New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

Slides:

Advertisements

Similar presentations

Consumer Protection Laws Dino Tsibouris (614)

Advertisements

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a Red Flag: Understanding the Fair and Accurate Credit Transactions Act, the Red Flag.

Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.

Compliance with Federal Trade Commission’s “Red Flag Rule”

WELCOME Iowa State University Identity Theft Prevention Program

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.

Red Flag Rules: What they are? & What you need to do

© Chery F. Kendrick & Kendrick Technical Services.

Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.

Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.

©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator. The Red Flag Rule Detecting, Preventing, and Mitigating.

Red Flags 101. What It’s All About Section’s 114 and 315 of the FACT Act were implemented in October 2007 and became effective January 1, These.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

“Red Flag” Regulations Maine Association of Community Banks BANK EXPO 2008 April 15, 2008.

Red Flags Rule & Municipal Utilities

 Federal Trade Commission (FTC)  Final Regulations issued November, 2007 › Effective 1/1/08 › Compliance and Enforcement Date 11/1/08  Enforcement.

IDENTITY THEFT & THE RED FLAGS RULE Presented by Brady Keith, Assistant General Counsel CREDIT MANAGEMENT SERVICES, INC.

University of Minnesota Identity Theft Prevention Program: Red Flags Rule Detecting, Preventing, and Mitigating Identity Theft This presentation was adapted.

© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a “Red Flag”: Understanding the Fair and Accurate Credit Transactions Act, the “Red Flag”

1 The FACT Act – An Overview The FACT Act An Overview of the Final Rulemaking on Identity Theft Red Flags and Address Discrepancies Naomi Lefkovitz Attorney,

Identity Theft and Red Flag Rules Training Module The University of Texas at Tyler.

Red Flags Compliance How It Has Changed Customer Policies & Procedures Teresa Corlew, Vice President Customer Care Nashville Electric Service September.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.

Practical Steps to Minimize Privacy Risks: Understanding The Intersection Between Information Management and Privacy Law Presented by Alexandria McCombs.

Equal Credit Opportunity Act (ECOA) 2012

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Detecting, Preventing, and Mitigating Identity Theft

© Chery F. Kendrick & Kendrick Technical Services.

Copyright 2007, Integrated Compliance Solutions, LLC FACT Act Red Flags Bank Compliance Association of Connecticut September 3, 2008 Copyright 2007, Integrated.

Tiffany George Attorney, Division of Privacy & Identity Protection Federal Trade Commission COMPLYING WITH THE RED FLAGS RULE & ADDRESS DISCREPANCY RULE.

FAIR CREDIT REPORTING ACT.  Serves the following principal purposes:  To regulate the consumer-reporting industry.  To prohibit unfair actions from.

2015 ANNUAL TRAINING By: Denise Goff

Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”

The FTC’s Red Flag Rule. FTC Red Flag Regulations Why the Red Flag Regulations?

Red Flag Rules Training Class SD 428. Red Flag Rules SD 428 The Red Flag Rules course (SD 428) was implemented at UTSA to meet the requirements and guidelines.

Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.

FTC RED FLAG RULE As many as nine million Americans have their identities stolen each year. Identity thieves may drain their accounts, damage their credit,

Lydia E. Payne-Johnson Peter A. Rabinowitz PricewaterhouseCoopers, LLP Harvard University August 20, 2008 New Identity Theft Red Flags Rule: What is New.

IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.

Available from BankersOnline.com/tools 1 FACT ACT RED FLAG GUIDELINES.

Red Flag Training IDENTITY THEFT PREVENTION PROGRAM OVERVIEW AUTOMOTIVE.

Technology Supervision Branch Interagency Identity Theft Red Flags Regulation Bank Compliance Association of CT Bristol, CT September 3, 2008.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

BSA PROGRAM REQUIREMENTS.  Written, approved by the board of directors, and noted in the board minutes.  Based on the risk assessment  Fully implemented.

ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING

1 Identity Theft Prevention and the Red Flag Rules.

FDIC Perspective on Environmental Risk Presented by: Gordon Stoner Legal Division Federal Deposit Insurance Corporation May 6, 2008.

Red Flags Rule Red Flags Rule Staff Training Course Practice Administrator SAMPLE AAP PEDIATRICS.

IDENTITY THEFT What’s a lawyer to do. H. Amos Goodall, Jr

University of St. Thomas

Citi fraud/identity theft TRAINING

Red Flags Rule An Introduction County College of Morris

Red Flag Review and Updates

Identity Theft Prevention Program Training

UCA Gramm-Leach Bliley Act (GLBA) Safeguards Rule Compliance Training Effective June 12, 2018 Adapted from materials published by the Federal Trade Commission.

Clemson University Red Flags Rule Training

FACT Act Training for Staff Identity Theft “Red Flags”

Getting the Green Light on the Red Flags Rule

Presentation transcript:

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE

Big Picture of New Rules It’s not about privacy of personally identifiable information It’s not about the security of information systems It’s about protecting individuals from identity theft once their identity has been assumed by another individual Thus, RED FLAGS! ~ a pattern, practice, or specific activity that indicates the possible existence of identity theft

Statutory Basis  The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) amended the Fair Credit Reporting Act (FCRA)  Sections 114 and 315 of the FACT Act

Rulemaking  Joint rulemaking  Final rules published November 9, 2007 Rules: 72 Fed. Reg (November 9, 2007)  Full compliance originally required by November 1, 2008  Deadline extended to May 1, 2009

New ID Theft Rules Users of Consumer Reports (Sec ) Financial Institutions and Creditors holding “covered accounts” (Sec ) Debit and Credit Card Issuers (Sec )

Use of Consumer Reports Effective November 1, 2008 Duties of users regarding address discrepancies Triggered by a notice of address discrepancy sent from a consumer reporting agency to an institution to inform them of a “substantial difference between the address for the consumer” that the institution provided

Policies and Procedures Institutions must develop and implement reasonable policies and procedures designed to enable the institution to form a reasonable belief that a consumer report relates to the consumer Comparing the information in the consumer report with: Information the institution obtains and uses to verify the consumer’s identity Maintains in its own records, such as applications, change of address notifications, other customer account records, etc.; or Obtains from third-party sources. Verifying the information in the consumer report provided by the consumer reporting agency with the consumer.

Consumer’s Address Institutions must develop and implement reasonable policies and procedures for furnishing an address for the consumer that the institution has reasonably confirmed is accurate to the consumer reporting agency from whom it received the notice of address discrepancy Examples of confirmation methods: Verifying the address with the consumer Reviewing its own records to verify the address Verifying the address through third-party sources; or Using other reasonable means

Creditors Holding “Covered Accounts” Effective May 1, 2009 Creditor - any entity that regularly extends, renews, or continues credit Conduct periodic risk assessments to determine if the institution has “covered accounts” Jurisdiction of FTC- “Where non-profit and government entities defer payment for goods or services, they, too, are to be considered creditors.” FTC Business Alert, June 2008

Covered Account Credit card accounts Mortgage loans Automobile loans Margin accounts Cell phone accounts Utility accounts Checking accounts Savings accounts Any account for which there is “a foreseeable risk of identity theft”

Application to Higher Ed Participating in the Federal Perkins Loan program, Participating as a school lender in the Federal Family Education Loan Program, Offering institutional loans to students, faculty, or staff, or Offering a plan for payment of tuition throughout the semester rather than requiring full payment at the beginning of the semester

ID Theft Prevention Program Include reasonable policies and procedures to detect or mitigate identity theft and enable a creditor to: Identity relevant “red flags” (patterns, practices, and specific activities that signal possible identity theft) and incorporate them into the program; Detect the red flags that the program incorporates; Respond appropriately to detected red flags to prevent and mitigate identity theft; and Ensure that the Program is updated periodically to reflect changes in risks

Administration and Maintenance The board of directors (or appropriate board committee) must approve the initial written program. Involve the board, committee, or designated employee at the level of senior management in the oversight, development, implementation, and administration of the program Train staff, as necessary, to effectively implement the Program; and Exercise appropriate and effective oversight of service provider arrangements.

Conclusion This is clearly a legal and regulatory compliance issue This is mostly about business processes There will be implications for IT – but what??? Information Privacy and Security Technology Support of Business Processes Programs, Policies, Procedures, and Training Management of Identities to Prevent Fraud