Pitt red-flagged, must comply with new rules
April 15, 2009
To combat the growing trend of identity theft, the Federal Trade Commission has created the… To combat the growing trend of identity theft, the Federal Trade Commission has created the Red Flags Rules, with which Pitt must comply by May 1.
A ‘red flag’ is a suspicious pattern, practice or specific activity that indicates the possible existence of identity theft, according to an the Commission’s how-to guide for businesses.
The rules require businesses and organizations to implement a written identity theft prevention program to detect such warning signs.
Even though Pitt is not a ‘business,’ the rules extend to all financial institutions and creditors.
Colleges and universities are considered creditors, entities that regularly defer payments for goods or services, because they offer student loans.
Pitt has already taken steps to ensure students’ security by requiring online authentication and in-person identification for certain transactions, said University spokesperson John Fedele.
University employees are supposed to be on the lookout, too.
‘Employees are trained to spot anomalies that might indicate attempted identity theft,’ said Fedele. They are instructed to point out potential problems to their supervisers and, when appropriate, to law enforcement authorities.
Pitt already follows many of the commission’s red-flag rules because it already complies with the safeguarding rules of the Gramm-Leach-Billey Act.
The GLB Act, enacted in 1999, includes provisions to protect consumers’ personal financial information held by financial institutions, according to Pitt’s Web site.
However, following the GLB Act is not enough to prevent identity theft, said Sai Huda, CEO of Compliance Coach, a company that has created risk assessment software.
‘The Red Flags Rules are completely different,’ said Huda. Whereas the GLB Act provides privacy for non-public information, the Red Flags Rules require organizations to actively seek threats against identity security.
Huda said that identity thieves often target students because ‘they have a lack of skepticism when sharing information.’
The FTC’s 2008 crime data reported that the age group of 20 to 29 comprised 24 percent of the complaints against identity theft, said Huda.
He advised students to exercise more caution when asked for information at school.
There are identity theft rings around the country that go to campuses under the guise of a legitimate organizations, said Huda. They will ask for your information in the form of a job or credit card application, but ‘it’s really a sham.’
Huda also stressed that ‘prevention is key’ to protecting your information.
The Commission had originally set the compliance date for Nov. 1, 2008, but granted a six-month delay of enforcement. If organizations do not comply with new standards by May 1, he said the FTC can fine them and pursue legal action.
The government currently has 26 risks ‘red-flagged,’ but Compliance Coach’s software, CompliancePal, will perform risk assessment on 35 flags, said Huda.
‘