Policies and Procedures

Policy Number:  3.7000
Subject Area:  Business Services and Finances 
Adopted: 12/17/2009
Revised: 12/17/2009

In response to the growing threats of identity theft in the United States, Congress passed the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which amended a previous law, the Fair Credit Reporting Act (FCRA). This amendment to FCRA charged the Federal Trade Commission (FTC) and several other federal agencies with promulgating rules regarding identity theft. On November 7, 2007, the FTC, in conjunction with several other federal agencies, promulgated a set of final regulations known as the “Red Flags Rule”.

 The Red Flags Rule regulations require entities with accounts covered by the Red Flags

Rule regulations, including community colleges, to develop and implement a written Identity Theft Prevention Program for combating identity theft in connection with certain accounts.

 PURPOSE AND SCOPE

The purpose of this document is to ensure the compliance of Kaskaskia College with the Red Flags Rule regulations, to identify risks associated with identity theft, and to mitigate the effects of identity theft.  The scope of Red Flags applies to accounts that are credit accounts, such as student’s deferred payment plans, and other accounts with risks of identity theft including students, employees, and 1099 vendors.

 Under the Red Flags Rule, Kaskaskia College is required to establish an Identity Theft Prevention Program to include reasonable policies and procedures for detecting, preventing and mitigating identity theft and enable the entity with covered accounts to:

  • Identify relevant Red Flags for new and existing covered accounts and incorporate those Red Flags into the Program;
  • Detect Red Flags that have been incorporated into the Program;
  • Respond appropriately to any Red Flags that are detected to prevent and mitigate Identity Theft;
  • Ensure the policy and procedures are updated periodically to reflect changes in risks.

 DEFINITIONS

  • Red Flag:  A pattern, practice, or specific activity that indicates the possible existence of Identity Theft.
  • Identity Theft:  Fraud committed using the identifying information of another person.
  • Covered Account:   The Red Flags Regulations define the term “covered account” to mean an account that the College offers or maintains, primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions.
  • Any other account that the College offers or maintains for which there is a reasonably foreseeable risk to customers, or to the safety and soundness of the financial institution, or creditor from identity theft, including financial, operational, compliance, reputation, or litigation risks.

The accounts or records that have been identified as covered accounts by Kaskaskia College are:

  • Student Accounts and Records
  • Financial Aid Accounts and Records
  • Employee Accounts and Records
  • Direct Deposit Records
  • Individual vendor (1099) types of account
  • Library Records

 Identifying information:  Any name or number that may be used, alone or in conjunction with any other information, to identify a specific person, including:

  • Name
  • Address
  • Social security number
  • Date of birth
  • Government issued driver’s license or identification number
  • Alien registration number
  • Government passport number
  • Employer or taxpayer identification number
  • Student identification number
  • Telecommunication Identifying Information or access device
  • Unique biometric data or other unique physical representation
  • Unique electronic identification number, address, or routing code

 IDENTIFICATION OF RED FLAGS

A “Red Flag” is a pattern, practice, or specific activity that indicates the possible existence of identity theft. In order to identify relevant Red Flags, the College considers the types of accounts that it offers and maintains, the methods it provides to open its accounts, the methods it provides to access its accounts, and its previous experiences with actual and attempted Identity Theft.  The Red Flags considered for inclusion are organized in five categories and are listed in Appendix A.

 OVERSIGHT

As permitted by the Red Flags Rule regulations, responsibility for overseeing the administration of the Program has been delegated by the Board of Trustees of Kaskaskia College to the Vice President of Administrative Services with the compliance monitoring responsibility to be performed by the Program Administrator and the Identity Theft Committee.

 Approval History:  Replaces Identity Theft Pursuant to Red Flags Rule Policy 4.7 approved December 17, 2009