Identity Theft Prevention/Red Flags Program Policy - 61.19
College Procedure Number/Title:
Howard Community College (HCC) has developed an identity theft prevention program in compliance with the Federal Trade Commission's (FTC) Red Flags Rule, which implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003. The identity theft program, which will be referred to as the Red Flags Program, was approved by the college’s board of trustees in March 2009. The purpose of the program is to detect and mitigate instances of identity theft at the college. The program also adopts measures to prevent opportunities for identity theft.
Identity theft is a fraud that is attempted or committed using the identifying information of another person without authority. A red flag is a pattern, practice, or specific activity that indicates the possible existence of identity theft. An area that is particularly vulnerable to identity theft is considered a covered account. Covered accounts at the college are defined in college procedure 61.19.01, Red Flags Procedures.
The HCC Red Flags Program is tailored to the college’s size, complexity, and operations. The program contains policies and procedures to:
- identify relevant red flags for new and existing covered accounts and incorporate appropriate actions for those red flags into the program;
- detect red flags in individual accounts;
- respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
- ensure the program is updated periodically to reflect changes in risks to students and employees or to the safety of the students and employees from identity theft, including the creation of new categories of covered accounts.
The vice president of information technology or designee is responsible for administering the red flags identity theft prevention program. A red flags committee of college employees is responsible for implementing the program and monitoring compliance. Committee members receive training at the direction of the program administrator or designee in the detection of red flags and the responsive steps to be taken when a red flag is detected.
The red flags committee is charged with periodically reviewing, auditing, and updating the college’s Red Flags Program. In doing so, the committee examines the college's experiences with identity theft situations, changes in identity theft methods, and changes in identity theft detection and prevention methods. At least annually, or as requested by the program administrator, the committee reports to the program administrator on compliance with this program. The report addresses issues including effectiveness of the policies and procedures in addressing the risk of identity theft in connection with the opening and maintenance of covered accounts and significant incidents involving identity theft and management’s response and recommendations for changes to the program. After considering the report, the program administrator will determine whether changes to the program are needed. If warranted, the committee will update the program. An annual update on the Red Flags Program is given to the college’s board of trustees.
Employees who detect identity theft or suspicious behavior will report related information to their supervisor. In turn, supervisors will inform their area associate vice president or their area vice president, and the president.
Effective Date: 05/14/21
President's Office Use: VPIT