It shall be the policy of Laramie County Community College (LCCC) to comply with the regulation of the Federal Trade Commission (FTC) pertaining to the detection and prevention of identity theft by adhering to the college’s Identity Theft Prevention Program guidance. The College takes the possibility of identity theft seriously and in full compliance with the FTC’s Red Flag Rules which implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), has developed a written Identity Theft Prevention Program (Program).

The purpose of the Red Flag Rules is to combat identity theft. Federal regulations require financial institutions and Creditors to implement a program to detect, prevent, and mitigate identity theft in connection with new and existing accounts.

1. Identity Theft is a "fraud committed or attempted using the identifying information of another person without authority."
2. Red Flag is a "pattern, practice, or specific activity that indicates the possible existence of Identity Theft."
3. Covered Accounts includes all employee and student accounts or loans that are administered by the College. Covered Accounts also include any account that involves or is designed to permit multiple payments or transactions.
4. Program Administrator is the individual designated with primary responsibility for oversight of the program.
5. Program Administrative Committee is a committee charged with updating this program, reporting program effectiveness, and assisting the program administrator in training of LCCC affected students, faculty and staff in program operation.
6. Sensitive Identifying Information is "any name or number that may be used, alone or in conjunction with any other information, to identify a specific person," including: name, address, email address, telephone number, social security number, date of birth, government issued driver's license or identification number, alien registration number, government passport number, employer or taxpayer identification number, student identification number, student bank routing and account number, central computer account name and password.

The college shall operate an Identity Theft Prevention Program according to the written Program document, hereby incorporated by reference and made a condition and part of this Procedure.

1. Approval and Management; Program Administration; Training; Annual Report

The Vice-President of Administration and Finance or such other person that may be appointed from time to time by the President of the College (hereinafter, the “Program Administrator”) is responsible for overall Program management and administration. The Program Administrator shall provide appropriate identity theft training for relevant LCCC employees and provide reports and periodic updates to the Program Administrative Committee of the College, as well as, the President and LCCC Board of Trustees on at least an annual basis.

The annual report shall identify and evaluate issues such as the effectiveness of the College’s policies and procedures for addressing the risk of identity theft with respect to covered accounts, oversight of service providers, significant incidents involving identity theft and the College’s response, and any recommendations for material changes to this policy or the Program. As part of the review, Red Flags may be revised, replaced, or eliminated. Defining new Red Flags may also be appropriate.

2. Sensitive Information to be Protected

The college shall protect sensitive information listed in the Program document in the following areas:

1. Personal information upon enrollment, hire or contract
2. Payroll Information
3. Medical Information for Employee or Student
4. Credit Card Information


3. Risk Assessment

Laramie County Community College will consider the following risk factors in identifying Red Flags for Covered Accounts, if appropriate:

1. The types of Covered Accounts we offer or maintain
2. The methods we provide to open Covered Accounts
3. The methods we provide to access Covered Accounts
4. Our previous experience with identity theft

Laramie County Community College will, from time to time, incorporate relevant Red Flags from sources such as:

1. Incidents of identity theft that we have experienced or that have been experienced by other colleges and universities
2. Methods of identity theft identified by us or other creditors that reflect changes in identity theft risks
3. Applicable supervisory guidance

Laramie County Community College will, from time to time, include relevant Red Flags from the following categories, if appropriate:

1. Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services
2. The presentation of suspicious documents
3. The presentation of suspicious personal identifying information, such as a suspicious address change
4. The unusual use of, or other suspicious activity related to, a Covered Account
5. Notices from customers, law enforcement authorities, or other persons regarding possible identity theft in connection with Covered Accounts
4. Examples of Red Flags

Examples of Red Flags recognized by the College are listed in the Program document according to the following categories:

1. Notifications or warnings from a Consumer Reporting Agency.
2. Suspicious documents.
3. Suspicious personal identifying information.
4. Unusual use of, or suspicious activity related to, the Covered Account.
5. Notice from customers and others regarding possible identity theft in connection with Covered Accounts held by the college.


5. Detection of Red Flags

The college shall address the detection of Red Flags in connection with the opening of Covered Accounts and existing Covered Accounts according to Program guidance.

6. Response to Red Flags

The college shall respond quickly to prevent identity theft in accordance with steps listed in the Program document. In all cases report Red Flags to Program Administrator.

7. Oversight of Service Providers

The College will make reasonable efforts to ensure that the activity of a service provider engaged by the College to perform an activity in connection with Covered Accounts, is conducted with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft. A service provider that maintains its own identity theft prevention program that is consistent with the policy of the College and the federal law and regulations may be considered to be meeting these requirements. An example of a major service provider could be an external entity that provides student loan administration, billing, reporting, etc.

8. Program Administration

Responsibility for developing, implementing and updating this Program lies with a Program Administrative Committee (Committee) for the College. The Committee is headed by the Program Administrator. Additional members of the committee will be appointed as necessary from departments within the College who deal with Covered Accounts or Sensitive Identifying Information within their departments. The Program Administrator will be responsible for ensuring appropriate training of College staff on the Program, for reviewing any staff reports regarding the detection of Red Flags and the steps for preventing and mitigating Identity Theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the Program.

9. Program Updates and Committee Report

The Committee will periodically review and update this Program to reflect changes in risks to students and the soundness of the College from Identity Theft. Updates will be reported at least annually to the President and the LCCC Board of Trustees in the Committee’s report on the Identity Theft Prevention Program.

The annual report should address material matters related to the Program and evaluate issues such as:

1. The effectiveness of the policies and procedures of the college in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts; service provider arrangements;
2. Significant incidents involving identity theft and the college’s response; and
3. Recommendations for material changes to the Program.