The policy of the University of Wisconsin System is to protect persons holding certain consumer accounts with a UW System institution from identity theft through an appropriate program of identity theft prevention.
This policy applies to all UW System institutions.
The purpose of this policy is to implement an identity theft prevention program at UW System institutions in compliance with Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003, and its implementing regulations, commonly known as the “Red Flags Rule” (“Rule”) issued by the Federal Trade Commission, 16 Code of Federal Regulations, Part 681.
4.0 Identity Theft Prevention Program
4.1 Establishment of Institutional Identity Theft Prevention Programs.
Each UW System institution must develop a plan for identifying patterns, practices, and specific forms of activity that indicate possible identity theft in connection with accounts covered by FACTA and the Red Flags Rule, and for implementing an institutional program of identity theft prevention.
4.2 Identification of “Covered Accounts.”
A “covered account” is a consumer account that involves multiple payments or transactions, such as a loan that is billed or payable monthly. Covered accounts at UW System institutions include, but are not limited to, accounts established under the Federal Perkins Loan Program, and approved partial tuition payment plans [see UW System Administrative Policy 805, Tuition and Fee Policies for Credit Instruction (formerly F44), Attachment C.2]. UW System institutions shall review other billing accounts and arrangements that involve multiple payments or transactions to determine whether they are covered by FACTA and the Red Flags Rule.
4.3 Identification and Detection of Red Flags.
As used in the Rule, a “red flag” is any pattern, practice, or activity that indicates the possible existence of identity theft. For all covered accounts, UW System institutions shall review the methods to open or access such accounts, and any previous instances of identity theft in connection with such accounts. Categories of red flags include: (a) notifications or warnings from credit reporting agencies and other third parties; (b) presentation of suspicious documents; (c) unusual use of accounts; and (d) presentation of suspicious identifying information. Each institution shall review current policies and procedures to address detection of red flags for each type of covered account, focusing on verifying identity, authenticating customers, monitoring transactions, and verifying the validity of change of address requests.
4.4 Responses to Red Flags.
UW System institutions shall implement appropriate responses to detected red flags to prevent and mitigate identity theft. Appropriate responses may include: (a) denying access to the covered account until the red flag is eliminated; (b) contacting the account holder; (c) changing passwords, security codes, or other security devices that permit access to a covered account; (d) closing the account; (e) notifying law enforcement; or (f) determining that no response is warranted under the circumstances.
5.0 Oversight of Identity Theft Prevention Program
5.1 Delegation to Chancellor or Designee.
The chancellor of each UW System institution, or his or her designee, shall have primary responsibility for developing, implementing, and updating an institutional identity theft prevention program. No later than April 15, 2009, each UW System institution shall submit the plan for its identity theft prevention program to the UW Vice President for Finance for review and approval.
5.2 Periodic Review.
The designated official at each institution shall, as appropriate, periodically review the institution’s experiences with identity theft, changes in identity theft methods, risks, detection, and prevention, and make necessary changes to the institutional plan. New accounts or activities that may constitute covered accounts shall be reviewed for inclusion in the institutional program. Any subsequent changes to an institution’s plan should be submitted to the UW System Vice President for Finance for review and approval.
History: Res. 9598, adopted 02/06/2009, created Regent Policy Document 21-4. Res. 10835, adopted 03/09/2017, authorized technical corrections.