Identity Theft Prevention – Red Flags Rule
In response to the growing threats of identity theft in the United States, Congress passed the Fair and Accurate Credit Transactions Act of 2003 (FACTA). One of the provisions of FACTA required the Federal Trade Commission (FTC) and several other federal agencies to create a standard of rules regarding identity theft. On November 7, 2007, the FTC, in conjunction with several other federal agencies, promulgated a set of final regulations known as the “Red Flags Rule”.
The Red Flags Rule regulations require certain entities, including universities, to develop and implement a written Identity Theft Prevention Program aimed at combating identity theft. The Program must include reasonable policies and procedures for detecting, preventing and mitigating identity theft and enable the entity with covered accounts to:
- Identify relevant patterns, practices, and activities, dubbed “Red Flags”, signaling possible identity theft and incorporate those Red Flags into the Program
- Detect Red Flags
- Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft
- Ensure the program is updated periodically to reflect changes in risks
Although the FTC’s enforcement of the Red Flags Rule has been postponed until June 1, 2010, the University has already established a comprehensive Identity Theft Prevention Program that ensures the University’s compliance with the Red Flags Rule regulations, identifies risks associated with identity theft and mitigates the effects of identity theft upon the University, its employees, its students, its patients, its constituents and its customers. The University’s Identity Theft Prevention Program applies uniformly to the Storrs, Regional and Health Center campuses.
Program Documents and Forms
“Report of Suspected Identify Theft” Form (For use by ALL campuses)
Worksheet Forms (For use by ALL campuses EXCEPT UConn Health)