Directories
Popular Keywords
Gallaudet University
Who We Are
Our Work
Overview
News & Stories
Nov 4, 2024
Oct 30, 2024
Upcoming Events
November 12, 2024
November 13, 2024
November 14, 2024
University Wide Events
No Communication Compromises
Areas of Study
Schools
Programs
Changing the world
Research
Community & Innovation
Research Experiences & Services
Our Global Presence
Global at Home
Global Learning For All
Global Engagement
Your Journey Starts Here
Admissions
Financial Aid
Explore Our Campus
Connect
Discover
Influence
Explore
Quick Links
GU
/
Operations
Administration and Operatio...
1.21 Identity Theft Prevention Policy
College Hall 106
(202) 250-2284
(202) 651-5352
Email Us
Last Revised:May 14, 2010
Refer Questions to: Executive Director, Finance Office
This policy applies to the creation, modification, and access to Identifying Information from Covered Accounts connected to Gallaudet University; including, but not limited to, the following:
The university recognizes some of its activities are subject to the provisions of the Federal Fair and Accurate Credit Transactions Act (FACTA) and the Federal Trade Commission’s Red Flag Rules. The purpose of this Identity Theft Prevention policy is to provide information to assist individuals in the detection, prevention, and mitigation of Identity Theft in connection with the opening of a Covered Account or any existing Covered Account. This policy also provides guidance to employees who believe that a security incident may have occurred and with the reporting of a security incident.
Under the Red Flag rules, the university is required to establish an “Identity Theft Program” with reasonable policies and procedures to detect, identify, and mitigate identity theft in its covered accounts. These “Red Flags” are inconsistencies in specific financial transactions which should indicate further investigation when noticed. The university must incorporate relevant Red Flags into a program to enable the university to detect and respond to potential Identity theft.
Definitions:
Pursuant to the Red Flag regulations at 16 C. F. R. § 681.2, the following definitions shall apply to this program:
Identification of Red Flags
In order to identify relevant Red Flags, the university considers the types of accounts that it offers and maintains, the methods it provides to open its accounts, the methods it provides to access its accounts, and its previous experiences with identity theft. The following are typical or frequent trouble spots of which employees should be aware of and for which employees should diligently monitor and take action:
Detection of Red Flags
Detection of Red Flags in connection with the opening of Covered Accounts as well as existing Covered Accounts can be made through such methods as:
Responding to Red Flags
In the event university employees detect any identified Red Flags, such employees shall take all appropriate steps to respond and mitigate identity theft depending on the nature and degree of risk posed by the Red Flag, including but not limited to the following examples:
If you have questions concerning the appropriate steps to take, these questions should be directed to the appropriate supervisor or the Information Security Officer. Employees should not contact law enforcement agencies directly, but should consult with their supervisor or the Information Security Officer, who will consult with the Risk Management staff.
Contractual Agreements
In the event the university engages a service provider to perform an activity in connection with one or more accounts, the university will take the following steps to ensure the service provider performs its activity in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft:
Information Security Officer
The University’s Information Security Officer will report to the Chief Information Officer.
Training
University employees responsible for implementing the program shall be trained under the direction of the Information Security Officer in the detection of Red Flags, and the responsive steps to be taken when a Red Flag is detected.
Security Incident Reporting
An employee who believes that a security incident has occurred shall immediately notify their appropriate administrator and the Information Security Officer.
Approved by: Gallaudet University Board of Trustees
Human Resources
(202) 651-5344