southern Baptist Theological Seminary IDENTITY THEFT RED FLAGS AND RESPONSE INSTRUCTIONS IDENTITY THEFT AND PREVENTION PROGRAM As of June 2010

The Southern Baptist Theological Seminary IDENTITY THEFT RED FLAGS AND RESPONSE INSTRUCTIONS IDENTITY THEFT AND PREVENTION PROGRAM As of June 2010 IDENTITY THEFT S AND As of June 2010 Suspicious Documents 1. An identification document or card that appears to be forged, altered or inauthentic 2. An identification document or card on which a person's

More information

Privacy Breach Policy

Privacy Breach Policy 1. PURPOSE 1.1 The purpose of this policy is to guide NB-IRDT employees and approved users on how to proceed in the event of a privacy breach, and to demonstrate to stakeholders that a systematic procedure

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval

More information

Privacy Policy I. COOKEVILLE COMMUNICATIONS PRIVACY POLICY II. GENERAL PRIVACY GUIDELINES

Privacy Policy I. COOKEVILLE COMMUNICATIONS PRIVACY POLICY II. GENERAL PRIVACY GUIDELINES Privacy Policy I. COOKEVILLE COMMUNICATIONS PRIVACY POLICY Cookeville Communications Media is committed to maintaining robust privacy protections for its users. Our privacy policy is designed to help you

More information

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications Gramm-Leach Bliley Act Section 501(b) and Customer Notification Roger Pittman Director of Operations Risk Federal Reserve Bank of Atlanta Overview Bank IT examination perspective Background information

More information

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Policy and Procedure: SDM Guidance for HIPAA Business Associates Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:

More information

UTAH VALLEY UNIVERSITY Policies and Procedures

UTAH VALLEY UNIVERSITY Policies and Procedures Page 1 of 5 POLICY TITLE Section Subsection Responsible Office Private Sensitive Information Facilities, Operations, and Information Technology Information Technology Office of the Vice President of Information

More information

Subject: University Information Technology Resource Security Policy: OUTDATED

Subject: University Information Technology Resource Security Policy: OUTDATED Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from

More information

IAM Security & Privacy Policies Scott Bradner

IAM Security & Privacy Policies Scott Bradner IAM Security & Privacy Policies Scott Bradner November 24, 2015 December 2, 2015 Tuesday Wednesday 9:30-10:30 a.m. 10:00-11:00 a.m. 6 Story St. CR Today s Agenda How IAM Security and Privacy Policies Complement

More information

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers All Affiliate Research Policy Subject: HIPAA File Under: For Researchers ORA HIPAA Issuing Department: Office of Research Administration Original Policy Date Page 1 of 5 Approved by: May 9,2005 Revision

More information

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements

More information

PayThankYou LLC Privacy Policy

PayThankYou LLC Privacy Policy PayThankYou LLC Privacy Policy Last Revised: August 7, 2017. The most current version of this Privacy Policy may be viewed at any time on the PayThankYou website. Summary This Privacy Policy covers the

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

Information Security Policy

Information Security Policy April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING

More information

Donor Credit Card Security Policy

Donor Credit Card Security Policy Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry

More information

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program

More information

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018

SANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018 SANMINA CORPORATION PRIVACY POLICY Effective date: May 25, 2018 This Privacy Policy (the Policy ) sets forth the privacy principles that Sanmina Corporation and its subsidiaries (collectively, Sanmina

More information

UWTSD Group Data Protection Policy

UWTSD Group Data Protection Policy UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful

More information

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:

More information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.

More information

EDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017

EDENRED COMMUTER BENEFITS SOLUTIONS, LLC PRIVACY POLICY. Updated: April 2017 This Privacy Policy (this Privacy Policy ) applies to Edenred Commuter Benefits Solutions, LLC, (the Company ) online interface (i.e., website or mobile application) and any Edenred Commuter Benefit Solutions,

More information

Information Technology General Control Review

Information Technology General Control Review Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

A full list of SaltWire Network Inc. publications is available by visiting saltwire.com.

A full list of SaltWire Network Inc. publications is available by visiting saltwire.com. Introduction Effective January 1, 2004, private sector organizations must follow a code for the protection of personal information in accordance with the Personal Information Protection and Electronic

More information

Emsi Privacy Shield Policy

Emsi Privacy Shield Policy Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (

More information

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY 2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY Purpose: The purpose of this policy is to provide instruction and information to staff, auditors, consultants, contractors and tenants on

More information

Baseline Information Security and Privacy Requirements for Suppliers

Baseline Information Security and Privacy Requirements for Suppliers Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.

More information

Data Compromise Notice Procedure Summary and Guide

Data Compromise Notice Procedure Summary and Guide Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or

More information

Government-issued identification numbers (e.g., tax identification numbers)

Government-issued identification numbers (e.g., tax identification numbers) Privacy Policy This Privacy Policy explains how the ACMI collects, uses, shares and safeguards Personal Data and Non- Personal Data on www.acmiart.org, mobile websites, microsites, mobile applications,

More information

Conjure Network LLC Privacy Policy

Conjure Network LLC Privacy Policy Conjure Network LLC Privacy Policy Effective September 28, 2018 Conjure Network LLC ( Conjure, us, we, or our ) operates http://www.conjure.network (the Site or Website ). This Privacy Policy (the Policy

More information

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES ACCESS MANAGEMENT Policy UT Health San Antonio shall adopt access management processes to ensure that access to Information Resources is restricted to authorized users with minimal access rights necessary

More information

Summary Comparison of Current Data Security and Breach Notification Bills

Summary Comparison of Current Data Security and Breach Notification Bills Topic S. 117 (Nelson) S. (Carper/Blunt) H.R. (Blackburn/Welch) Comments Data Security Standards The FTC shall promulgate regulations requiring information security practices that are appropriate to the

More information

FinFit will request and collect information in order to determine whether you qualify for FinFit Loans*.

FinFit will request and collect information in order to determine whether you qualify for FinFit Loans*. FinFit Web Privacy Policy General: This Privacy Policy ( Policy ) describes the ways FinFit, LLC ( FinFit, we, us) collects, stores, uses and protects information we receive from you or that you may provide

More information

Information Technology Standards

Information Technology Standards Information Technology Standards IT Standard Issued: 9/16/2009 Supersedes: New Standard Mobile Device Security Responsible Executive: HSC CIO Responsible Office: HSC IT Contact: For questions about this

More information

BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement

BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement BCN TELECOM, INC. ( BCN" or "Company") has established practices and procedures adequate to ensure compliance

More information

HPE DATA PRIVACY AND SECURITY

HPE DATA PRIVACY AND SECURITY ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection

More information

Privacy Policy. I. How your information is used. Registration and account information. March 3,

Privacy Policy. I. How your information is used. Registration and account information. March 3, Privacy Policy This Privacy Policy describes how and when we collect, use and share your information across our App. When using our App you consent to the collection, transfer, storage, disclosure, and

More information

Shaw Privacy Policy. 1- Our commitment to you

Shaw Privacy Policy. 1- Our commitment to you Privacy Policy last revised on: Sept 16, 2016 Shaw Privacy Policy If you have any questions regarding Shaw s Privacy Policy please contact: privacy@shaw.ca or use the contact information shown on any of

More information

Red Flag Regulations

Red Flag Regulations Red Flag Regulations Identity Theft Put In Context Overview of Topics Red Flag Regulations Overview How UM Protects Information What is the Student Workers role in identity theft prevention? What s this

More information

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

HF Markets SA (Pty) Ltd Protection of Personal Information Policy Protection of Personal Information Policy Protection of Personal Information Policy This privacy statement covers the website www.hotforex.co.za, and all its related subdomains that are registered and

More information

Beam Technologies Inc. Privacy Policy

Beam Technologies Inc. Privacy Policy Beam Technologies Inc. Privacy Policy Introduction Beam Technologies Inc., Beam Dental Insurance Services LLC, Beam Insurance Administrators LLC, Beam Perks LLC, and Beam Insurance Services LLC, (collectively,

More information

Elders Estates Privacy Notice

Elders Estates Privacy Notice 15A Bath Street, Ilkeston Derbyshire. DE7 8AH 01159 32 55 23 info@eldersestates.co.uk 31 Market Place, Ripley Derbyshire. DE5 3HA 01773 30 44 44 info@eldersestates.co.uk Elders Estates Privacy Notice Introduction

More information

Credit Card Data Compromise: Incident Response Plan

Credit Card Data Compromise: Incident Response Plan Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,

More information

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable

More information

We offer background check and identity verification services to employers, businesses, and individuals. For example, we provide:

We offer background check and identity verification services to employers, businesses, and individuals. For example, we provide: This Privacy Policy applies to the websites, screening platforms, mobile applications, and APIs (each, a Service ) owned and/or operated by Background Research Solutions, LLC ("we"/ BRS ). It also describes

More information

HIPAA Federal Security Rule H I P A A

HIPAA Federal Security Rule H I P A A H I P A A HIPAA Federal Security Rule nsurance ortability ccountability ct of 1996 HIPAA Introduction - What is HIPAA? HIPAA = The Health Insurance Portability and Accountability Act A Federal Law Created

More information

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016 Section 3.9 PCI DSS Information Security Policy Issued: vember 2017 Replaces: June 2016 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

Checklist: Credit Union Information Security and Privacy Policies

Checklist: Credit Union Information Security and Privacy Policies Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC

More information

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

PPS is Private Practice Software as developed and produced by Rushcliff Ltd. Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and

More information

Standard for Security of Information Technology Resources

Standard for Security of Information Technology Resources MARSHALL UNIVERSITY INFORMATION TECHNOLOGY COUNCIL Standard ITP-44 Standard for Security of Information Technology Resources 1 General Information: Marshall University expects all individuals using information

More information

CERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement

CERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement CERTIFIED MAIL LABELS TERMS OF USE and PRIVACY POLICY Agreement Welcome to Certified Mail Envelopes and Certified Mail Labels web sites (the Site ) a website, trademark and business name owned and operated

More information

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

The Apple Store, Coombe Lodge, Blagdon BS40 7RG, 1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member

More information

Security and Privacy Breach Notification

Security and Privacy Breach Notification Security and Privacy Breach Notification Version Approval Date Owner 1.1 May 17, 2017 Privacy Officer 1. Purpose To ensure that the HealthShare Exchange of Southeastern Pennsylvania, Inc. (HSX) maintains

More information

Subject: Kier Group plc Data Protection Policy

Subject: Kier Group plc Data Protection Policy Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective

More information

Effective Date: November 26, A. Overview

Effective Date: November 26, A. Overview WEI Technology LLC ( WEI, we or us ) takes your privacy seriously. Please read this Privacy Policy, which describes the types of information we collect through www.lendingpad.com (the Website ), and how

More information

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services

More information

Information Security Management Criteria for Our Business Partners

Information Security Management Criteria for Our Business Partners Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents

More information

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial

More information

Integrating HIPAA into Your Managed Care Compliance Program

Integrating HIPAA into Your Managed Care Compliance Program Integrating HIPAA into Your Managed Care Compliance Program The First National HIPAA Summit October 16, 2000 Mark E. Lutes, Esq. Epstein Becker & Green, P.C. 1227 25th Street, N.W., Suite 700 Washington,

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

Information Privacy Statement

Information Privacy Statement Information Privacy Statement Commitment to Privacy The University of Florida values individuals' privacy and actively seeks to preserve the privacy rights of those who share information with us. Your

More information

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. Security for Your Business Mitigating risk is a daily reality for business owners, but you don t have

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,

More information

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring

More information

Oracle Data Cloud ( ODC ) Inbound Security Policies

Oracle Data Cloud ( ODC ) Inbound Security Policies Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

Cleveland State University General Policy for University Information and Technology Resources

Cleveland State University General Policy for University Information and Technology Resources Cleveland State University General Policy for University Information and Technology Resources 08/13/2007 1 Introduction As an institution of higher learning, Cleveland State University both uses information

More information

II.C.4. Policy: Southeastern Technical College Computer Use

II.C.4. Policy: Southeastern Technical College Computer Use II.C.4. Policy: Southeastern Technical College Computer Use 1.0 Overview Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer

More information

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule Legal Disclaimer: This overview is not intended as legal advice and should not be taken as such. We recommend that you consult legal

More information

Freedom of Information and Protection of Privacy (FOIPOP)

Freedom of Information and Protection of Privacy (FOIPOP) Freedom of Information and Protection of Privacy (FOIPOP) No.: 6700 PR1 Policy Reference: 6700 Category: FOIPOP Department Responsible: Records Management and Privacy Current Approved Date: 2008 Sep 30

More information

Information Security Incident Response and Reporting

Information Security Incident Response and Reporting Information Security Incident Response and Reporting Original Implementation: July 24, 2018 Last Revision: None This policy governs the actions required for reporting or responding to information security

More information

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains

More information

Access to University Data Policy

Access to University Data Policy UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,

More information

STATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)

STATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union) ASSEMBLY, No. 0 STATE OF NEW JERSEY th LEGISLATURE INTRODUCED NOVEMBER 0, 0 Sponsored by: Assemblywoman ANNETTE QUIJANO District 0 (Union) SYNOPSIS Requires certain persons and business entities to maintain

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version January 12, 2018 1. Scope, Order of Precedence and Term 1.1 This data processing agreement (the Data Processing Agreement ) applies to Oracle

More information

I. INFORMATION WE COLLECT

I. INFORMATION WE COLLECT PRIVACY POLICY USIT PRIVACY POLICY Usit (the Company ) is committed to maintaining robust privacy protections for its users. Our Privacy Policy ( Privacy Policy ) is designed to help you understand how

More information

Privacy Policy. Act shall mean the Information Technology Act, 2000 and Rules thereunder as amended from time to time.

Privacy Policy. Act shall mean the Information Technology Act, 2000 and Rules thereunder as amended from time to time. Privacy Policy The Clearing Corporation of India Ltd. (CCIL) adheres to the stringent principles governing its operations as a Financial Market Infrastructure regulated by the Reserve Bank of India (RBI).

More information

YADTEL - Privacy Information INFORMATION WE COLLECT

YADTEL - Privacy Information INFORMATION WE COLLECT YADTEL - Privacy Information As a customer of Yadtel, you are entitled to know what we do with personal information about you that we receive. We consider our treatment of such information to be a part

More information