政策

The objective of this policy is to establish an Identity Theft Prevention Program (“Program”) designed to mitigate the risk of comprised personal, 识别赌博正规的十大网站社区成员的信息. 该计划旨在预防, detect and mitigate identity theft in connection with the opening of a covered account or an existing covered account and to provide for the continued administration of the Program.             

适当的, the Program shall incorporate existing policies and procedures that mitigate the compromise of personal, 识别信息.

该计划适用于员工, 承包商, 咨询顾问, 临时员工, 服务提供商, 以及所有被授权访问个人信息的人, 识别由以下方式获得的信息, 所使用的, 并在其运作过程中由赌博正规的十大网站安置.

项目管理

The College has formally designed 控制器 as having specific responsibility for the development, 实现, 以及项目的管理.

服务提供者:控制器, in consultation with the college’s AVP of Institutional Planning and Effectiveness, will ensure that 服务提供商 have reasonable policies and procedures designed to detect, 防止, 并降低身份被盗的风险.

Training: The Controller will ensure that initial training takes place for relevant staff and  also ensures that any additional training  warranted as a result of changes in the Program or changes in personnel also takes place.

董事会批准和报告要求

1. 校董会审计委员会应审查并批准本政策
2. Periodic review and approval of the policy shall take place in accordance with the policy administration guidelines of 科罗拉多大学
3. 至少每年一次, 控制器, 谁负责开发, 实现, 以及项目的管理 shall report on 合规 with the Red Flags Rule to the Vice President for 金融 and 政府.
4. 报告应包括:

• Assessment of the effectiveness of the policies and procedures in addressing the risk of identity theft in connection with new and existing covered accounts;
• 披露服务供应商的安排
• Disclosure of significant incidences involving identity theft and management’s response;

对程序的重大变更的任何建议

程序

项目构成部分一:识别危险信号

The Program Sponsor shall work with campus to determine and document which of the twenty-six red flags identified in the Identity Theft Red Flags and Address Discrepancies Under the 2003年公平准确信用交易法案 适用于学院的运作.

程序要素二:检测危险信号

The Program Sponsor shall document 识别由以下方式获得的信息 groups across campus in the course of their respective operations.

方案构成部分三:对危险信号的反应

The Program Sponsor shall work with campus to design responses to red flags that are commensurate with the level of risk posed by the red flag. 尽可能地, these responses should be consistent across campus and also consistent with ITS security policies and 实践s.

项目要素四:更新项目

Partnering with ITS where appropriate, the Program Sponsor shall design and implement 流程 to:

• 监控和应对身份盗窃的经历;
• 保持最新的身份盗窃方法
• 保持最新的检测、预防和减轻身份盗窃的方法;
• 监控学院提供的账户类型
• Monitor changes in business arrangements (for example, with alliances or 服务提供商)

定义

Address Discrepancy: A notice sent to a user of a consumer report that informs the user of a substantial difference between the address for the consumer provided by the user in requesting the consumer report and the address or addresses the Consumer Reporting Agency has in the consumer’s file.

Covered Account: This is a two part definition (1) an account that a financial institution or creditor offers or maintains primarily for personal, 家庭, or household purposes that involves or is designed to permit multiple payments or transactions (2) any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, 包括金融, 操作, 合规, 声誉, 或者诉讼风险

Identity Theft: A fraud committed or attempted using the 识别信息 of another person without authority

红旗:一种模式, 实践, 或表明可能存在身份盗窃的特定活动

Service Provider: a person that provides service directly to the financial institution or the creditor. This definition is based on the Information Security Standards definition that a service provider is any person or entity that maintains, 流程, or otherwise is permitted access to customer information or consumer information through the provision of services directly to the financial institution.