65: w88 mobile Flag Privacy Policy

Revised: September 2009

In recognition that some university activities are subject to the provisions of the Fair and Accurate Credit Transactions Act (FACT Act) and its "w88 mobile Flag" rules as promulgated by the U.S. Federal Trade Commission, the University outlines the following program. This program complements existing policies, which can be found in various sections of the university's Information Technology Policy Manual.

Oversight of this policy is through the Chancellor's Office and w88 mobile president. The NSHE policy was approved by the Board of Regents in June 2009; amendments may be approved by the Chancellor. The w88 mobile may also develop additional procedures with the approval of the w88 mobile president.

Purpose

  1. This document establishes the university's "Identity Theft Program" to detect, identify, and mitigate identity theft in the accounts covered under the w88 mobile Flags rules.
  2. The University incorporates relevant w88 mobile Flag rules into a program to enable the University to detect and respond to potential identity theft.
  3. The w88 mobile ensures that the program is updated periodically to reflect changes in risks to customers or creditors or to the w88 mobile from identity theft.

Definitions

  1. Pursuant to the w88 mobile Flag regulations at 16 C.F.R. § 681.2, the following definitions apply to the Program:
    1. "Identity theft" is a "fraud committed or attempted using the identifying w88 mobile of another person without authority."
    2. "Covered accounts"
      1. Any w88 mobile account maintained primarily for a student or related to a loan administered by the w88 mobile, which involves multiple payments or transactions.
      2. Any w88 mobile account for which there is a reasonably foreseeable risk from identify theft to customers.
    3. "Creditor" is a person or entity that regularly extends, renews, or continues credit and any person or entity that regularly arranges for the extension, renewal, or continuation of credit. Examples of activities that indicate a college or w88 mobile is a "creditor" are:
      1. Participation in the Federal Perkins Loan w88 mobile;
      2. Participation as a school lender in the Federal Family Education Loan w88 mobile;
      3. Offering institutional loans to students, faculty or staff;
      4. Offering a plan for payment of tuition or fees throughout the semester, rather than requiring full payment at the beginning of the semester.
    4. "w88 mobile Flag" is a "pattern, practice, or specific activity that indicates the possible existence of identity theft."
    5. "Identifying w88 mobile"
      1. Any name or number that may be used, alone or in conjunction with any other w88 mobile, to identify a specific person, including, but not limited to: name, address, telephone number, social security number, date of birth, government issued driver's license or identification number, alien registration number government passport number, employer or taxpayer identification number, unique electronic identification number (including student ID), computer Internet Protocol addresses or routing codes or financial account number such as credit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
    6. "Responsible w88 mobile Official"
      1. The president designates the associate vice president of business and finance to serve as w88 mobile administrator.
      2. The w88 mobile administrator shall exercise appropriate and effective oversight of the w88 mobile and shall report regularly to the president on the w88 mobile.

w88 mobile Administration and Maintenance

  1. The w88 mobile administrator is responsible for:
    1. Developing, implementing, and updating w88 mobile program.
    2. Ensuring appropriate training of w88 mobile staff on the program.
    3. Reviewing staff reports regarding the detection of w88 mobile Flags.
    4. Reviewing steps for identifying, preventing, and mitigating identity theft.
    5. Determining which steps of prevention and mitigation should be taken in specific circumstances.
    6. Reviewing, evaluating, and promulgating periodic changes to the w88 mobile based on:
      1. Changes in identity theft risks, detection, mitigation, and prevention methods.
      2. Technological advances.
      3. w88 mobile's experiences with identity theft.
      4. Changes in types of accounts the w88 mobile maintains.
      5. Changes in w88 mobile business arrangements with other entities.
      6. Changes in legal requirements in the area of identity theft.

Identification of w88 mobile Flags

  1. The following are relevant w88 mobile Flags, in each of the listed categories for which employees should be aware and diligent in monitoring:
    1. Notifications and warnings from credit reporting agencies
      1. Report of fraud accompanying a credit report;
      2. Notice or report from a credit agency of a credit freeze on a customer or applicant;
      3. Notice or report from a credit agency of an active duty alert for an applicant; and
      4. Indication from a credit report of activity that is inconsistent with a customer's usual pattern or activity.
    2. Suspicious documents
      1. Identification document that appears to be forged, altered, or inauthentic;
      2. Identification document on which a person's photograph or physical description is inconsistent with the person presenting the document;
      3. Other document with w88 mobile that is inconsistent with existing customer w88 mobile (such as if a person's signature on a check appears forged); or
      4. Application for service that appears to have been altered or forged.
    3. Suspicious personal identifying w88 mobile
      1. Identifying w88 mobile presented that is inconsistent with other w88 mobile the customer provides (example: inconsistent birth dates);
      2. Identifying w88 mobile presented that is inconsistent with other sources of w88 mobile (for instance, an address not matching an address on a credit report);
      3. Identifying w88 mobile presented that is the same as w88 mobile shown on other applications that were found to be fraudulent;
      4. Identifying w88 mobile presented that is consistent with fraudulent activity (such as an invalid phone number or fictitious billing address);
      5. Social security number presented that is the same as one given by another customer;
      6. An address or phone number presented that is the same as that of another person;
      7. A person fails to provide complete, personal identifying w88 mobile on an application when reminded to do so (however, by law social security numbers may not be required in all instances); and
      8. A person's identifying w88 mobile is inconsistent with the w88 mobile that is on file for the customer.
    4. Suspicious account activity or unusual use of account
      1. Change of address for an account followed by a request to change the account holder's name;
      2. Payments stop on an otherwise consistently up-to-date account;
      3. Account used in a way that is inconsistent with prior use (example: very high activity);
      4. Mail sent to the account holder is repeatedly returned as undeliverable;
      5. Notice to the w88 mobile that a customer is not receiving mail sent by the w88 mobile;
      6. Notice to the w88 mobile that an account has unauthorized activity;
      7. Breach in w88 mobile or NSHE computer system security; and
      8. Unauthorized access to or use of customer account w88 mobile.
    5. Alerts from others
      1. Notice to the w88 mobile from a customer, identity theft victim, law enforcement, or other person who has opened or is maintaining a fraudulent account for a person engaged in identity theft.

Detecting w88 mobile Flags

  1. New accounts
    1. w88 mobile personnel will take the following steps to obtain and verify the identity of the person opening an account:
      1. Require personal identifying w88 mobile such as name, date of birth, residential or business address, driver's license, or other identification;
      2. Verify customer's identity (for instance, review a driver's license or other identification card); or
      3. Independently contact the customer.
  2. Existing accounts
    1. w88 mobile personnel will take the following steps to monitor transactions with an account:
    2. Verify the identification of customers if they request w88 mobile (in person, via telephone, via facsimile, via email);
    3. Verify the validity of requests to change billing addresses; and
    4. Verify changes in banking w88 mobile given for billing and payment purposes.

Responding to w88 mobile Flags and Mitigating Identity Theft

  1. In the event university personnel detect identified w88 mobile Flags, such personnel shall take all appropriate steps to respond and to mitigate identity theft depending on the nature and degree of risk posed by the w88 mobile Flag, including but not limited to the following examples:
    1. Notify the w88 mobile administrator;
    2. Continue to monitor an account for evidence of identity theft;
    3. Contact the customer;
    4. Change any passwords or other security devices that permit access to accounts;
    5. Not open a new account;
    6. Close an existing account;
    7. Reopen an account with a new number;
    8. Notify law enforcement; or
    9. Determine that no response is warranted under the particular circumstances.

Staff Training and Reporting

  1. University employees responsible for implementing the program shall be trained in the detection of w88 mobile Flags, and the responsive steps to be taken when a w88 mobile Flag is detected.
  2. Appropriate staff shall provide reports to the program administrator on incidents of identity theft, the effectiveness of the program, and w88 mobile compliance with the program.

Service Provider Arrangements

  1. In the event the w88 mobile engages a service provider to perform an activity in connection with one or more covered accounts, the w88 mobile will take the following steps to ensure the service provider performs its activity in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft:
    1. Require, by contract, that service providers have such policies and procedures in place; and
    2. Require, by contract, that any service providers review the university's program and report any w88 mobile Flags to the program administrator.