Policy Number: 3-29
Policy Name: Red Flag Identity Theft Prevention Program
Date: November 2, 2009; January 2013
This policy addresses the University’s procedures for detecting, preventing,
and mitigating identity theft in connection with “covered accounts”
as indicated by the Identity
Theft Red Flag Rule (Sections 114 and 315 of the Fair and Accurate Credit
Transactions Act). This policy is intended to detect, prevent, and mitigate
opportunities for identity theft at the University of Delaware. The Red Flag
Rule applies to the University because of its participation in the Perkins
and Nursing Loan programs, its small emergency loan program, the extension
of credit for student accounts, the UD1 Flex stored value card, and the fact
that the University requests credit reports for some potential employees.
Analysis of the type and scope of activity covered in the regulation and the risk assessment of potential identity theft opportunities has resulted in a determination that there is a low level risk of possible identity theft at the University. However, the risk to the University and its students, faculty, staff and other customers from data loss and identity theft is of significant concern to the University and the University will make reasonable efforts to detect, prevent and mitigate identity theft associated with an account. This policy is intended to work in conjunction with University policies involving institutional data, health privacy, and privacy and release of student educational records as well as any other privacy and security standards and requirements.
- A committee will be appointed to oversee the University’s compliance to these regulations.
- All University staff with access to “covered accounts” will participate in “Red Flag Training” developed
by the committee appointed to the oversight of this policy.
- Third-party vendors used for loan or collection activity must confirm their compliance to the Red Flag
- Anyone claiming to be the victim of identity theft should be directed to Public Safety to file a police report.
e. Oversight of Service Providers:
- The University employs University Accounting Service Inc. (UAS), a loan servicer, for the purpose of billing and collection of Perkins and Nursing loan payments. The only information that is shared with UAS is information required to bill and collect loan payments as established by the United States Department of Education. This includes student name, address, telephone number, social security number, and date of birth. The University will collect and maintain documents from UAS attesting to their compliance with “Red Flag Rules”.
- This policy will be re-evaluated annually to determine whether all aspects of the program are up-to-date and applicable in the current business environments, and revised as necessary. Operational responsibility of the program is delegated to the Assistant Vice President for Treasury Services.
Responsible Unit: Vice President for Finance