Purpose
This policy establishes the "University Identity Theft Prevention Program" ("Program") and it's Procedures at Illinois State University pursuant to the Federal Trade Commission's ("FTC") Red Flags Rule, which implements Section 114 of the Fair and Accurate Credit Transactions Act of 2003.
Program Oversight
Responsibility for developing, implementing and updating the University Identity Theft Prevention Program lies with the Illinois State University Identity Theft Committee ("Committee"). The Committee will be headed by a Program Administrator(s) who is the individual(s) designated by this policy with primary responsibility for oversight of the University Identity Theft Prevention Program. The President of the University or his or her designee will appoint the Program Administrator.
Two or more other individuals appointed by the President or the Program Administrator shall comprise the remainder of the Committee membership. The Program Administrator will be responsible for ensuring appropriate training of University staff on the Program, for reviewing any staff reports regarding the detection of Red Flags and the steps for preventing and mitigating identity theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the Program. The University Identity Theft Committee will periodically review and update this Program to reflect changes in risks and in the soundness of the University from identity theft.
Compliance
All Administrators, Deans, Directors, Department Heads, Fiscal Agents and Data Custodians are required to ensure compliance with this policy and any related procedures and programs. In addition, all University employees are expected to notify the Program Administrator once they become aware of an incident of identity theft, Red Flags (as defined in the Procedures), and/or of the University’s failure to comply with this Program.
Approval & Review
The President of Illinois State University, within the authority delegated by the Board of Trustees, has approved the Policy on establishment of a University Identity Theft Prevention Program. This policy will be periodically reviewed by the Illinois State University Identity Theft Committee and the Administrator and changes or additions to \this policy will be recommended by this Committee and the Administrator to the President and/or his or her designee. The University reserves the right to amend this policy at any time. The version posted on the web at www.policy.ilstu.edu/ is the governing policy.