1 / 28

How To Protect Student Against Identity Theft Complying with Safeguarding Regulations

How To Protect Student Against Identity Theft Complying with Safeguarding Regulations. MN Network October 2009 BY: KAREN REDDICK NATIONAL CREDIT MANAGEMENT 888-692-3964 kreddick@ncmstl.com. IDENTITY THEFT. Identity theft victims spend, on average, 116 hours repairing the damage.

Download Presentation

How To Protect Student Against Identity Theft Complying with Safeguarding Regulations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How To Protect Student Against Identity Theft Complying with Safeguarding Regulations MN Network October 2009 BY: KAREN REDDICK NATIONAL CREDIT MANAGEMENT 888-692-3964 kreddick@ncmstl.com

  2. IDENTITY THEFT • Identity theft victims spend, on average, 116 hours repairing the damage. • The FTC estimates it takes victims 14-16 months to clear their names • Victims face higher interest rates, insurance rates, rejected loans, and/or unjust accusations of criminal conduct which require costly legal assistance to rectify • $5,686 Per Incident

  3. Interesting Stats U.S. identity theft rose 23% in 2008 to 10.1 million reported cases(4.5 % of adult population) More than 36 million Americans have been victims of identity theft in the last four years It is estimated that 13 percent of all victims reported a family member or relative as the person responsible for misusing their personal information. 20 percent of identity theft victim information was misused through credit card fraud The second-highest incidence of identity theft occurred through government documents/benefits fraud, at 15% of all complaints Identity theft through tax fraud has risen 6% since 2006 24 percent of identity theft victims were a part of Generation Y (ages 20-29) Lost or stolen laptops containing sensitive data can cost over $115,000 to a company in recovery efforts if a data breach goes undiscovered for at least a week Data breaches increased 47% between 2007 and 2008, reaching 656 breaches in 2008 alone 88% Non-Tech Related Arizona has the highest identity theft rate per capita, followed by California and Florida.

  4. Interesting Stats • Education is most likely to be hacked • This year alone over 50 colleges and universities have had some sort of security breaches • Main Source off Education Breaches • 50% from lost/stolen PCs, laptops and media

  5. What To Protect • Name • Social Security # • Date of Birth • Address • Credit Card# • Bank Account # • PIN’s or Passwords

  6. How To Protect Identity • Opt out 1-888-5optout or 1-888-567-8688 • Remove your name from Credit Bureau Lists • Good for 5 years • Monitor Your Credit Report and Your Children’s (Under 18) (www.annualcreditreport.com) • Make copies of your credit cards and contents of wallet • Subscribe to AG No Call List • Guard Your Social Security Number Zealously • Do not carry social security number • When someone asked for it: • Why do you need? • How do you protect it? • How will it be used? • What happens if I don’t give it you?

  7. Resources Credit Freeze In some states you can put a freeze on your credit file. So no one will have access to your information without your authorization http://fightidentitytheft.com/security_freeze

  8. Credit Freeze

  9. What To Do If Someone Is A Victim • Place a fraud alter on your credit reports and review your reports • Close the accounts that you know, or believe, have been tampered with or opened fraudulently • File a report with your local police or the police in the community where the identity theft took place • File a complaint with the Federal Trade Commission

  10. Tips to remember • Look at your physical environment • Messy vs. clean desk • Reports and files stored out of site • Locking file cabinets and offices • Passwords on post-it notes? • USB drives easily available • Flash Cards, CDs, and disk lying around in plan site • Monitor location/desk direction • Are visitors identified, challenged? • Public access to business areas? Public Fax? • Use Cross Cut Shredders

  11. Tips to remember • Information Security Policy • Do not store sensitive information on workstation or mobile device • Written justification and approval for sensitive data storage • Purge sensitive information as soon as its business need no longer exists • Purge Data • Record retention schedules give useful life of each type of information • Purge info-Wipe, not delete • Security File Deletion Utilities • Cross cut shred, not store

  12. Tips to remember • If your office uses cubicles • Play background music (white noise) • Use fabric sound absorbing covers

  13. EXISTING LAWS THAT REGULATE STUDENT PRIVACY • FERPA: Family Educational Rights and Privacy Act • GLBA: Gramm-Leach-Bliley Privacy Act • FACT-Red Flag Rules

  14. FERPA • FERPA: Family Educational Rights and Privacy Act Statue: 20 U.S.C. 1232(g) Regulations: 34CFR Part 99 • The intent of the Act is to protect the rights of students and to insure the privacy and accuracy of education records. • Those protected by FERPA are students and former students who have been in attendance at the institution. • Rights belong to the student

  15. Solution • Have all students sign a release of information form and identify which parties are privy to their information

  16. GLBA • GLBA: Gramm-Leach Bliley Act signed into law November 1999. • Regulation: Privacy regulations issued by federal agencies. Compliance required as of 7/1/01 • FTC PART 314-Standards for Safeguarding Customer Information (Effective 5/23/-03) • Scope: Regulates the sharing of: • “Nonpublic personal information” about individuals who obtain “financial products or services” • From “financial institutions” primarily for personal, family or household purposes.

  17. GLBA-Implementing the Safeguards Rule • The Gramm Leach Bliley Act requires financial institutions to ensure the security and confidentiality of customer personal information. • The Federal Trade Commission (FTC) implemented GLBA by issuing the Privacy Rule and the Safeguards Rule. • Colleges and universities are considered “financial institutions” primarily due to student loan making activities.

  18. Solutions • Design and implement a written security plan • Select a group or committee to implement program • Identify all foreseeable risks • Training/Human Resources/Management • Information Systems • System Failures/Intrusions-Disaster Plans • Put together a written program to control these risks • Oversee service providers to make sure they are capable of maintaining appropriate safeguards and require by contract to implement and maintain such safeguards • Evaluate program each year as environment changes

  19. NEW RED FLAG RULES • New Red Flag Requirements For Financial Institutions • Require financial institutions to develop and implement written identity theft prevention programs as part of the Fair and Accurate Credit Transactions Act of 2003 • Under the Rule, each institution must develop and implement a written Identity Theft Prevention Program designed to detect, prevent, and mitigate identity theft in connection with new or existing accounts • Effective date is January 1, 2008 • Mandatory compliance date is November 1, 2009

  20. Identity Theft Red Flags Regulations Does Higher Education have to comply? • Yes, the FTC has confirmed that “Higher Educational Institutions do have to comply due to student loans, defer payment plans, or multiple payments on tuition accounts (extension of credit)” • As stated in the GLBA-The rule under this law considers Higher Education Institutions financial institutions due to their “loan making activities”. • The only way schools would not have to comply if these federal agencies would make an exception • DON’T HOLD YOUR BREATH!!!!!!

  21. NEW RED FLAG RULES • The program must provide for the identification, detection, and response to patterns, practices, or specific activities-known as “red flags”-that could indicate identity theft • Under these new rules, institutions must develop a written program that identifies and detects the relevant warning signs (red flags) or identity theft. • Examples of these Warning Signs: • Unusual account activity • Fraud Alerts from Consumer Reporting Agencies • Attempted use of suspicious account application documents • Notice of ID Theft from the student • It must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program. • Program must be managed by senior employees, include appropriate staff training, and provide for oversight of any service providers

  22. Elements on How to Comply W/Red Flag Requirements 4 Elements: 1. Identity patterns, practices or activities that indicate the possible existence of identity theft (red flags) 2. Detect Red Flags 3. Respond to detected Red Flags to prevent and mitigate identity theft 4. Update the Program periodically to reflect changes in risks to customers and the institution. This initial plan needs to be approved by the institutions Board of Directors or “Committee”.

  23. HOW TO IDENTIFY THESE RED FLAGS • The FTC has identified 26 possible red flags • 5 Categories • Alerts, notifications, or warnings from a consumer reporting agency • Suspicious documents • Suspicious personally identifying information, such as suspicious address • Unusual use of or suspicious activity relating to a covered account • Notices from customers, victims of identity theft, law enforcement authorities, or other businesses about identity theft in connection with covered accounts

  24. Set Up Procedures to Detect Red Flags • Verify Identity • Authenticate Customers • Monitor Transactions • Verify Validity of Address Change

  25. Respond Appropriately • Monitor Accounts • Contact Customer • Change Passwords • Close and Reopen Accounts • Refuse to Open Accounts • Don’t Bill or Collect on the Account • Notify Law Enforcement

  26. So Now What? • Don’t panic! • Don’t recreate the wheel • Evaluate your existing security plans (GLBA) • Incorporate these new rules into your existing security plan • The FTC says in Appendix J to Part 681, that you may incorporate as appropriate, existing policies, procedures and other arrangements that control reasonably foreseeable risks to customers or to the safety and soundness of the financial institutions or creditor from identity theft. • Have your service providers incorporate these new rules into your contracts and their existing plans • Whether this law is relevant to Higher Education or not it is imperative to know how to prevent or mitigate identity theft • Human Resources-Training is essential in any successful program • Be proactive and have a plan to prevent future liability

  27. CONTACT INFORMATION Red Flag Regulations www.ftc.gov/redflagsrule Red Flag Questions/Comments Email: RedFlags@ftc.gov Naomi Lefkovitz 202-326-3058 GLBA www.ftc.gov/privacy/privacyinitiatives/glbact.html Laura D. Berger, Attorney Division of Financial Practices FTC (202) 326-3224 NACUBO http://www.nacubo.org/x2152.xml FERPA Family Policy Compliance Office LeRoy Rooker, Director of Family Policy (202) 260-3887 www.ed.gov/policy/gen/guid/fpco/ferpa

  28. CONTACT INFORMATION Free Credit Report www.annualcreditreport.com CREDIT BUREAUS Equifax 1-800-525-6285 www.equifax.com Experian 1-888-397-3742 www.experian.com TransUnion 1-800-680-7289 www.transunion.com

More Related