2,654
edits
mNo edit summary |
No edit summary |
||
Line 21: | Line 21: | ||
Policy No.: '''8011'''<br /> | Policy No.: '''8011'''<br /> | ||
Effective Date: '''01/13/10'''<br /> | Effective Date: '''01/13/10'''<br /> | ||
Revised Date:<br /> | Revised Date: '''02/02/18 DRAFT'''<br /> | ||
Reviewed Date:<br /> | Reviewed Date:<br /> | ||
<br /> | <br /> | ||
'''<big>Red Flag Identity Theft Prevention Program</big>''' | '''<big>Red Flag Identity Theft Prevention Program</big>''' | ||
== Basis for Policy == | == Basis for Policy == | ||
Regents Policy 6.6.12, Red Flag Identity Theft Prevention Program; UNMC Policy No. 6055, Fraud. | Regents Policy 6.6.12, Red Flag Identity Theft Prevention Program; UNMC Policy No. 6055, [[Fraud]]. | ||
== Purpose == | == Purpose == | ||
Line 67: | Line 67: | ||
#Information systems containing Covered Account information shall be monitored by the appointed information system custodian/administrator to detect any unusual user activity that could indicate improper access to and/or use of consumer information. | #Information systems containing Covered Account information shall be monitored by the appointed information system custodian/administrator to detect any unusual user activity that could indicate improper access to and/or use of consumer information. | ||
== Responding to Red Flags == | == Responding to Red Flags == | ||
Any staff member encountering a Red Flag shall assess the situation to determine if potential identity theft exists. The assessment may determine that no risk of identity theft is present (i.e. a mistake has occurred, or the occurrence is readily explainable). If, after preliminary investigation, the employee suspects identity theft may have occurred, he/she shall notify the Compliance Officer.<br /><br /> | Any staff member encountering a Red Flag shall assess the situation to determine if potential identity theft exists. The assessment may determine that no risk of identity theft is present (i.e. a mistake has occurred, or the occurrence is readily explainable). If, after preliminary investigation, the employee suspects identity theft may have occurred, he/she shall notify the Compliance Officer at 402-559-9576 or 402-559-6767.<br /><br /> | ||
The Compliance Officer shall further investigate the matter, implementing the Information Security Incident Reporting and Response and/or the Privacy Incident Response Plan Procedures as appropriate. If identity theft is confirmed, the following actions will be taken in coordination with the department managing the Covered Account to mitigate harm, as appropriate, based on the individual circumstances: | The Compliance Officer shall further investigate the matter, implementing the Information Security Incident Reporting and Response and/or the Privacy Incident Response Plan Procedures as appropriate. If identity theft is confirmed, the following actions will be taken in coordination with the department managing the Covered Account to mitigate harm, as appropriate, based on the individual circumstances: | ||
Line 94: | Line 94: | ||
The University of Nebraska Internal Audit Department shall report information from the administrative units to the Audit Committee of the Board of Regents annually as required by the FACTA regulations. The Board of Regents shall approve material changes to the Red Flag Identity Theft Prevention program. | The University of Nebraska Internal Audit Department shall report information from the administrative units to the Audit Committee of the Board of Regents annually as required by the FACTA regulations. The Board of Regents shall approve material changes to the Red Flag Identity Theft Prevention program. | ||
==Additional Information== | ==Additional Information== | ||
*[mailto:sarah.glodencarlson@unmc.edu Chief Compliance Officer], 402-559-9576 or 402-559-6767 | |||
*UNMC Policy No. 6055, [[Fraud]] | |||
*Regents Policy 6.6.12, Red Flag Identity Theft Prevention Program | |||
This page maintained by [mailto:dpanowic@unmc.edu dkp]. | This page maintained by [mailto:dpanowic@unmc.edu dkp]. |