The New England College of Optometry Identity Theft Prevention Program October 30, 2009 _

Similar documents
Olivet Nazarene University Identity Theft Prevention Program

LOUISIANA COMMUNITY & TECHNICAL COLLEGE SYSTEM Policy # Title: IDENTITY THEFT PREVENTION PROGRAM

Fitchburg State College Identity Theft Prevention Program updated 11/17/09

UNIVERSITY OF DENVER POLICY MANUAL IDENTITY THEFT PREVENTION

IDENTITY THEFT DETECTION POLICY

AIMS COMMUNITY COLLEGE PROCEDURE IDENTITY THEFT PREVENTION - RED FLAG PROCEDURE

NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES)

Minnesota State Colleges and Universities Identity Theft Prevention Program

CENTRAL MICHIGAN UNIVERSITY CHAPTER 13

Middlebury Institute of International Studies Identity Theft Prevention Program

PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

Middlebury College Identity Theft Prevention Program

Riverside Community College District Policy No Student Services PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

30.17 Identity Theft Protection Policy October 2018

(2) Detect red flags that have been incorporated into the program;

Financial Transaction

WASHTENAW COMMUNITY COLLEGE IDENTITY THEFT DETECTION, PREVENTION, AND MITIGATION PROGRAM

EXHIBIT A IDENTITY THEFT PREVENTION PROGRAM

Identity Theft Prevention Program. Approved by the Board of Trustees on February 20, 2009

Chapter Five: Student Services and Operations AP 5800 PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

ADMINISTRATIVE PROCEDURE 5800 DESERT COMMUNITY COLLEGE DISTRICT

Identity Theft Prevention Program

IV:07:11 IDENTITY THEFT PREVENTION POLICY SECTION 1: BACKGROUND

AP 5800 PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

Prevention of Identity Theft in Student Financial Transactions

Palomar Community College District Procedure AP 5900 PREVENTION OF IDENTITY THEFT IN STUDENT FINANCIAL TRANSACTIONS

Identity Theft Prevention Program

TITLE II ADMINISTRATIVE REGULATIONS IDENTITY THEFT PREVENTION PROGRAM

Clarion University Identity Theft Prevention Program

Identity Theft Prevention Program

THE COOPER UNION FOR THE ADVANCEMENT OF SCIENCE AND ART. February 24, 2010

Illinois Eastern Community Colleges. Frontier Community College Lincoln Trail College Olney Central College Wabash Valley College

POLICY: Identity Theft Red Flag Prevention

University Identity Theft and Detection Program

Attachment to Identity Theft Prevention Service Provider Attestation

Policy Statement. Definitions -Covered Account -Identifying Information -Identity Theft -Red Flag

Washington Association of Sewer and Water Districts (WASWD) IDENTITY THEFT PREVENTION PROGRAM

Identity Theft Prevention. Red Flags. Training Program

Christopher Newport University. Policy: Red Flag Identity Theft Identification and Prevention Program Policy Number: 3030

Identity Theft Prevention Program Procedure

CITY OF ISSAQUAH. Identity Theft Prevention Program

California State University Bakersfield Identity Theft Prevention ( Red Flag ) Implementation Plan

WEST VIRGINIA UNIVERSITY BOARD OF GOVERNORS POLICY 54. Rule on Identity Theft Detection and Prevention Program

Procedure for Identity Theft Prevention Program

Identity Theft Prevention Program (DRAFT)

The Interagency Guidelines on Identity Theft Detection, Prevention and. Mitigation, commonly referred to as the Red Flag Rules, require each financial

Note: Action items are italicized

University of Cincinnati FACTA Red Flag Identity Theft Prevention Program

University of Connecticut IDENTITY THEFT PREVENTION PROGRAM

AUDIT AND FINANCE COMMITTEE Wednesday, June 17, 2009

UM Identity Theft Protection Policy

16 CFR Duties regarding the detection, prevention, and mitigation of identity theft.

Red Flags Rule Identity Theft Training Program

Identity Theft Prevention Program Lake Forest College Revision 1.0

The Federal Identity Theft Red Flag Rules and North Carolina Local Health Departments

Jack Byrne Ford & Mercury Identity Theft Program (ITPP)

POLICY SUMMARY FORM. Unit(s) Responsible for Policy Implementation: Vice President for Finance and Administration

CoreLogic Credco First American Way Poway, CA (800)

IDENTITY THEFT RED FLAG POLICY/GUIDELINES JULY 2008

Identity theft detection, prevention and mitigation policy. (a) : policies and procedure for student records;

ORGANIZATIONAL MANUAL

Polson/ Ronan Ambulance Service Identity Theft Prevention Program

Number: Identity Theft Program Procedures and Protocol Responsible Office: Business and Finance

Chapter 3. Identifying Red Flags. 3:1 Overview

SCOPE AND APPLICABILITY: This policy is applicable to all University faculty and staff.

LexisNexis Developing an Effective Red Flags Rule Program

The FACT Act An Overview

PROCEDURE. This procedure is intended to identify third party arrangements and red flags involving College activities that will:

ADMINISTRATIVE POLICY STATEMENT

B. The College is considered a "creditor" under the Red Flags Rule because it defers payment for services rendered.

The National Association of Community Health Centers, Inc. Issue Brief on. Complying with the FTC s Red Flag Rules. February, 2009

RED FLAGS IDENTITY THEFT PREVENTION PROGRAM. Raleigh Radiology, LLC. Raleigh Radiology Associates. January 21, 2009

Identity Theft Prevention: The FTC s Red Flags Rules and Health Care Providers HCCA Physician Practice Compliance Conference October 13, 2009

Red Flag Rule Procedures Under Princeton University s Identity Theft Prevention Program Effective: December 31, 2010

Medical Identity Theft Prevention Policy

Eastpointe Community Credit Union Identity Theft and Deterrence Policy

Red Flag! Now What? An SME s Guide for FACTA Red Flag Compliance. see} white paper

DAWSON PUBLIC POWER DISTRICT 300 South Washington Street P. O. Box Lexington, Nebraska Tel. No.- 308/324/2386 Fax No.

NEW FTC RED FLAG REQUIREMENTS AS APPLICABLE TO CREDITORS AND COVERED ACCOUNTS

Identity Theft Prevention Program Red Flag Rule

Driven. FTC Red Flags and Address Discrepancy Rules: Protecting Against Identity Theft L50 L50

RED FLAG LAW made EASY! HIPAA made EASY. Training, Implementation & Sign-off Sheets

FOX VALLEY ORTHOPEDICS. Identity Compliance Program

IDENTITY THEFT RED FLAGS AND RESPONSES

The Red Flags Rule: Key Points and Safe Harbors. Jill Moore April 2009

THE CHILDREN'S MERCY HOSPITAL ADMINISTRATIVE POLICY

Secure Opening Plus Requirements for the Identity Theft Red Flag Program

2018/2019 Federal Graduate PLUS Loan Fact Sheet

CLIENT UPDATE SEC AND CFTC ISSUE FINAL RULES ON IDENTITY THEFT PROTECTION

RED FLAG RULES ANNUAL REPORT TO MAYOR AND COUNCIL

Compliance With the Red Flags Rules

Subject: Identity Theft, G-113 Department: All & Branches References: Part 717, NCUA Rules and Regs, FACT Act, Companion SOP s G-30 (Opening New

Regulatory Update OLA Fall Meeting. Suzanne Garwood

A Step By Step Guide To Dealership Compliance Team One research and Training /Summit Group

5. HIMSS EHR Incentive Calculation Worksheet for Non Critical Access Hospitals

Title: Document Retention Policy Type: Finance No: Approval Date: May 20, 2015 Responsible Office: Vice President for Business and Finance

MEMORANDUM. Red Flag Identity Theft Regulations: Implications for Nursing Facilities and Assisted Living Facilities 1

CHAPTER 22 MANDATED POLICIES ARTICLE I IDENTITY THEFT PREVENTION POLICY

Transcription:

The New England College of Optometry Identity Theft Prevention Program October 30, 2009 _ Policy Adoption The New England College of Optometry ( College ) has developed an Identity Theft Prevention Program ( ITPP ), pursuant to the Federal Trade Commission's Red Flags Rule, 16 C. F. R. 681.2, that implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003. These regulations require financial institutions and creditors that hold covered accounts to develop and implement an identity theft prevention program for new and existing accounts. (See definitions below). The FTC regulations include a list of twenty-six red flags that might indicate the potential for identity theft. All creditors are required to review their processes, and identify applicable red flags either from the FTC s list, or ones more appropriate to their situation. Creditors are then required to define the steps by which the red flags will be detected and their response once a red flag is detected. The College s ITPP has been developed by an internal team whose membership was primarily composed of personnel from the Student Services and the Business Office staff with oversight by the College s Audit and Compliance Committee. The College s clinical teaching affiliate, New England Eye Institute, Inc. has developed its own ITPP that is appropriate for a clinical setting with oversight by the College s Clinical System Committee. Based on the definitions used in these regulations, the College has identified areas of risk to include Awarding and repayment of student loans, such as Perkins Loans or HPSL Awarding and repayment of institutional loans and emergency loans for its students Refunding of excess financial aid to its students, and Deferred tuition plans After consideration of the nature and scope of the College's operations and the definitions under the operations and account systems, the nature and scope of the College s activities, and the pattern and risks of identity theft, it was determined that this ITPP to be appropriate for the College. Policy Purpose The purpose of this policy is to establish an ITPP to detect, prevent and mitigate identity theft in connection with the opening of a Covered Account or an existing Covered Account and to provide 1

for continued administration of the ITPP. The ITPP shall include reasonable policies and procedures to: Identify relevant red flags for Covered Accounts it offers or maintains and incorporate those red flags into the program Detect red flags that have been incorporated into the ITPP Respond appropriately to any red flags that are detected to prevent and mitigate Identity Theft, and periodically update the ITPP to reflect changes in risks to students and to the safety and soundness of the creditors from identity theft. The program shall, when appropriate, incorporate existing College policies and procedures in order to control reasonably foreseeable risks. Policy Definitions Account means continuing relationship with a creditor to obtain a product or service that includes deferred payments for services or property. Covered Account is An account offered or maintained by the College primarily for personal, family, and household purposes that involves or is designed to permit multiple payments or transactions; and Any other account offered or maintained by the College for which identity theft is a reasonably foreseeable risk that may impact the College s customers or the safety and soundness of the Colleges including financial, operational, compliance, reputation, or litigation risks. An example of a Covered Account is a student loan. Identify Theft means fraud committed or attempted use of the identifying information of another person without proper authority. Identifying Information is any information that is requested in conjunction with a Covered Account that may be used alone, or in conjunction with any other information, to identity a specific person. ITPP Administrator means that the College senior management is to have primary responsibility for the implementation and oversight of the ITPP. Red Flag is a pattern, practice, or specific activity that indicates the possible existence of identity theft. The FTC regulations provide a list of 26 common red flags; organizations may decide that some of these 26 are not applicable, and/or that other red flags are more useful. 2

The College has identified accounts that are either administered by the College or by a service provider. College Covered Accounts may be: Refund of credit balances involving [Direct, Perkins, HPSL, FFE, etc.] loans Refund of credit balances Deferment of tuition payments Emergency loans Service provider Covered Account: Loan repayment plans administered by ECSI; refer to Oversight of Service Provider Arrangements below. Identification of Relevant Red Flags The Program considers the following risk factors in identifying relevant red flags for Covered Accounts: The methods provided to open Covered Accounts upon acceptance to the College and enrollment in classes requires some, if not all, of the following information: Common application with personal identifying information College transcripts Official OAT scores Two letters of recommendation Immunization history Evidence of health insurance Evidence of citizenship, and Evidence of proper visa if not a U.S. citizen or resident alien The ITPP identifies the following potential red flags: Documents provided for identification appear to have been altered or forged The photograph or physical description on the identification is not consistent with the appearance of the student presenting the identification A request made to access a Covered Account from a non-college issued E-mail account; A request to mail something to an address not listed on file; and Notice from customers who are victims of identity theft, law enforcement authorities, or other persons including credit or regulatory agencies regarding possible identity theft in connection with Covered Accounts. 3

For example, the ITPP will specifically detect red flags relevant to each type of Covered Account as follows: Refund of a credit balance in a loan as directed by federal regulations (U.S. Department of Education), a refund of credit balance is required to be refunded in the borrower s name and mailed to his/her address on file within the time period specified. Red Flag Address discrepancy or request from one other than the borrower Refund of excess financial aid requests from current students must be made in person by presenting a College ID or in writing from the student s college issued e-mail account. The refund check can only be mailed to an address on file or picked up in person by the student by showing a College picture ID. Requests from students on clinical rotation must be made in writing along with a copy of College ID Red Flag Picture ID not appearing to be authentic or not matching the appearance of the student presenting it. Request not coming from a student issued e-mail account. Bank account does not match account detail into which funds previously wired. Deferment of tuition payment requests are made in person only and require the student s signature and presentation of College ID. Red Flag Picture ID not appearing to be authentic or not matching the appearance of the student presenting it. Response The ITPP shall provide for appropriate responses to detected red flags to prevent and mitigate Identity Theft. The appropriate responses to the relevant red flags are as follows: Deny access to the Covered Account until other information is available to eliminate the red flag; Contact the student; Change any passwords, security codes or other security devices that permit access to a Covered Account Notify law enforcement and/or appropriate regulatory agencies. Determine no response is warranted under the particular circumstances Oversight of the Program Responsibility for developing, implementing and updating the ITPP lies with the College Senior Management. It will be responsible for the ITPP administration, 4

for ensuring appropriate training of College s staff, for reviewing any staff reports regarding the detection of Red Flags and the steps for preventing and mitigating Identity Theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the ITPP Updating the Program The ITPP will be periodically reviewed and updated to reflect Changes in risks to students and staff, College experiences with identity theft, Changes in regulatory requirements, i.e. Red Flag regulations, FERPA, etc. Trends in identity theft methods Best practices in identity theft detection and prevention methods, Changes in types of accounts the College maintains, and Changes in the College's business arrangements with other entities. Staff Training College staff shall be trained under the direction of Senior Management in the detection of Red Flags, and the responsive steps to be taken when a Red Flag is detected. Oversight of Loan Service Provider Arrangements The College shall take steps to ensure that the activity of a service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft whenever the organization engages a service provider to perform an activity in connection with one or more Covered Accounts. Currently the College uses ECSI, located in Pittsburgh PA, to administer the repayment of institutional loans. Students may contact ECSI directly through its website or by telephone and provide personal identifying information to be matched to the records that the College has provided to ECSI. 5

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback