You are here:
Issued: March 29, 2011
(Printer Friendly Version)
Responsible Official: Vice president for finance and administration, treasurer1.0 Purpose
Hampshire College (the College) recognizes that some of its activities are subject to the provisions of the Federal Fair and Accurate Credit Transactions (FACTA) and the Federal Trade Commission's so-called Red Flag rules. The purpose of this program is to provide information to assist individuals in the detection, prevention, and mitigation of identity theft in connection with the opening of a covered account (as that term is defined below) or any existing covered account. This program also provides guidance to employees who believe that a breach of security incident may have occurred and with the protocol and process for reporting of such a security incident.
Under the Red Flag rules, the College is required to establish an "Identity Theft Program" with policies and procedures appropriate to the College's size and complexity in order to detect, identify, and mitigate identity theft in its covered accounts. These "Red Flags" are noticed inconsistencies in specific financial transactions which should indicate the need for further investigation. The College must incorporate relevant Red Flags rules into a program to enable the College to detect and respond to potential identity theft.2.0 Definitions
An Account is a continuing relationship established by any person(s) and the College to obtain a product or service from the College for personal, family, household, or business purposes.
A Covered Account is any account offered and/or maintained by the College acting as a creditor (1) that involves or is designed to permit multiple payments or transactions for personal, family, or household purposes; or (2) for which there is a reasonable foreseeable risk of harm to the person holding an account or to the College from identity theft: for example, small business or sole proprietorship accounts.
The College acts as a creditor when it regularly extends, renews or continues credit regarding an account. Examples include, but are not limited to, tuition, room and board, lab fees, meal plans, bookstore charges, computer loans, etc.
The College has identified the following Covered Accounts:College-administered Covered Accounts--Students:
College-administered Covered Accounts--Employees:
Service provider-Covered Accounts:
Identity theft is an attempted or committed act of fraud using the identifying information of another person without that person's authority for the purpose of effecting a transaction involving a covered account.Identifying information is any name or identity related number that may be used alone or in conjunction with other information to identify a specific person. Examples include, but are not limited to, social security numbers, driver license numbers, credit card numbers, dates of birth, addresses, phone numbers, maiden names, names, account number(s), student numbers, employee numbers, credit card expiration dates, cardholder names, cardholder addresses, taxpayer identification numbers, employer identification numbers.
A Red Flag is a pattern, practice, or specific activity that indicates the possible existence of identity theft.
A service provider is any third party that provides services to the College in support of its offering, opening and administration of covered accounts.3.0 Identifying Red Flags
The following Red Flags are potential indicators of fraud. Red Flags are not limited to these examples. Any time a Red Flag, or a situation closely resembling a Red Flag is apparent, it must be investigated by appropriate person(s). Red Flags include, but are not limited to:
4.0 Procedures for Detecting Red Flags
The College's procedures for detecting Red Flags are as follows:
5.0 Response to Red Flags
When a Red Flag is detected or reported, the following procedures must take place as soon as practicable: