Identity Theft Prevention Program | Policy/Procedure Number | FED 01 |
Effective Date | June 16, 2010 |
It shall be the policy of Laramie County Community College (LCCC) to comply with the regulation of the Federal Trade Commission (FTC) pertaining to the detection and prevention of identity theft by adhering to the college’s Identity Theft Prevention Program guidance. The College takes the possibility of identity theft seriously and in full compliance with the FTC’s Red Flag Rules which implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), has developed a written Identity Theft Prevention Program (Program).
The purpose of the Red Flag Rules is to combat identity theft. Federal regulations require financial institutions and Creditors to implement a program to detect, prevent, and mitigate identity theft in connection with new and existing accounts.
This policy applies to all LCCC personnel with access to covered accounts and sensitive identifying information. The Program Administrator, assisted by the Program Administrative Committee, is responsible for training of personnel, reporting program effectiveness to the President and LCCC Board of Trustees, and updating the written Program document. The LCCC Board of Trustees is responsible for Program oversight.
The college shall operate an Identity Theft Prevention Program according to the written Program document, hereby incorporated by reference and made a condition and part of this Procedure.
The Vice-President of Administration and Finance or such other person that may be appointed from time to time by the President of the College (hereinafter, the “Program Administrator”) is responsible for overall Program management and administration. The Program Administrator shall provide appropriate identity theft training for relevant LCCC employees and provide reports and periodic updates to the Program Administrative Committee of the College, as well as, the President and LCCC Board of Trustees on at least an annual basis.
The annual report shall identify and evaluate issues such as the effectiveness of the College’s policies and procedures for addressing the risk of identity theft with respect to covered accounts, oversight of service providers, significant incidents involving identity theft and the College’s response, and any recommendations for material changes to this policy or the Program. As part of the review, Red Flags may be revised, replaced, or eliminated. Defining new Red Flags may also be appropriate.
The college shall protect sensitive information listed in the Program document in the following areas:
Laramie County Community College will consider the following risk factors in identifying Red Flags for Covered Accounts, if appropriate:
Laramie County Community College will, from time to time, incorporate relevant Red Flags from sources such as:
Laramie County Community College will, from time to time, include relevant Red Flags from the following categories, if appropriate:
Examples of Red Flags recognized by the College are listed in the Program document according to the following categories:
The college shall address the detection of Red Flags in connection with the opening of Covered Accounts and existing Covered Accounts according to Program guidance.
The college shall respond quickly to prevent identity theft in accordance with steps listed in the Program document. In all cases report Red Flags to Program Administrator.
The College will make reasonable efforts to ensure that the activity of a service provider engaged by the College to perform an activity in connection with Covered Accounts, is conducted with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft. A service provider that maintains its own identity theft prevention program that is consistent with the policy of the College and the federal law and regulations may be considered to be meeting these requirements. An example of a major service provider could be an external entity that provides student loan administration, billing, reporting, etc.
Responsibility for developing, implementing and updating this Program lies with a Program Administrative Committee (Committee) for the College. The Committee is headed by the Program Administrator. Additional members of the committee will be appointed as necessary from departments within the College who deal with Covered Accounts or Sensitive Identifying Information within their departments. The Program Administrator will be responsible for ensuring appropriate training of College staff on the Program, for reviewing any staff reports regarding the detection of Red Flags and the steps for preventing and mitigating Identity Theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the Program.
The Committee will periodically review and update this Program to reflect changes in risks to students and the soundness of the College from Identity Theft. Updates will be reported at least annually to the President and the LCCC Board of Trustees in the Committee’s report on the Identity Theft Prevention Program.
The annual report should address material matters related to the Program and evaluate issues such as: