Red Flag Regulations

Similar documents
Red Flags/Identity Theft Prevention Policy: Purpose

Why you MUST protect your customer data

IDENTITY THEFT PREVENTION Policy Statement

University of North Texas System Administration Identity Theft Prevention Program

Identity Theft Prevention Program. Effective beginning August 1, 2009

Red Flags Program. Purpose

Employee Security Awareness Training Program

Seattle University Identity Theft Prevention Program. Purpose. Definitions

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

Ouachita Baptist University. Identity Theft Policy and Program

Data Compromise Notice Procedure Summary and Guide

Prevention of Identity Theft in Student Financial Transactions AP 5800

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

Cyber Risks in the Boardroom Conference

What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996.

Identity Theft Prevention Policy

[Utility Name] Identity Theft Prevention Program

5LINX ID GUARD Product Overview. Credit/Presenter Goes Here

Governance Ideas Exchange

Subject: University Information Technology Resource Security Policy: OUTDATED

Castle View Primary School Data Protection Policy

UTAH VALLEY UNIVERSITY Policies and Procedures

Chapter 6 Network and Internet Security and Privacy

Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence

PCI Compliance. What is it? Who uses it? Why is it important?

Lesson Three: False Claims Act and Health Insurance Portability and Accountability Act (HIPAA)

Notice to our customers regarding Toll Fraud

Employee Security Awareness Training

HIPAA FOR BROKERS. revised 10/17

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

UWTSD Group Data Protection Policy

Cleveland State University General Policy for University Information and Technology Resources

( Utility Name ) Identity Theft Prevention Program

Red Flag Policy and Identity Theft Prevention Program

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

SHS Annual Information Privacy and Security Training

The Cyber War on Small Business

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Information Technology Standards

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Data Protection Policy

Protecting Your Gear, Your Work & Cal Poly

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

HIPAA UPDATE. Michael L. Brody, DPM

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Cybersecurity in Higher Ed

FinFit will request and collect information in order to determine whether you qualify for FinFit Loans*.

Subject: Kier Group plc Data Protection Policy

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

HIPAA Privacy & Security Training. HIPAA The Health Insurance Portability and Accountability Act of 1996

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

City of New Haven Water, Sewer and Natural Gas Utilities Identity Theft Prevention Program

It s still very important that you take some steps to help keep up security when you re online:

Cyber Security Issues

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Privacy Policy GENERAL

Your Information. Your Rights. Our Responsibilities.

If you have any questions or concerns about this Privacy Policy, please Contact Us.

HIPAA and Social Media and other PHI Safeguards. Presented by the UAMS HIPAA Office August 2016 William Dobbins

Compliance A primer. Surveys indicate that 80% of the spend on IT security technology is driven by the need to comply with regulatory legislation.

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Cyber Attacks and Data Breaches: A Legal and Business Survival Guide

Information Classification & Protection Policy

Caribbean Cyber Security: Not Only Government s Responsibility

Identity Theft and Account Takeover Prevention

What is a Dataset? Information Security and Privacy Office (ISPO) Risk Assessment Program August 2018 Version 1.1

Identity Theft: Enterprise-Wide Strategies for Prevention, Detection and Remediation

Preventing Tax Preparer Data Theft

Family Medicine Residents HIPAA Highlights May 2016 Heather Schmiegelow, JD

Social Engineering Hacking the Human Element

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

Review Ch. 3 Connecting to the World s Information. 2010, 2006 South-Western, Cengage Learning

Compliance & HIPAA Annual Education

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Consumer Protection & System Security Update. Bill Jenkins and Cammie Blais

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Security Now. Howard Verne. Is My Private Information Safe?

Security Awareness. Chapter 2 Personal Security

Cyber Security Updates and Trends Affecting the Real Estate Industry

Entertaining & Effective Security Awareness Training

HIPAA Omnibus Notice of Privacy Practices

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Chapter 12. Information Security Management

ID Theft and Data Breach Mitigation

HIPAA Privacy and Security Training Program

Information Privacy and Security Training 2016 for Instructors and Students. Authored by: Office of HIPAA Administration

Keep the Door Open for Users and Closed to Hackers

IS-906: Workplace Security Awareness. Visual 1 IS-906: Workplace Security Awareness

HIPAA Faux Pas. Lauren Gluck Physician s Computer Company User s Conference 2016

LCU Privacy Breach Response Plan

Navigating Regulatory Impacts of a Financial Services Data Breach

Cybersecurity and Nonprofit

Data Privacy Breach Policy and Procedure

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

YADTEL - Privacy Information INFORMATION WE COLLECT

Transcription:

Red Flag Regulations

Identity Theft Put In Context Overview of Topics Red Flag Regulations Overview How UM Protects Information What is the Student Workers role in identity theft prevention?

What s this all about? Why is UM concerned about identity theft? The University of Montevallo is subject to federal rules regarding security because we offer or participate in: Student tuition and fee payment plans The Federal Perkins Loan program Other payments through various departmental programs on campus such as Child Study Center, Community School of Music, etc.

What is Considered Identity Theft? Identity theft takes place when key pieces of personal identifying information is stolen. This can include: Drivers Licenses Numbers Social Security Numbers Credit Card Accounts Other personal information

Why is training on identity theft prevention important? Between January 2005 and June 2008, 227,205,625 records were compromised from US government agencies, businesses, schools, and other organizations. Privacy Rights Clearinghouse, 2008 The total one year amount of identity fraud in 2006 cost $55.7 billion. Javelin Strategy& Research Survey, 2007

Common Causes Internal Threats External Threats Poorly trained personnel Inadequate security measures Insufficient support from management Unsupervised third party providers Dishonest insiders Inadequate IT systems Hackers Organized crime Social engineers Competitors Human error

Common Methodology Dumpster Diving Eavesdropping Family, Friends, Coworkers Hacking Insiders Mail Theft Name Dropping Pharming Phishing Piggy Backing Pretexting Shoulder Surfing Skimming Social Engineering War Driving

Bottom Line For You As A Student Worker Perhaps the greatest cause of information loss or breach is the HUMAN ELEMENT. From an organization s perspective, people include employees, customers, third parties, and business partners. All of these people are vital to the organization s survival and are privy to the organization s information in varying degrees through different means. As a result, all of these PEOPLE PRESENT RISK. Well aware that infrastructures and perimeters have been fortified, today s sophisticated crooks no longer batter the fortress directly they take a subtler approach through its people. Deloitte 2007 Global Security Survey: The Shifting Security Paradigm

Federal rules UM employees must follow regarding identity protection

Red Flag Regulations The Red Flag Regulations & Guidelines come from Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003 passed in October 2007 The Federal Trade Commission governs and enforces this regulation.

Red Flag Regulations What s the Purpose? Financial institutions and creditors must: Develop and implement an Identity Theft Prevention program to detect, prevent, and mitigate identity theft in connection with the opening of certain accounts or certain existing accounts.

Why Does This Apply To Me? UM extends credit to students in the form of financial aid and payment plans. According to the Red Flag Rules, that makes staff at UM (even student staff) responsible for following the Red Flag Rules when dealing with confidential and sensitive information.

What is Confidential and Sensitive Information? Any one piece of information with a person s or company s name beyond the information you would find in a phone directory or on a business card As a member of UM staff you could handle this type of information.

If you work with information from sources such as: Financial Accounts Medical Accounts Employment Accounts Education Accounts Criminal or Student Judicial Accounts You will be handling confidential and sensitive information (CSI)

Defining Confidential and Sensitive Information (CSI) Personal Information Business Information Financial Information Medical Information Social Security Number Social Insurance Number Birth Dates Driver s License Information Professional License Information Student Id numbers such as M# Federal ID Numbers Proprietary Information Trade Secrets Business Systems Student ID s Access Numbers /Passwords Customer Identifiers, Vendor Numbers, and Account Numbers Credit Card Numbers Expiration Dates of Cards CCV Numbers from Cards Bank/Credit Union Account Number Credit Reports Billing Information Payment History Medical Records Doctor Names and Claims Health, Life, Disability Insurance Policy Information

Protective Measures for Data Security Know where sensitive files are located and used Keep only what is needed and dispose of everything else Lock up sensitive information Shred papers with identifying information Report security breeches to your supervisor immediately http://business.ftc.gov/documents/bus69-protecting-personal-information-guide-business.pdf

Protective Measures for Student Privacy Protecting a student s privacy is just as important as protecting his or her data. Never give out private information on other students This includes: Parents Friends Co-Workers from other departments (unless directed by your direct supervisor)

Safety Concerns Never give out individual addresses, room numbers, or class schedules to the public Parents are included in the public realm Refer parents to your supervisor if they are asking for information you cannot release

Protective Measures for Employee Privacy and Security Providing security and privacy for employees helps protect everyone. Place your personal items, such as bags, in a secure area. When speaking on the phone be aware of who may overhear what you are disclosing. If necessary, transfer the call to a more secure environment. Secure office computers with a password at the end of your shift.

Basic Requirements for Student As a student worker at UM You are expected to follow basic rules for keeping information private such as: Workers

Basic Rules for Student Workers As a student worker at UM You are expected to follow basic rules for keeping information private such as: Shredding waste paper that has confidential and sensitive information Securing your desk and computer before leaving your station Never giving out CSI to visitors in the office or people on the phone Being aware of eavesdroppers when you are talking Never sharing information outside the office that is confidential Keeping files locked with sensitive information Keeping your desk clear of sensitive information except for what you are currently working with

Remember You are a part of the staff and thus, you represent your department Talking about confidential matters outside the job is cause for dismissal Each department has its own procedures for making sure confidential and sensitive information is protected Follow the instructions of your supervisor

For More Information FIGHTING BACK AGAINST IDENTITY THEFT FEDERAL TRADE COMMISSION http://www.ftc.gov/bcp/edu/microsites/idtheft/index.html

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback