Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

Published byShavonne Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE."— Presentation transcript:

1 New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE

2 Big Picture of New Rules It’s not about privacy of personally identifiable information It’s not about the security of information systems It’s about protecting individuals from identity theft once their identity has been assumed by another individual Thus, RED FLAGS! ~ a pattern, practice, or specific activity that indicates the possible existence of identity theft

3 Statutory Basis  The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) amended the Fair Credit Reporting Act (FCRA)  Sections 114 and 315 of the FACT Act

4 Rulemaking  Joint rulemaking  Final rules published November 9, 2007 Rules: 72 Fed. Reg. 63718 (November 9, 2007) http://www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf  Full compliance originally required by November 1, 2008  Deadline extended to May 1, 2009

5 New ID Theft Rules Users of Consumer Reports (Sec. 681.1) Financial Institutions and Creditors holding “covered accounts” (Sec. 681.2) Debit and Credit Card Issuers (Sec. 681.3)

6 Use of Consumer Reports Effective November 1, 2008 Duties of users regarding address discrepancies Triggered by a notice of address discrepancy sent from a consumer reporting agency to an institution to inform them of a “substantial difference between the address for the consumer” that the institution provided

7 Policies and Procedures Institutions must develop and implement reasonable policies and procedures designed to enable the institution to form a reasonable belief that a consumer report relates to the consumer Comparing the information in the consumer report with: Information the institution obtains and uses to verify the consumer’s identity Maintains in its own records, such as applications, change of address notifications, other customer account records, etc.; or Obtains from third-party sources. Verifying the information in the consumer report provided by the consumer reporting agency with the consumer.

8 Consumer’s Address Institutions must develop and implement reasonable policies and procedures for furnishing an address for the consumer that the institution has reasonably confirmed is accurate to the consumer reporting agency from whom it received the notice of address discrepancy Examples of confirmation methods: Verifying the address with the consumer Reviewing its own records to verify the address Verifying the address through third-party sources; or Using other reasonable means

9 Creditors Holding “Covered Accounts” Effective May 1, 2009 Creditor - any entity that regularly extends, renews, or continues credit Conduct periodic risk assessments to determine if the institution has “covered accounts” Jurisdiction of FTC- “Where non-profit and government entities defer payment for goods or services, they, too, are to be considered creditors.” FTC Business Alert, June 2008

10 Covered Account Credit card accounts Mortgage loans Automobile loans Margin accounts Cell phone accounts Utility accounts Checking accounts Savings accounts Any account for which there is “a foreseeable risk of identity theft”

11 Application to Higher Ed Participating in the Federal Perkins Loan program, Participating as a school lender in the Federal Family Education Loan Program, Offering institutional loans to students, faculty, or staff, or Offering a plan for payment of tuition throughout the semester rather than requiring full payment at the beginning of the semester

12 ID Theft Prevention Program Include reasonable policies and procedures to detect or mitigate identity theft and enable a creditor to: Identity relevant “red flags” (patterns, practices, and specific activities that signal possible identity theft) and incorporate them into the program; Detect the red flags that the program incorporates; Respond appropriately to detected red flags to prevent and mitigate identity theft; and Ensure that the Program is updated periodically to reflect changes in risks

13 Administration and Maintenance The board of directors (or appropriate board committee) must approve the initial written program. Involve the board, committee, or designated employee at the level of senior management in the oversight, development, implementation, and administration of the program Train staff, as necessary, to effectively implement the Program; and Exercise appropriate and effective oversight of service provider arrangements.

14 Conclusion This is clearly a legal and regulatory compliance issue This is mostly about business processes There will be implications for IT – but what??? Information Privacy and Security Technology Support of Business Processes Programs, Policies, Procedures, and Training Management of Identities to Prevent Fraud

Download ppt "New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE."

Similar presentations

Consumer Protection Laws Dino Tsibouris (614) 360-1160

Consumer Protection Laws Dino Tsibouris (614)
Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.

Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.

Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.
© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a Red Flag: Understanding the Fair and Accurate Credit Transactions Act, the Red Flag.

© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a Red Flag: Understanding the Fair and Accurate Credit Transactions Act, the Red Flag.
Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.

Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
WELCOME Iowa State University Identity Theft Prevention Program

WELCOME Iowa State University Identity Theft Prevention Program
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.

Detecting, Preventing and Mitigating Identity Theft Presented by the Bursar’s Office.
1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.

1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
© Chery F. Kendrick & Kendrick Technical Services.

© Chery F. Kendrick & Kendrick Technical Services.
Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.

Red Flag Identity Theft Training California State University, Fullerton Campus Information Technology Training August 2012.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.

Are You Ready? Identity fraud and identity management are quickly becoming critical operational concerns for the financial industry. The Red Flags Guidelines.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A. 2618 Centennial.

Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
©2012 CliftonLarsonAllen LLP 1 111 Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.

©2012 CliftonLarsonAllen LLP Red Flags- Why This Matters to You An overview of the FACT Act Identity Theft Red Flag Rule and its current impact.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Similar presentations

Ads by Google