434
edits
Mhurlocker (talk | contribs) No edit summary |
Mhurlocker (talk | contribs) No edit summary |
||
Line 23: | Line 23: | ||
Policy No.: '''8011'''<br /> | Policy No.: '''8011'''<br /> | ||
Effective Date: '''01/13/10'''<br /> | Effective Date: '''01/13/10'''<br /> | ||
Revised Date: ''' | Revised Date: '''07/09/24'''<br /> | ||
Reviewed Date:07/ | Reviewed Date: '''07/09/24'''<br /> | ||
<br /> | <br /> | ||
'''<big>Red Flag Identity Theft Prevention Program</big>''' | '''<big>Red Flag Identity Theft Prevention Program</big>''' | ||
Line 52: | Line 52: | ||
# Address discrepancies that cannot be explained. | # Address discrepancies that cannot be explained. | ||
# Suspicious documents, including: | # Suspicious documents, including: | ||
#*photographs or physical descriptions inconsistent with the individual presenting the document; | #*photographs or physical descriptions inconsistent with the individual presenting the document; or | ||
#*incomplete, altered, forged, or inauthentic documents; or | #*incomplete, altered, forged, or inauthentic documents; or | ||
#*other personal identifying information inconsistent with information on file with the University. | #*other personal identifying information inconsistent with information on file with the University. | ||
Line 63: | Line 63: | ||
== Detecting Red Flags == | == Detecting Red Flags == | ||
#The following actions will be taken as appropriate to confirm the identity of customers when they open and/or access Covered Accounts: | #The following actions will be taken as appropriate to confirm the identity of customers when they open and/or access Covered Accounts: | ||
#* Obtain appropriate personal identifying information (e.g. photo identification, date of birth, academic status, | #* Obtain appropriate personal identifying information (e.g. photo identification, date of birth, academic status, username and password, address, etc.) prior to opening or allowing access to a covered account; or prior to issuing a new or replacement ID card. | ||
#* When certain changes are made to Covered Accounts online, the account holder shall receive notification to confirm the change is valid. | #* When certain changes are made to Covered Accounts online, the account holder shall receive notification to confirm the change is valid. | ||
#* Verify the accuracy of changes made to Covered Accounts that appear to be suspicious. | #* Verify the accuracy of changes made to Covered Accounts that appear to be suspicious. | ||
#Information systems containing Covered Account information shall be monitored by the | #Information systems containing Covered Account information shall be monitored by the Chief Information Security Officer to detect any unusual user activity that could indicate improper access to and/or use of consumer information. | ||
== Responding to Red Flags == | == Responding to Red Flags == | ||
Any staff member encountering a Red Flag shall assess the situation to determine if potential identity theft exists. The assessment may determine no risk of identity theft is present (i.e. a mistake has occurred or the occurrence is readily explainable). If, after preliminary investigation, the employee suspects identity theft may have occurred, they shall notify the Chief Compliance Officer at 402-559-9576 or 402-559-6767.<br /><br /> | Any staff member encountering a Red Flag shall assess the situation to determine if potential identity theft exists. The assessment may determine no risk of identity theft is present (i.e. a mistake has occurred or the occurrence is readily explainable). If, after preliminary investigation, the employee suspects identity theft may have occurred, they shall notify the Chief Compliance Officer at 402-559-9576 or 402-559-6767.<br /><br /> | ||
Line 72: | Line 72: | ||
The Chief Compliance Officer shall further investigate the matter, implementing the Information Security Incident Reporting and Response and/or the Privacy Incident Response Plan Procedures as appropriate. If identity theft is confirmed, the following actions will be taken in coordination with the department managing the Covered Account to mitigate harm, as appropriate, based on the individual circumstances: | The Chief Compliance Officer shall further investigate the matter, implementing the Information Security Incident Reporting and Response and/or the Privacy Incident Response Plan Procedures as appropriate. If identity theft is confirmed, the following actions will be taken in coordination with the department managing the Covered Account to mitigate harm, as appropriate, based on the individual circumstances: | ||
# Notify campus security | # Notify campus security | ||
# Notify Information Technology | |||
# Notify the Covered Account holder if the holder is the identity theft victim | # Notify the Covered Account holder if the holder is the identity theft victim | ||
# Notify the lending institution for student loans or the appropriate UNMC department that awards student aid loans to students/third party student loan service providers | # Notify the lending institution for student loans or the appropriate UNMC department that awards student aid loans to students/third party student loan service providers | ||
Line 99: | Line 100: | ||
*Regents Policy 6.6.12, Red Flag Identity Theft Prevention Program | *Regents Policy 6.6.12, Red Flag Identity Theft Prevention Program | ||
This page maintained by [mailto: | This page maintained by [mailto:mhurlocker@unmc.edu mh]. |