Educause Security Discussion mailing list archives

Re: FTC and Red Flag Rule

From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Wed, 8 Oct 2008 14:46:34 -0600

Please note that on Wednesday, October 22, from 2-3pm U.S. Eastern Time,
EDUCAUSE will host a webcast featuring Naomi Lefkovitz from the Federal
Trade Commission (FTC) discussing the new federal regulations to address
identity theft that go into effect November 1, 2008. 

For details and connection instructions, visit 
http://connect.educause.edu/term_view/ID%2BTheft%2BRed%2BFlags
<http://connect.educause.edu/term_view/ID%2BTheft%2BRed%2BFlags>  and
refer to the "FTC Red Flags Webcast" tab under Featured Content. (The
summary for this webcast is also included below for your convenience.)

This Webcast is open to the public at no charge and no registration is
required. It will also be archived and accessible to all.

___________________

Summary: New federal regulations to address identity theft go into
effect November 1, 2008, and are likely to affect colleges and
universities in nuanced ways. Compliance will require careful study and
collaboration among business officers, human resources, legal counsel,
student services, IT, and other affected campus units. The rules require
users of consumer reports to develop reasonable policies and procedures
to apply when they receive a notice of address discrepancy from a
consumer reporting agency. They also require that institutions develop
and implement an Identity Theft Prevention Program for combating
identity theft in connection with new and existing accounts.

Who is subject to and must comply with the regulations on ID Theft Red
Flags and Notices of Address Discrepancy? What business practices at
colleges and universities are covered by the rules? What are some of the
things that entities subject to the rules must do? What role does IT
play in compliance with the rules? What are the penalties for failure to
comply? This webcast will address these and many other questions, in
addition to providing an online forum for community collaboration and
sharing.

___________________

Thank you,
Valerie
_____________ 

Valerie M. Vogel, Program Associate, EDUCAUSE 
310-450-6552 (phone/fax); vvogel () educause edu 
http://www.educause.edu/security 

 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sewell, Michael K.
Sent: Wednesday, October 08, 2008 1:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FTC and Red Flag Rule



I second that; I'd be very interested as well.

 

---

Michael K. Sewell 

Director, IT Security

University of Oklahoma

405.325.4862

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Theresa Semmens
Sent: Wednesday, October 08, 2008 3:09 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FTC and Red Flag Rule

 

Would you be willing to share with the group?  I'm sure many would be
interested in using your document as a template.

 

Theresa Semmens, CISA
NDSU IT Security Officer
PO Box 6050
North Dakota State University
Fargo, ND 58108
Phone: 701-231-5870
FAX: 701-231-8541
Theresa.Semmens () ndsu edu

"Opportunity is missed by most people because it is dressed in overalls
and looks like work."  Thomas Edison 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sherry, Cathy
Sent: Wednesday, October 08, 2008 2:54 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FTC and Red Flag Rule

 

Kevin, 

 

I am very interested in getting a copy of your document.  Our GC is
unsure also.

 

 

:: Catherine Sherry, CISSP, CISA - Principal Security Specialist
:: University Information Technology Services (UITS)
:: University of Massachusetts President's Office

:: 508-856-1547
:: 508-856-4844 Fax
:: csherry () umassp edu <mailto:csherry () umassp edu> 

University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA
01545 : www.massachusetts.edu <http://www.massachusetts.edu/> 

 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mclaughlin, Kevin
(mclaugkl)
Sent: Wednesday, October 08, 2008 3:38 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] FTC and Red Flag Rule

 

Hi Anand:

 

We are affected, or at least that is what my treasurer, GC and myself
believe based on our research into this.    I am currently going through
the final set of red flag rules and trying to prepare a high level
executive summary of what I think this means.  Of the 328 pages I have
been able to drop it down to 120 and am hoping to get that to a document
under 10 pages that is basically a  "this is what you should be doing"
doc.

 

If interested in getting a copy of that document (probably be early next
week before I am finished with it) just let me know.

 

-Kevin

 

 

Kevin L. McLaughlin

CISM, CISSP, GIAC-GSLC,PMP, ITIL Master Certified  

Director, Information Security

University of Cincinnati

513-556-9177 (w)

513-703-3211 (m)

513-558-ISEC (department)

 

 

  

 




CONFIDENTIALITY NOTICE: This e-mail message and its content is
confidential, intended solely for the addressee, and may be legally
privileged. Access to this message and its content by any individual or
entity other than those identified in this message is unauthorized. If
you are not the intended recipient, any disclosure, copying or
distribution of this e-mail may be unlawful. Any action taken or omitted
due to the content of this message is prohibited and may be unlawful.

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand Malwade
Sent: Wednesday, October 08, 2008 3:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FTC and Red Flag Rule

 


Hi, 

Does anyone know if Educational Institutions are affected by the FTC's
Red flag rule about maintaining an Identity Theft program ? If yes has
anyone implemented or has a roadmap for deployment? 
In my opinion if the rule is indeed applicable, the Institution's Legal
Counsel should drive the initiative and not IT. 

Any suggestions are welcome. 


http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensuri
ng-i.html
<http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensur
ing-i.html>  

http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm
<http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm>  



Thanks, 
Anand 



Anand Malwade, CISSP,CISM,CISA.
Information Security Officer,
Seton Hall University,
malwadan () shu edu

Current thread:

FTC and Red Flag Rule Anand Malwade (Oct 08)
- <Possible follow-ups>
- Re: FTC and Red Flag Rule Mclaughlin, Kevin (mclaugkl) (Oct 08)
- Re: FTC and Red Flag Rule David Lassner (Oct 08)
- Re: FTC and Red Flag Rule Anand Malwade (Oct 08)
- Re: FTC and Red Flag Rule Sherry, Cathy (Oct 08)
- Re: FTC and Red Flag Rule Theresa Semmens (Oct 08)
- Re: FTC and Red Flag Rule Sewell, Michael K. (Oct 08)
- Re: FTC and Red Flag Rule Valerie Vogel (Oct 08)
- Re: FTC and Red Flag Rule Basgen, Brian (Oct 08)
- Re: FTC and Red Flag Rule Rodney Petersen (Oct 08)
- Re: FTC and Red Flag Rule Allison Dolan (Oct 09)
- Re: FTC and Red Flag Rule Matthew Clark (Oct 09)
- Re: FTC and Red Flag Rule Schattle, Donald (Oct 09)
- Re: FTC and Red Flag Rule Smith, Bob (Oct 09)
- Re: FTC and Red Flag Rule Robin Stubbs (Oct 09)
- Re: FTC and Red Flag Rule Valdis Kletnieks (Oct 09)
- Re: FTC and Red Flag Rule Roger Safian (Oct 09)
- Re: FTC and Red Flag Rule Foerst, Daniel P. (Oct 09)

(Thread continues...)