Statement Regarding Identity Theft Prevention
ShorelineCommunity College has adopted this statement in compliance with the Federal Trade Commission’s “Red Flags Rule” (72 Fed. Reg. 63718). The College has only a limited number of “covered accounts” within the definition of the Red Flags Rule (e.g., the tuition deferment program and limited short-term loan programs) and has assessed the risk of identity theft to be very low in light of procedures already in place; for example, procedures that the College already performs in order to comply with the Family Educational Rights and Privacy Act (FERPA).
For this purpose, sensitive informationobtained in the operation of our covered accounts is defined as names, addresses, student identification numbers, telephone numbers, credit card numbers and expiration dates, and the amounts of individual debts. This information may be stored in hard copy or in computer files. In hard-copy form it is stored only in secure, locked offices, such as the cashier’s office and the registrar’s office, and associated secure filing areas.
Staff at the college regularly undergo training in FERPA. Various federal and state laws also set forth procedures for protection of sensitive information; for example, prohibitions against printing more than the last four digits of credit card numbers on receipts and against the long-term retention of credit card numbers in databases. Staff who handle sensitive information will continue to be trained in FERPA, which will be enhanced to ensure that staff are aware of the signs of identity theft. Managers also undergo training and ensure that staff are in compliance.
Certain “red flags” or unexpected occurrences that might be considered a red flag result in staff investigating for an attempt at identity theft. Such red flags include suspicious or altered identification or documentation, suspicious address changes, notice from a student that he or she is a victim of identity theft, notice from law enforcement or other authorities about the possibility of an identity theft, and any type of security breach involving the theft of personal information.
To prevent identity theft occurrences, College staff monitors covered accounts. Appropriate identification is required before any consultation, all account information is stored securely, and all covered accounts are short-term and designed to last for no more than three months.
If a potentially fraudulent activity is detected, the staff member witnessing such activity will immediately notify staff in the business office and/or the safety and security office. Actions in response may include canceling the transaction, monitoring the account for unusual activity, contacting the student, and notifying and cooperating with appropriate law enforcement.
The College’s procedures in this area are regularly reviewed and updated as necessary by management.