The Southern Baptist Theological Seminary IDENTITY THEFT RED FLAGS AND RESPONSE INSTRUCTIONS IDENTITY THEFT AND PREVENTION PROGRAM As of June 2010

Similar documents
STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

Seattle University Identity Theft Prevention Program. Purpose. Definitions

Identity Theft Prevention Program. Effective beginning August 1, 2009

Prevention of Identity Theft in Student Financial Transactions AP 5800

( Utility Name ) Identity Theft Prevention Program

[Utility Name] Identity Theft Prevention Program

Ouachita Baptist University. Identity Theft Policy and Program

Red Flag Policy and Identity Theft Prevention Program

Red Flags Program. Purpose

IDENTITY THEFT PREVENTION PROGRAM

City of New Haven Water, Sewer and Natural Gas Utilities Identity Theft Prevention Program

Red Flags/Identity Theft Prevention Policy: Purpose

IDENTITY THEFT PREVENTION Policy Statement

Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT

Identity Theft Prevention Policy

Identity Theft Policies and Procedures

University of North Texas System Administration Identity Theft Prevention Program

RED FLAGS IDENTITY THEFT PREVENTION PROGRAM

Information Security Incident Response Plan

UCOP Guidelines for Protection of Electronic Personal Information Data and for Security Breach Notification

Information Security Incident Response Plan

Credit Card Data Compromise: Incident Response Plan

Data Compromise Notice Procedure Summary and Guide

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Regulation P & GLBA Training

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Employee Security Awareness Training Program

Customer Proprietary Network Information

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

The University of British Columbia Board of Governors

LCU Privacy Breach Response Plan

Best Practices Guide to Electronic Banking

ID Theft Information Form - Instructions

BCN Telecom, Inc. Customer Proprietary Network Information Certification Accompanying Statement

INFORMATION TO BE GIVEN 2

Incident Response Guidelines

Access Control Policy

Agreements & Contracts: Electronic Documents User Agreement CUSTOMER SERVICE SKOWHEGAN SAVINGS

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Donor Credit Card Security Policy

Terms and Conditions for MPF e-statement/e-advice Service ( Terms and Conditions )

DOMESTIC REMITTANCE SERVICE TERMS & CONDITIONS

Pasco Police Department Policy Manual. CRIME ANALYSIS AND INTELLIGENCE Chapter No. 40. Effective Date: 04/01/2018. Reference:

Summary Comparison of Current Data Security and Breach Notification Bills

Information Technology Standards

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Why you MUST protect your customer data

Information Security Incident Response and Reporting

Starflow Token Sale Privacy Policy

Cleveland State University General Policy for University Information and Technology Resources

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

Effective security is a team effort involving the participation and support of everyone who handles Company information and information systems.

Table of Contents. PCI Information Security Policy

Presented by: Jason C. Gavejian Morristown Office

Startup Genome LLC and its affiliates ( Startup Genome, we or us ) are committed to protecting the privacy of all individuals who ( you ):

POLICY 8200 NETWORK SECURITY

Token Sale Privacy Policy

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Target Breach Overview

Privacy & Information Security Protocol: Breach Notification & Mitigation

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

Nebraska State College System Cellular Services Procedures Effective Date June 15, 2012 Updated August 13, 2015

Data Protection Privacy Notice

Payment Card Industry Data Security Standard (PCI DSS) Incident Response Plan

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Filing an OGE 450 Report

Mile Privacy Policy. Ticket payment platform with Blockchain. Airline mileage system utilizing Ethereum platform. Mileico.com

NASD REGULATION, INC. OFFICE OF HEARING OFFICERS

Shaw Privacy Policy. 1- Our commitment to you

PRESIDENT S IDENTITY THEFT TASK FORCE SUMMARY OF INTERIM RECOMMENDATIONS

Identity Theft Victim s Complaint and Affidavit

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

Wesley House data protection statement and privacy notice (short-course delegates)

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Business Banking Online application

COMPLAINT FINANC1AL INDUSTRY REGULATORY AUTHORITY OFFICE OF HEARING OFFICERS. Disciplinary Proceeding SUMMARY

Data Privacy Breach Policy and Procedure

Virginia Commonwealth University School of Medicine Information Security Standard

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

PRIVACY-SECURITY INCIDENT REPORT

Subject: University Information Technology Resource Security Policy: OUTDATED

Incident Policy Version 01, April 2, 2008 Provided by: CSRSI

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

Security Breach Notification Reflections on the U.S. Experience

13. Acceptable Use Policy

Cybersecurity in Higher Ed

RBC Royal Bank Online Application Terms and Conditions

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

nanaco Card Member Agreement (For cards issued by alliance partners) Statement of Important Matters Related to the Handling of Personal Information

Lakeshore Technical College Official Policy

Mobile Banking and Mobile Deposit Terms & Conditions

Acceptable Use Policy

DATA SUBJECT ACCESS REQUEST PROCEDURE

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

Number: USF System Emergency Management Responsible Office: Administrative Services

Date of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act

STATE OF NEW JERSEY. ASSEMBLY, No th LEGISLATURE. Sponsored by: Assemblywoman ANNETTE QUIJANO District 20 (Union)

HPE DATA PRIVACY AND SECURITY

Transcription:

IDENTITY THEFT S AND As of June 2010 Suspicious Documents 1. An identification document or card that appears to be forged, altered or inauthentic 2. An identification document or card on which a person's photograph or physical description is not consistent with the person presenting the document 1. (1) Ask for an alternative form of identification that would be sufficient to grant request. (2) If unable to adequately verify identity: Reject request. If the Seminary is the issuer, contact supervisor to determine whether to confiscate, or only copy, the document/card in question. If the Seminary is not the issuer, copy the document/card in question. Notify Campus Security of the Red Flag (who will investigate the matter). 2. Same as no. 1 above. 3. An identification document containing information not consistent with existing individual information 3. Same as no.1 above. 1 of 7

The Southern Baptist Theological Seminary IDENTITY THEFT S AND Suspicious Personal Identifying Information 4. An application that appears to have been altered or forged 4. (1) Ask questions to determine authorship or better understand situation. (2) Compare to other information on file. (3) Consider contacting other offices for verifying information, as applicable. (4) If unable to verify authenticity of information on application, reject application. 5. Identifying Information is presented that is inconsistent with other information the individual provides, or with information from external sources 6. Identifying Information is presented that is the same as information shown on other applications that were found to be fraudulent 7. Identifying Information is presented that is consistent with fraudulent activity 5. Same as no. 1 above. 6. (1) Notify Campus Security of Red Flag and to have them attempt to apprehend individual if still present. (2) Copy or confiscate identifying information. (3) Reject request. 7. Same as no.6 above. 2 of 7

The Southern Baptist Theological Seminary IDENTITY THEFT S AND Suspicious Personal Identifying Information (continued) 8. A social security number presented is the same as one given by another individual 8. (1) Record SSN and obtain copy of document that contains SSN, if possible. (2) Attempt to reconcile SSN with existing records. (3) If unable to reconcile, contact local Social Security office. (4) Notify Campus Security of Red Flag. 9. An address or phone number is presented that is the same as that of another person 10. Identifying Information included in a person's file that is not consistent with the information that is on file for the individual 9. (1) Attempt to reconcile phone number. (2) If unable to reconcile, reject request until address and/or phone number information can be confirmed. 10. (1) Attempt to reconcile inconsistency in information. (2) If unable to reconcile, place any request associated with the information on hold pending further investigation by Campus Security. (3) Notify Campus Security of the Red Flag and request further investigation. 11. A person fails to provide complete personal Identifying Information on an application when reminded to do so 11. (1) Postpone action on the application until complete personal identifying information is provided. (2) Notify Campus Security of individual's name, address, phone number, and a brief description of incident. 3 of 7

IDENTITY THEFT S AND Suspicious Covered Account Activity 12. Change of address for an account followed by a request to change the individual's name or for a replacement or additional card (applicable only to Campus Technology) 13. Payments stop on an otherwise consistently upto-date account 12. (Yet to be drafted) 13. (1) Contact individual (student, employee, or customer) as part of normal collection procedures. (2) Inquire about and document reasons given for stop in payments. (3) Notify Controller if additional direction is required for next actions to be taken. 14. Account used in a way that is not consistent with prior use 15. Mail sent to the individual is repeatedly returned as undeliverable 14. (1) Inform your department's director of the inconsistency and request direction as to actions to be taken. (2) Department director shall inform Chief of Campus Security if deemed appropriate for investigation. 15. (1) Contact individual by telephone or e-mail to obtain new address. (2) Enter corrected address information in ADDR and other required systems. (3) Document subsequent mailings until address is validated. 4 of 7

IDENTITY THEFT S AND Suspicious Covered Account Activity (continued) 16. Notice to the Seminary that an individual is not receiving mail sent by the Seminary 17. Notice to the Seminary that an account has unauthorized activity 18. Breach in the Seminary's computer system security. (For purposes of this Red Flag, "computer system" includes servers, desktops, laptops, copiers, PDAs, USB disk drives, and similar devices that store or process data). 16. (1) Contact individual by telephone or e-mail to obtain new address. (2) Enter corrected address information in ADDR and other required systems. (3) Document subsequent mailings until address is validated. 17. (1) Notify and provide a summary of the notice received to Your department's director (who may elect to place a freeze on the account), The Controller if a financial account is involved (who may elect to place a freeze on the account), and The Chief of Campus Police. (2) Request direction as to appropriate actions to be taken. 18. (1) Immediately report the breach to the VP for Campus Technology (or in his absence, either the Director of Network Services or the Director of Software Development). (2) The VP for Campus Technology (or his delegate) will notify the SVP for Institutional Administration, the Chief of Campus Police, and if appropriate, Seminary counsel, to determine the next steps to be taken, including following all federal and state regulations with regard to notification in the event identifying information has been disclosed. 5 of 7

IDENTITY THEFT S AND Suspicious Covered Account Activity (continued) 19. Unauthorized access to or use of individual account information 19. (1) Contact Chief of Campus Police regarding incident. (2) Document facts and circumstances of the incident. (3) Notify the SVP for Institutional Administration, and if appropriate, Seminary counsel, to determine appropriate actions to advise and assist individual. (4) Consider placing a freeze on the account. Alerts from Others 20. Notice to the Seminary from an individual, Identity Theft victim, law enforcement, or other person that the Seminary has opened or is maintaining a fraudulent account for a person engaged in Identity Theft. 20. (1) Notify and provide a summary of the notice received to Your department's director, and The Chief of Campus Police and request direction as to appropriate actions to be taken. 6 of 7

The Southern Baptist Theological Seminary IDENTITY THEFT S AND Notifications and Warnings from Consumer Reporting Agencies (applicable only to Security and Human Resources) 21. A fraud or active duty report accompanies a credit report 22. A notice from a credit agency of a credit freeze on an applicant. 23. A notice of address discrepancy in response to a credit report request 24. A credit report indicates a change in the applicant's usual pattern of activity 21. The Chief of Campus Police will initiate a joint evaluation of the red flag with the Director of Human Resources. They will mutually determine the severity of the Red Flag and the circumstances involved. The director of Human Resources will implement one of the following actions, as applicable: Achieve a satisfactory explanation or resolution Withdraw the employment offer, or Terminate the employee's employment. 22. See no. 21 above. 23. See no. 21 above. 24. See no. 21 above. 7 of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback