政策 韦斯特蒙特学院身份盗窃项目
Westmont College (“the College”) is committed to taking all reasonable and appropriate measures to prevent identity theft. To that end, and in keeping with the 联邦 Trade Commission’s (FTC) Red Flag Rules,1 the college developed this program to detect, prevent and mitigate instances of identity theft2 与个人身份信息有关3 the college maintains; and information received or activity observed related to the same information that signals potential identity theft. 大学董事会认为这个项目是合适的, 因此于5月8日批准了该计划, 2009. 这个项目是由行政副总统管理的.
I. 识别潜在的身份盗窃
一经提供,开立和维护承保账户4 the college will review personally identifiable information presented for suspicious activity that signals potential identity theft. 这些 红旗警报 包括但不限于:
- 贷款或学费证明文件提交不准确, 不一致或不匹配的个人身份信息
- 重复退回寄往帐户持有人的无法投递的邮件
- Sudden and repeated delinquent payments on an otherwise consistently current covered account
- 收到账户持有人的身份被盗的通知
- Receipt of a credit report obtained in connection with an employment offer that contains a fraud alert
- Photo identification presented that is inconsistent with the person presenting the document
- 收到伪造、变造的文件
检测红旗警报
The college will take one or more of the following steps in order to detect the red flags described above
- 核实身份是否符合政府签发的身份证明(例如.g., driver’s license, social security card, state issued identification card)
- Verification of identity prior to issuing employee or student identification card
- 在提供所涵盖的帐户资料前核实身份
- 验证所提供的个人身份信息
防止和减轻身份盗窃
Upon detection of circumstances constituting a red flag alert or where personally identifiable and unencrypted information, in electronic or paper form has been or may have been accessed by someone without authority, 学院将采取以下一项或多项措施:
- 定期监控覆盖账户的危险信号
- 密码保护所有受保帐户
- Preserve the security of the college website and/or provide notice when security has been compromised
- Notify the holder of the individual account to inform him/her of the activity or incident signaling potential fraud
- Not open covered accounts until all identification discrepancies are resolved
- Provide student or employee with new identification number where original number has been compromised
- Change account holders internet protocol in connection with covered account
- Routinely and securely destroy paper documents bearing personally identifiable information
- Provide victim of identity theft with information on state and federal agencies designed to mitigate identity theft and recover identity (e.g.加州隐私保护办公室,联邦贸易委员会)
- 在适当情况下通知执法部门
- 确定对未列出的红旗警报的其他适当响应
All known or potential incidents of identity theft are to be reported to the Vice President for Administration, 谁来通知信息技术副总裁和首席信息官, 及大学顾问.
项目管理
- 项目监督和更新
开发责任, implementing and updating this Program lies with the Vice President for Administration (the “Program Administrator”) in consultation with the Vice President for Information Technology and CIO, 及大学顾问. The program administrator will be responsible for ensuring college employees are appropriately trained on the program, 检查任何危险信号的报告, and determining which steps of prevention and mitigation are appropriate under the circumstances. The program administrator is also responsible for routinely reviewing the program to determine what if any changes are necessary or appropriate. - 员工培训及报告
学院工作人员负责开放, maintaining and monitoring covered accounts; or for managing personally identifiable information shall be trained by the program administrator in the detection of red flag. 工作人员 will notify the program administrator upon receipt of information signaling identity theft. 每年, directors of areas of staff with responsibility for covered accounts and identifiable information shall report to the program administrator on the effectiveness of the identity theft program. - 服务提供商监督
In the event the college engages a service provider to perform an activity in connection with covered accounts, the college will take the following steps to ensure the service provider performs its activities in accordance with reasonable policies and procedures designed to detect, 防止和减轻身份盗窃的风险.
• Require service providers to have policies to identify, prevent and mitigate identity theft
• Require that service providers have determined the red flags that might occur in the course of their providing services under their contracts
• Require that service providers review the college’s list of 红旗警报 and report any instances to the program administrator
1The FTC’s Red Flag Rules implement section 114 of the Fair and Accurate Credit Transactions Act of 2003. A Red Flag alert is defined as a pattern or practice or specific activity that indicates the possible existence of identity theft.
2Identity theft is a fraud committed or attempted using the identifying information of another of another person.
3个人身份信息是任何可能使用的姓名或号码, alone or in conjunction with any other information to identify a specific person. 为本程序的目的, “personally identifiable information” includes but is not limited to the following:
-
社会安全号码
-
学生证号码
-
驾驶执照号码
-
政府签发的身份证号码
-
财务账号(e.g. 学费账号)
-
信用卡/借记卡号码
-
Personal Identification Number associated with a financial/credit/debit account number
-
银行路由信息
-
计算机登录和密码信息