Central Warehouse and Identity Theft Prevention Plan: Difference between pages
imported>Deaskc |
>Deaskc |
||
| Line 1: | Line 1: | ||
Policy | Policy 105.5 | ||
== Introduction == | |||
=== Program Adoption === | |||
As a best practice and using as a guide the Federal Trade Commission's Red Flags Rule (16 CFR Part 681, implementing Section 114 of the Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159) and North Carolina General Statutes, Chapter 75, Article 2A, Appalachian State University (the "University") has developed an Identity Theft Prevention Program (the "Program") described below. This Program was developed with oversight and approval of the Board of Trustees of Appalachian State University (the "Board"). After consideration of the size and complexity of the Universitys operations and account systems, and the nature and scope of the Universitys activities, the Board determined that this Program was appropriate for the University, and approved it on September 24, 2010 (the "Effective Date"). | |||
== | === Purpose === | ||
The purpose of this Program is to detect, prevent and mitigate identity theft in connection with any covered account. This Program envisions the implementation of policies and procedures subject to the Chancellor's approval in order to achieve these goals. All University personnel whose employment duties require or allow access to identifying information of other employees or students are responsible for implementing this Program. | |||
== Scope == | == Scope == | ||
| Line 7: | Line 11: | ||
== Definitions == | == Definitions == | ||
=== "Covered account" === | |||
*any account that constitutes a continuing financial relationship or is designed to permit multiple payments or transactions between the University and a person for a service, such as extension of credit, debit cards, Perkins Loans, Federal Family Education Loan Program (FFELP), institutional loans, accounts covered by the Health Insurance Portability and Accountability Act (HIPAA), deposit accounts, scholarship accounts, student accounts, and tuition payment plans. | |||
*any other account that the University offers or maintains for which there is a reasonably foreseeable risk to holders of the account or to the University from identity theft, such as use of consumer reports for employee background checks, credit applications and institutional debit card applications. This may include operations of utilities (e.g., New River Light & Power Company), clinical and research activities, and public service activities. 3.2 "Identifying information" means any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including, but not limited to: | |||
#name | |||
#address | |||
#telephone number | |||
#social security number | |||
#date of birth | |||
#government-issued driver's license or identification number | |||
#alien registration number | |||
#government passport number | |||
#employer or taxpayer identification number | |||
#individual identification number | |||
#computer's Internet Protocol address | |||
#bank or other financial account routing code | |||
=== Identity theft === | |||
means a fraud committed or attempted using the identifying information of another person without authority [16 CFR 603.2(a)]. | |||
=== Program administrator === | |||
means the individual designated with primary responsibility for oversight of this Program. | |||
=== Red flag === | |||
means a pattern, practice, alert or specific activity that indicates the possible existence of identity theft. | |||
=== Service provider === | |||
means a person or entity that provides a service directly to the University. | |||
== Policy and Procedure Statements == | == Policy and Procedure Statements == | ||
=== | === Example policy 1 === | ||
=== | === Example policy 2 === | ||
== Additional References == | == Additional References == | ||
| Line 30: | Line 58: | ||
== | == Effective Date == | ||
== Revision Dates == | == Revision Dates == | ||
Revision as of 12:32, 29 July 2011
Policy 105.5
Introduction
Program Adoption
As a best practice and using as a guide the Federal Trade Commission's Red Flags Rule (16 CFR Part 681, implementing Section 114 of the Fair and Accurate Credit Transactions Act of 2003, Public Law 108-159) and North Carolina General Statutes, Chapter 75, Article 2A, Appalachian State University (the "University") has developed an Identity Theft Prevention Program (the "Program") described below. This Program was developed with oversight and approval of the Board of Trustees of Appalachian State University (the "Board"). After consideration of the size and complexity of the Universitys operations and account systems, and the nature and scope of the Universitys activities, the Board determined that this Program was appropriate for the University, and approved it on September 24, 2010 (the "Effective Date").
Purpose
The purpose of this Program is to detect, prevent and mitigate identity theft in connection with any covered account. This Program envisions the implementation of policies and procedures subject to the Chancellor's approval in order to achieve these goals. All University personnel whose employment duties require or allow access to identifying information of other employees or students are responsible for implementing this Program.
Scope
Definitions
"Covered account"
- any account that constitutes a continuing financial relationship or is designed to permit multiple payments or transactions between the University and a person for a service, such as extension of credit, debit cards, Perkins Loans, Federal Family Education Loan Program (FFELP), institutional loans, accounts covered by the Health Insurance Portability and Accountability Act (HIPAA), deposit accounts, scholarship accounts, student accounts, and tuition payment plans.
- any other account that the University offers or maintains for which there is a reasonably foreseeable risk to holders of the account or to the University from identity theft, such as use of consumer reports for employee background checks, credit applications and institutional debit card applications. This may include operations of utilities (e.g., New River Light & Power Company), clinical and research activities, and public service activities. 3.2 "Identifying information" means any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including, but not limited to:
- name
- address
- telephone number
- social security number
- date of birth
- government-issued driver's license or identification number
- alien registration number
- government passport number
- employer or taxpayer identification number
- individual identification number
- computer's Internet Protocol address
- bank or other financial account routing code
Identity theft
means a fraud committed or attempted using the identifying information of another person without authority [16 CFR 603.2(a)].
Program administrator
means the individual designated with primary responsibility for oversight of this Program.
Red flag
means a pattern, practice, alert or specific activity that indicates the possible existence of identity theft.
Service provider
means a person or entity that provides a service directly to the University.