Identity Theft Prevention
Effective: November 5, 2009
Reviewed: December 2015
Contact: Accounts Receivable Office
Iowa State University extends, renews, and continues credit for student and employee accounts involving student loans, institutional loans, and payment for services received over time. Also, in some instances, ISU receives consumer reports from credit reporting agencies. Due to its involvement in these activities, ISU must comply with the "Red Flags Rule" established by the Federal Trade Commission (FTC) to help prevent identity theft. These regulations are part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA).
Identity Theft Prevention Program
As required by the FTC's Red Flags Rule, Iowa State University has established and will maintain an Identity Theft Prevention Program approved by the Board of Regents, State of Iowa. The Identity Theft Prevention Program shall include reasonable policies and procedures to:
- Identify relevant red flags for covered accounts ISU offers or maintains and incorporate those red flags into the Program;
- Detect red flags that have been incorporated into the program;
- Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
- Assure the program is updated periodically to reflect changes in risks involving possible identity theft and fraud.
Responsibility for Compliance
Under the university's Identity Theft Prevention Program, ISU employees have a responsibility to obtain and verify the identity of persons opening or using covered accounts. In addition, ISU employees are expected to notify the program administrator (i.e., the director of Accounts Receivable) if they become aware of an incident of identity theft or of failure to comply with the program. At least annually or as otherwise requested by the program administrator, ISU staff responsible for development, implementation, and administration of the program shall report to the program administrator on compliance with this program.