Office of Origin: Financial Services, Student Services, and Human Resources
Date Adopted: 04-28-09
Date Reviewed: 01-15-12
Last Date Modified & Approved: 01-15-12
Policy Statement: Lake Michigan College (the College) has developed an Identity Theft Prevention Program (the Program) designed to detect, prevent, and mitigate identity theft risks in connection with student and employee records that are subject to potential fraudulent activities. The Program supports section 114 of the Fair & Accurate Credit Transactions Act (FACTA) of 2003 for Red Flag rules regarding the duties of creditors and users of consumer reports with respect to the prevention of identity theft.
The College is considered a creditor under the Red Flag rules, because it:
- Participates in the Direct Loan Program.
- Offers a payment plan of tuition and fees throughout the semester rather than requiring full payment at the beginning of the semester.
- Offers institutional or grant sponsored loans to students, faculty, and staff (e.g., Muhammad Ali Emergency Loan, Berger Loan Fund, South Haven Rotary Emergency Loan, Employee Computer Purchase Loan).
- Allows students with financial aid to make credit purchases at the bookstore.
In addition, the College has a duty to address, identify, and respond to inconsistencies as part of its access to credit bureau reports.
In compliance with Red Flag Rules, the College will develop and maintain a Program designed to prevent, detect, and mitigate identity theft in connection with opening of a covered account or an existing covered account and to provide for continued administration of the Program.
The Program will include reasonable procedures to:
1. Identify relevant red flags for covered accounts it offers or maintains and incorporate those red flags into the program.
2. Detect red flags are incorporated into the Program related to fraudulent activities.
3. Respond appropriately if red flags are detected to prevent and mitigate identity theft.
4. Ensure Program is updated periodically to address changes in identity theft risks.
5. Verify employee identities, respond to inconsistencies, and manage discrepancies with employee background checks that include credit reports.
6. Provide a tracking system that documents red flags and fraud incidents.
7. Provide incident reports for an annual review process.
The Program may, as appropriate, incorporate existing policies and procedures that control reasonably foreseeable risks.
If the College outsources operations to a third party service provider, the College is still responsible for compliance to the Red Flag Rules. The written agreement between the College and the third-party service provider must require the third party to have reasonable policies and procedures designated to detect Red Flags that may arise in the performance of the service provider activities. A copy of the third party policies and procedures must be obtained and kept with the related contract.
All employees who process information related to a covered account will be provided training by the College during employee orientation. Each employee who processes information related to a covered account will also be recertified annually.
Responsibility: Executive Director, Information Technologies Vice President, Student Services Vice President, Administrative Services Director of Purchasing
References: Fair & Accurate Credit Transactions Act (FACTA) of 2003 for Red Flag Rules 2007 Final Rules, Federal Trade Commission (FTC) FACTA Red Flag Rule