Identity Theft Prevention Program

The FTC Red Flags Rule is part of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). The Rule seeks to protect individual consumers from identity theft related to credit, debit, declining balance, loan, and several other types of consumer accounts. In 2008, it was determined that institutions of higher education fall under the rules because of billing, declining balance, loan, and other accounts they hold for students, faculty, staff, and other individuals. FTC enforcement begins on June 1, 2010.

In order to comply with the Rule, the University of Illinois has instituted a Red Flags Program ("Program"), which takes effect on June 1, 2010. The program comprises the following elements:

A Red Flags Identity Theft Prevention Policy, specifying

• The unit activities covered by the Rule
• The assignment of compliance responsibility to the units
• Methods for achieving compliance

A set of best‐practice guidelines for implementation of the Program, including

• A list of unit activities that are covered by the Rule
• Best‐practice guidelines that apply to activities covered by the Rule
• A requirement that units self‐identify as carrying out activities that are subject to the Rule
• Unit reporting requirements
• Annual risk assessment and Program updates, including

Analysis of unit reports

• Notation of any changes in frequency, methods, or patterns of identity theft
• Reevaluation of the Program for effectiveness in identifying, preventing, responding to, and mitigating the effects of identity theft associated with covered accounts

An annual report to the CFO, including

• Results of the annual risk assessment
• Recommendations for any needed changes to the Program