The Federal Trade Commission’s (“FTC”) Red Flags Regulation require each financial institution or creditor to periodically determine, by conducting a risk assessment, whether it offers or maintains covered accounts. Upon identifying any covered account(s), the institution is required to develop and implement a written Identity Theft Prevention Program. The Identity Theft Prevention Program must contain reasonable policies and procedures to:
- Identify relevant red flags for new and existing covered accounts and incorporate those red flags into the Program;
- Detect red flags that have been incorporated into the Program;
- Prevent identity theft by responding appropriately to any red flags that are detected;
- Mitigate identity theft once it has occurred; and
- Update the program periodically to reflect changes in risks to the customer and the University from identity theft.
For the purpose of these regulations, The University of Alabama (UA) is considered a creditor and has developed the Identity Theft Prevention Program to comply with those requirements, giving consideration to the size and complexity of the University’s operations, its account systems and the nature and scope of the University’s activities. The Identity Theft Prevention Policy and accompanying supporting documents provide additional information to employees when developing internal procedures to help prevent and mitigate a security incident, as well as guidance for reporting a known or suspected security incident.
Supporting Information
The UA Red Flags Identification and Detection Grid will help departments identify red flags and assess and mitigate risks.
Any employee who knows or suspects that a security incident has occurred shall immediately:
- notify their supervisor;
- notify the appropriate Identity Theft Prevention Officer (ITPO);
- complete a Red Flag Reporting Form.
The ITPO will report to the Program Administrator as needed. If fraud is known or reasonably suspected, contact UAPD.
If you need additional information, please visit Identity Theft Prevention Program Frequently Asked Questions or call Compliance, Ethics, and Regulatory Affairs at 205-348-2334.