FTC Red Flags Rule
The Federal Trade Commission, along with the banking regulatory agencies, has issued regulations intended to protect consumers from identity theft. Under the Red Flags Rule, as it is known, creditors with covered accounts are required to adopt and follow a written identity theft policy. Most colleges and universities are likely to be subject to the rule, which takes effect November 1, 2008. After several delays, FTC began officially enforcing the new identity theft rules under 16 CFR 681.2 on January 1, 2011.
- Enforcement of Red Flags Rule Begins (January 26, 2011)
- FTC Extends Red Flags Rule Deadline (July 15, 2010)
- Red Flags Rule Deadline Extended to June 1 2010 (November 5, 2009)
- FTC Again Extends Red Flags Deadline (July 30, 2009) Another extension brings the compliance deadline to November 1.
- More Time Allowed for Identity Theft Compliance (May 8, 2009) The Federal Trade Commission has announced an extension of the compliance deadline until August 1 for creditors and financial institutions to adopt written identity theft prevention policies under its new Red Flags regulation. The agency also promised to provide a template to help low-risk entities, such as those which know their customers personally, comply.
- Deadline Extended for Red Flags Rule (October 23, 2008) The FTC will not take any enforcement actions relative to the identity theft rules under 16 CFR 681.2 before May 1, 2009.
- FTC's Red Flags Rule Likely to Affect Colleges (September 23, 2008) A summary of the rule and an analysis of its applicability to institutions of higher education prepared for NACUBO by two attorneys from Hogan & Hartson, LLP.
- The Red Flags Rule: Frequently Asked Questions. Discusses coverage, designing a program, and FTC compliance and enforcement plans.
- Complying with the Red Flags Rule: Do-It-Yourself Program for Businesses at Low Risk for Identity Theft. This on-line template walks the user through questions to develop a simple program. (July 2009)
- Fighting Fraud with the Red Flags Rule. This new "how-to guide for business" was prepared by the FTC to help you prepare and implement a program for identifying red flags and mitigating risk of identity theft. (April 2009)
- Federal Register notice--final rule, (February 9, 2007)
- FTC Rules under 16 CFR Part 681. NACUBO has pulled out the relevant pages from the Federal Register notices and reformatted for easier reading.
- Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation, published as an appendix to the Red Flags Rule, provides an outline for developing a program (also reformatted).
- FTC Business Alert, New Red Flag Requirements for Financial Institutions and Creditors Will Help Fight Identity Theft (June 2008)
- FTC Enforcement Delay Notice (October 22, 2008)
- Sample Institutional Red Flags Policy #1: from "Green" University, a private research university in the south (November 24, 2008)
- Sample Institutional Policy #2--University of Puget Sound
- Sample Institutional Policy #3--University of California, Los Angeles
- Sample Institutional Policy #4--Xavier University
- Sample Institutional Policy #5--University of Connecticut
- Model Identity Theft Policy and FACTA Compliance: University of Tennessee Municipal Technical Advisory Service (September 2008) This model policy is intended for municipalities, and as such, does not meet the needs of colleges directly, but is provided as an illustration.
Share Your Efforts! NACUBO is seeking sample policies from any members who are willing to share their efforts.
Naomi Lefkovitz from the Federal Trade Commission discussed the new federal regulations to address identity theft during a webcast hosted by EDUCAUSE. The event, broadcast live on October 22, was archived and is available for viewing without charge. Please visit the EDUCAUSE website for details and connection instructions.
The webcast was offered by EDUCAUSE, in cooperation with NACUBO, American Council on Education (ACE), Coalition of Higher Education Assistance Organizations (COHEAO), College and University Professional Association for Human Resources (CUPA-HR) ,International Association of Privacy Professionals (IAPP), and National Association of College and University Attorneys (NACUA).
Vice President, Regulatory Affairs
- NACUBO Expresses Concerns with ED Proposal to Expand Federal Financial Responsibility Rules
- IRS Proposes Modifications to 1098-T Reporting
- ED Policy to Require Annual Student Aid Compliance Audits Beginning FY17
- 2016 Intermediate Accounting and Reporting Fall
October 24-25, 2016
- ON-DEMAND: The CBO's Role in Diversity and Inclusion on Campus
- ON-DEMAND: The Clery Act: Strategic Planning to Mitigate Institutional Risk
- ON-DEMAND: Title IX: Key Issues Surrounding Institutional Compliance
- ON-DEMAND: NACUBO Live! Higher Education Accounting Forum
- ON-DEMAND: Responsibility Center Management: Two Different Perspectives