Ouachita Baptist University. Identity Theft Policy and Program

Similar documents
Identity Theft Prevention Program. Effective beginning August 1, 2009

Seattle University Identity Theft Prevention Program. Purpose. Definitions

[Utility Name] Identity Theft Prevention Program

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

Prevention of Identity Theft in Student Financial Transactions AP 5800

Red Flag Policy and Identity Theft Prevention Program

( Utility Name ) Identity Theft Prevention Program

Red Flags/Identity Theft Prevention Policy: Purpose

City of New Haven Water, Sewer and Natural Gas Utilities Identity Theft Prevention Program

Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT

Red Flags Program. Purpose

University of North Texas System Administration Identity Theft Prevention Program

IDENTITY THEFT PREVENTION PROGRAM

IDENTITY THEFT PREVENTION Policy Statement

The Southern Baptist Theological Seminary IDENTITY THEFT RED FLAGS AND RESPONSE INSTRUCTIONS IDENTITY THEFT AND PREVENTION PROGRAM As of June 2010

Identity Theft Policies and Procedures

Identity Theft Prevention Policy

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Regulation P & GLBA Training

RED FLAGS IDENTITY THEFT PREVENTION PROGRAM

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Information Security Incident Response Plan

Credit Card Data Compromise: Incident Response Plan

Information Security Incident Response Plan

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Privacy Policy. I. How your information is used. Registration and account information. March 3,

Employee Security Awareness Training Program

Incident Policy Version 01, April 2, 2008 Provided by: CSRSI

Table of Contents. PCI Information Security Policy

Wesley House data protection statement and privacy notice (short-course delegates)

Payment Card Industry Data Security Standard (PCI DSS) Incident Response Plan

Conjure Network LLC Privacy Policy

Privacy Breach Policy

Elders Estates Privacy Notice

Data Compromise Notice Procedure Summary and Guide

Red Flag Regulations

Privacy Policy I. COOKEVILLE COMMUNICATIONS PRIVACY POLICY II. GENERAL PRIVACY GUIDELINES

FinFit will request and collect information in order to determine whether you qualify for FinFit Loans*.

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Donor Credit Card Security Policy

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

ANNUAL SECURITY AWARENESS TRAINING 2012

Breach Notification Form

BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement

Emergency Nurses Association Privacy Policy

Information Privacy Statement

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Eagles Charitable Foundation Privacy Policy

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Government-issued identification numbers (e.g., tax identification numbers)

UCOP Guidelines for Protection of Electronic Personal Information Data and for Security Breach Notification

Ministry of Government and Consumer Services. ServiceOntario. Figure 1: Summary Status of Actions Recommended in June 2016 Committee Report

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

Summary Comparison of Current Data Security and Breach Notification Bills

Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect

register to use the Service, place an order, or provide contact information to an Independent Business Owner;

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Post-Secondary Institution Data-Security Overview and Requirements

FairWarning Mapping to PCI DSS 3.0, Requirement 10

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

01.0 Policy Responsibilities and Oversight

Target Breach Overview

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

CYBER SECURITY POLICY REVISION: 12

Subject: University Information Technology Resource Security Policy: OUTDATED

Pasco Police Department Policy Manual. CRIME ANALYSIS AND INTELLIGENCE Chapter No. 40. Effective Date: 04/01/2018. Reference:

American Dental Hygienists Association Privacy Policy

Important Information

Breach Notification Assessment Tool

Policies and Procedures Date: February 28, 2012

Annual Report on the Status of the Information Security Program

Consolidated Privacy Notice

ASSESSMENT LAYERED SECURITY

Access to University Data Policy

YADTEL - Privacy Information INFORMATION WE COLLECT

Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009

Identity Theft Victim s Complaint and Affidavit

Virginia Commonwealth University School of Medicine Information Security Standard

1. General provisions

We offer background check and identity verification services to employers, businesses, and individuals. For example, we provide:

Solv3D Privacy Policy

Standard CIP Cyber Security Critical Cyber Asset Identification

Terms and Conditions For Online-Payments

Electronic Signature Policy

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

Institute of Technology, Sligo. Information Security Policy. Version 0.2

Baseline Information Security and Privacy Requirements for Suppliers

UCOP ITS Systemwide CISO Office Systemwide IT Policy

Shaw Privacy Policy. 1- Our commitment to you

Ecological Waste Management Ltd Privacy Policy

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Security and Privacy Governance Program Guidelines

Privacy and Security Liaison Program: Annual Compliance and Risk Assessment (Fiscal Year 2013/2014)

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Data Privacy Breach Policy and Procedure

Transcription:

Ouachita Baptist University Identity Theft Policy and Program

Under the Federal Trade Commission s Red Flags Rule, Ouachita Baptist University is required to establish an Identity Theft Prevention Program ( the program ) which contains reasonable policies and procedures to: Identify relevant red flags for new and existing covered accounts and incorporate those red flags into the program; Detect Red Flags that have been incorporated into the program; and Respond appropriately to any red flags that are detected to prevent and mitigate identity theft. This policy and program were adopted effective May 1, 2009 to comply with the Red Flags Rule. Definitions Covered Account any consumer account that involves multiple payments or transactions. At Ouachita, this is interpreted to mean any student account or loan administered by the university, including: Student accounts Perkins loan accounts Institutional loan accounts Past due accounts assigned to collection agencies Student ID cards that include a debit card feature Identifying Information any name or number that may be used, alone or in conjunction with any other information, to identify a specific person. Identifying information may include name, address, phone numbers, social security number, student ID number, alien registration number, government passport number or computer Internet Protocol (IP) address. Identity Theft a fraud committed or attempted using the identifying information of another person without authority or permission. Red Flag a pattern, practice, or specific activity that indicates the possible existence of identity theft. Identification of Red Flags The university considers the following risk factors in identifying relevant red flags: The types of accounts offered and maintained The methods used to open accounts The methods provided to access accounts.

Previous experiences with identity theft Based on those risk factors, we have identified the following red flags, listed by category: Suspicious Documents An identification document or card that appears to be forged, altered or inauthentic An identification document or card on which a person s photograph or physical description is not consistent with the person presenting the document Other documents with information that is not consistent with existing student information Any application that appears to have been altered or forged Suspicious Personal Identifying Information Identifying information presented that is inconsistent with other information the student provides (e.g. inconsistent birth dates) Identifying information presented that is inconsistent with other sources of information on file (e.g. an address on a loan application not matching an address on file) Identifying information presented that is the same as information presented on other documents that were found to be fraudulent Identifying information presented that is consistent with fraudulent activity (e.g. an invalid phone number or fictitious billing address) A social security number presented that is the same as that of another person An address or phone number presented that is the same as that of another person A person fails to provide complete identifying information on an application when reminded to do so Suspicious Covered Account Activity or Unusual Use of Account A change of address on an account followed by a request to change the student s name An account used in a way that is not consistent with prior use Mail sent to the account is repeatedly returned as undeliverable Notice provided by a student that the student is not receiving mail from the university Notice to the university by a student or a third party that an account has unauthorized activity A breach in the university s computer system security Detection of unauthorized access to or use of student account information Alerts from Others

If university personnel detect any identified red flags, the following actions may be taken to mitigate the risk of identity theft, depending on the type of red flag detected: Contact the student to notify him or her of the identified red flags Continue to monitor the covered account for additional red flags or other evidence of identity theft Not open a new covered account for which the information was provided Reopen a covered account with a new account number Change any passwords or other security features that permit access to the covered accounts Notify the Program Administrator to determine appropriate steps Notify law enforcement Take no action if the circumstances do not warrant Program Administration Responsibility for developing, implementing and updating this Program lies with the Program Administrator. The Chief Financial Officer will serve as Program Administrator unless the President appoints another individual. The Program Administrator will be responsible for the following: Program administration Ensuring that appropriate university staff are trained on specific responsibilities for the program Reviewing any staff reports regarding the detection of red flags and the steps for preventing and mitigating identity theft Determining which steps of prevention and mitigation should be taken in particular circumstances Providing guidance to the Board of Trustees as to periodic changes to the program based on experiences with identity theft, changes in identity theft methods, changes in identity theft detection and prevention methods, or changes in types of accounts the university maintains. Preparing and delivering an annual report to the Board of Trustees regarding compliance with Red Flag Rules Staff Training and Reporting University staff responsible for implementing the program will be trained by or under the direction of the Program Administrator in the detection, prevention, and mitigation of red flags. University staff are expected to notify the Program Administrator once they become aware of an incident of identity theft or of any failure by the university to comply with the program. At least annually, staff will provide a report to the Program Administrator of all red flags detected, all incidents of suspected or confirmed identity theft, and any recommendations for changes to the program.

Service Providers Any third party service agencies used in connection with covered accounts must provide annually an identity theft program which meets the requirements of the Red Flags Rule. Those agencies include: Delinquent account collection agencies Loan servicers Debit card providers linked to student IDs Any contracts with such service providers will require the provider to have such policies and procedures in place. The service provider must report any detected red flags to the Program Administrator within 30 days of detection and provide an annual report of all red flags detected and all incidents of suspected or confirmed identity theft.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback