In response to the growing threat of identity theft and the North Carolina Identity Theft Protection Act (NCITPA) Isothermal Community College adopted a Social Security Number and Personal Identifying Information Policy in May 2008.
In 2003, the United States Congress passed the Fair and Accurate Credit Transactions Act (FACTA). Public Law 108-159. This amendment to the Fair Credit Reporting Act dictated that the Federal Trade Commission (FTC) promulgate rules to address identity theft. The rules promulgated by the FTC (Red Flag Rules) require any financial institution and creditor that holds any type of consumer account or other account for which a potential risk of identity theft exists to create and implement a written Identity Theft Prevention Program in order to prevent identity theft associated with new and existing accounts. This Identity Theft Prevention Program is appropriate to the size and complexity of the College and the nature and scope of the College’s activities.
The College adopts this Identity Theft Prevention Program to enact reasonable policies and procedures to protect students, employees, and other persons with whom the college is affiliated from damages associated with the compromise of sensitive personal information.
Activities in which the College is often involved that require compliance with the Red Flag Rules and/or
protection of identifying information include, but not limited to:
The College must identify which Red Flags/identity threats are relevant to the institution considering the size of the College and the complexity of duties and activities. The Red Flags/identity threats categories and related examples are based on the types of accounts the College offers and maintains, the methods used to create accounts, methods of accessing information, and previous experiences the College has had with identity theft. Additionally, the College will incorporate the Red Flags/identity threats deemed relevant from incidents the College has experienced or other local colleges have experienced, methods of identity theft that the College has identified that reflect changes in identity theft risks, and guidance from senior administrators.
|Alerts, notifications, or other warnings received from the Attorney General’s Office, consumer reporting agencies, service providers such as fraud detection services, or other entities used to collect data
A consumer reporting agency issues a fraud or active duty alert.
|A consumer reporting agency provides a notice of address discrepancy.
A consumer report indicates a pattern of activity that is inconsistent with the history and usual pattern of activity of an applicant or customer, such as:
|The presentation of suspicious documents
Documents provided for identification appear to have been altered or forged.
The photograph/physical description on the identification is not consistent with the appearance of the applicant or customer presenting the identification.
Other information on the identification is not consistent with information provided by the person opening a new covered account or customer presenting the identification.
Other information on the identification is not consistent with readily accessible information that is on file with the financial institution or creditor, such as a signature card or a recent check.
|An application appears to have been altered or forged, or gives the appearance of having been destroyed and reassembled.
|The unusual use of, or other suspicious activity related to, a covered account
Any student account is used in a manner commonly associated with known patterns of fraud. For example: The customer fails to make the first payment or makes an initial payment but no subsequent payments.
A covered account is used in a manner that is not consistent with established patterns of activity on the account. There is, for example:
|A covered account that has been inactive for a reasonably lengthy period of time is used (taking into consideration the type of account, the expected pattern of usage and other relevant factors.
Mail sent to the student, sponsor, employee, WNCW member, vendor or other persons with whom the college is affiliated is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer's covered account.
The College is notified that the customer is not receiving paper account statements.
The College is notified of unauthorized charges or transactions in connection with a customer's covered account.
A customer initiates multiple address changes over a short period of time.
A customer is attempting to access information about a deceased student.
The College is notified by a customer, a victim of identity theft, a law enforcement authority, or any other person that it has opened a fraudulent account for a person engaged in identity theft.
|Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts held by the college
A student, borrower, law enforcement personnel or service provider notifies the college of unusual activity related to a covered account. This may include discrepancies in social security number to a named, address difference, or data between the College and the responsible party.
|A student or customer does not know personal information that they should know, i.e. social security number, date of birth, student identification number.
|Requests for access to information
|A person attempts to access student information without proper identification.
|Access to Information
|Open access to information due to multiple locations, multiple records, multiple account managers, and multiple off-campus instructors or other representatives who collect demographic information.
|Authorized agencies to help in collection of accounts such as collection agencies and government agencies that assist with collections are provided with sensitive data.
|Breach of security with computer system and/or E-mail system.
|Phone-in payments may have the risk of compromising banking information.
|Credit card information stored with the daily deposits,
|Accepting students’ and other customers’ checks that have financial and demographic information on them.
The College will evaluate and update as necessary the Identity Theft Prevention Program on an annual basis or as deemed appropriate by senior administration or other factors such as current issues, advances in technology, or other related policies.
Policy Number: 306-02-10BP
Adopted: May 29, 2008
Amended: May 1, 2009; January 27, 2015