Policy No. CP005
It is the policy of the Fashion Institute of Technology (college) to comply with the requirements of the Federal Trade Commissions (FTCs) Red Flags Rule, which was promulgated pursuant to section 114 of the Fair and Accurate Credit Transactions Act (FACTA). The Red Flags Rule requires financial institutions and creditors that hold covered accounts to develop and implement an identity theft prevention program for new and existing covered accounts. Under this rule, colleges and universities are considered creditors engaged in lending activities and deferred payment practices commonly associated with banks, finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunication companies.
The college has developed and implemented an identity theft prevention program to meet the requirements of the Red Flags Rule to identify, detect, report, and mitigate incidents of identity theft in connection with new and existing covered accounts, which are used primarily for personal purposes and involve multiple financial transactions, or for which there is reasonable foreseeable risk from identity theft.
For the colleges purposes, covered accounts that are designed to permit multiple financial transactions include student tuition payment plan accounts, student accounts with refund transactions, Perkins loan accounts and emergency loan accounts administered by the college. Covered accounts for which there is reasonable foreseeable risk from identity theft include student registration and records accounts, financial aid grant and loan accounts, and student email and banner accounts.
The college's identity theft prevention program is tailored to the size, complexity, nature of its operations and the system-wide guidance provided by SUNY system administration. The program sets forth the actions which must be taken by the college through certain of its staff, managers and administrators in order to prevent the use of personal identifying information to commit identity theft. The program also demonstrates the colleges commitment to the security of personal identifying information collected and managed by the college.
The college's Board of Trustees approved the program on June 15, 2009.
Entities Affected by this Policy
All college personnel who access, use or control personal identifying information in connection with a covered account.
- Responsible Administrator(s): Internal Auditor and General Counsel
- Responsible Office(s): Planning, Assessment, and Compliance; General Counsel
- Dates issued: June 15, 2009
- Contact: Director of Compliance, Internal Auditor, General Counsel and Secretary of the College
View Official Policy
CP005, Identity Theft Prevention Program (.pdf)
*This PDF document is the official version of this policy.