Fayetteville Policies and Procedures 313.5
Identity Theft Prevention Program (Red Flag Detection and Response)
Background and Scope
In November 2007, the Federal Trade Commission, the federal bank regulatory agencies,
and the National Credit Union Administration, published a joint notice of final rulemaking
in the Federal Register (72 FR 63718) finalizing the Identity Theft Red Flags regulation
and guidelines. The Red Flags Rule (“the Rule”), promulgated pursuant to the Fair
and Accurate Credit Transactions Act of 2003, requires financial institutions and
creditors to develop and implement a written “identity theft prevention program.”
The University of Arkansas is covered by the Rule, and the University of Arkansas
Board of Trustees approved an Identity Theft Prevention Program (“Program”) on April
17, 2009 for the University of Arkansas System.
The Program requires each University of Arkansas campus to identify relevant Red Flags
for new and existing covered accounts and incorporate those Red Flags into a campus
program; detect Red Flags that have been incorporated into the program; respond appropriately
to any Red Flags that are detected in order to seek to prevent and mitigate Identity
Theft; and ensure the campus program is updated periodically to reflect changes in
risks to students or to the safety and soundness of the student from Identity Theft.
This policy acknowledges the establishment of a campus Identity Theft Prevention Plan
as directed by the Board of Trustees.
For purposes of this policy, the following terms are defined:
Identity Theft
A fraud committed or attempted using the identifying information of another person
without authority.
Red Flag
A pattern, practice, or specific activity that indicates the possible existence of
Identity Theft.
Covered Account
Any consumer account, establishing an ongoing relationship primarily for personal
purposes, designed to obtain a product or service that permits multiple payments or transactions,
or for which there is otherwise a foreseeable risk of Identity Theft.
Policy
Any unit with activities that are considered covered accounts under the Red Flag Rule must implement the campus Identity Theft Prevention Plan and complete the training program. The Campus Plan Administrator will distribute a copy of the campus plan to all unit directors, along with a questionnaire to assist with identifying covered accounts or other activities subject to the Red Flag rule. Persons with concerns regarding potential identity theft in connection with University operations should contact the office of the Associate Vice Chancellor for Financial Affairs.
Reformatted for Web April 3, 2014
August 23, 2010