Educause Security Discussion mailing list archives
Re: FTC and Red Flag Rule
From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Wed, 8 Oct 2008 14:46:34 -0600
Please note that on Wednesday, October 22, from 2-3pm U.S. Eastern Time, EDUCAUSE will host a webcast featuring Naomi Lefkovitz from the Federal Trade Commission (FTC) discussing the new federal regulations to address identity theft that go into effect November 1, 2008. For details and connection instructions, visit http://connect.educause.edu/term_view/ID%2BTheft%2BRed%2BFlags <http://connect.educause.edu/term_view/ID%2BTheft%2BRed%2BFlags> and refer to the "FTC Red Flags Webcast" tab under Featured Content. (The summary for this webcast is also included below for your convenience.) This Webcast is open to the public at no charge and no registration is required. It will also be archived and accessible to all. ___________________ Summary: New federal regulations to address identity theft go into effect November 1, 2008, and are likely to affect colleges and universities in nuanced ways. Compliance will require careful study and collaboration among business officers, human resources, legal counsel, student services, IT, and other affected campus units. The rules require users of consumer reports to develop reasonable policies and procedures to apply when they receive a notice of address discrepancy from a consumer reporting agency. They also require that institutions develop and implement an Identity Theft Prevention Program for combating identity theft in connection with new and existing accounts. Who is subject to and must comply with the regulations on ID Theft Red Flags and Notices of Address Discrepancy? What business practices at colleges and universities are covered by the rules? What are some of the things that entities subject to the rules must do? What role does IT play in compliance with the rules? What are the penalties for failure to comply? This webcast will address these and many other questions, in addition to providing an online forum for community collaboration and sharing. ___________________ Thank you, Valerie _____________ Valerie M. Vogel, Program Associate, EDUCAUSE 310-450-6552 (phone/fax); vvogel () educause edu http://www.educause.edu/security ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sewell, Michael K. Sent: Wednesday, October 08, 2008 1:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] FTC and Red Flag Rule I second that; I'd be very interested as well. --- Michael K. Sewell Director, IT Security University of Oklahoma 405.325.4862 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Theresa Semmens Sent: Wednesday, October 08, 2008 3:09 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] FTC and Red Flag Rule Would you be willing to share with the group? I'm sure many would be interested in using your document as a template. Theresa Semmens, CISA NDSU IT Security Officer PO Box 6050 North Dakota State University Fargo, ND 58108 Phone: 701-231-5870 FAX: 701-231-8541 Theresa.Semmens () ndsu edu "Opportunity is missed by most people because it is dressed in overalls and looks like work." Thomas Edison From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Sherry, Cathy Sent: Wednesday, October 08, 2008 2:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] FTC and Red Flag Rule Kevin, I am very interested in getting a copy of your document. Our GC is unsure also. :: Catherine Sherry, CISSP, CISA - Principal Security Specialist :: University Information Technology Services (UITS) :: University of Massachusetts President's Office :: 508-856-1547 :: 508-856-4844 Fax :: csherry () umassp edu <mailto:csherry () umassp edu> University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA 01545 : www.massachusetts.edu <http://www.massachusetts.edu/> ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mclaughlin, Kevin (mclaugkl) Sent: Wednesday, October 08, 2008 3:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] FTC and Red Flag Rule Hi Anand: We are affected, or at least that is what my treasurer, GC and myself believe based on our research into this. I am currently going through the final set of red flag rules and trying to prepare a high level executive summary of what I think this means. Of the 328 pages I have been able to drop it down to 120 and am hoping to get that to a document under 10 pages that is basically a "this is what you should be doing" doc. If interested in getting a copy of that document (probably be early next week before I am finished with it) just let me know. -Kevin Kevin L. McLaughlin CISM, CISSP, GIAC-GSLC,PMP, ITIL Master Certified Director, Information Security University of Cincinnati 513-556-9177 (w) 513-703-3211 (m) 513-558-ISEC (department) CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential, intended solely for the addressee, and may be legally privileged. Access to this message and its content by any individual or entity other than those identified in this message is unauthorized. If you are not the intended recipient, any disclosure, copying or distribution of this e-mail may be unlawful. Any action taken or omitted due to the content of this message is prohibited and may be unlawful. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand Malwade Sent: Wednesday, October 08, 2008 3:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] FTC and Red Flag Rule Hi, Does anyone know if Educational Institutions are affected by the FTC's Red flag rule about maintaining an Identity Theft program ? If yes has anyone implemented or has a roadmap for deployment? In my opinion if the rule is indeed applicable, the Institution's Legal Counsel should drive the initiative and not IT. Any suggestions are welcome. http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensuri ng-i.html <http://www.dciginc.com/2008/08/ftc-issues-red-flag-rules-reminder-ensur ing-i.html> http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm <http://www.ftc.gov/bcp/edu/pubs/business/alerts/alt050.shtm> Thanks, Anand Anand Malwade, CISSP,CISM,CISA. Information Security Officer, Seton Hall University, malwadan () shu edu
Current thread:
- FTC and Red Flag Rule Anand Malwade (Oct 08)
- <Possible follow-ups>
- Re: FTC and Red Flag Rule Mclaughlin, Kevin (mclaugkl) (Oct 08)
- Re: FTC and Red Flag Rule David Lassner (Oct 08)
- Re: FTC and Red Flag Rule Anand Malwade (Oct 08)
- Re: FTC and Red Flag Rule Sherry, Cathy (Oct 08)
- Re: FTC and Red Flag Rule Theresa Semmens (Oct 08)
- Re: FTC and Red Flag Rule Sewell, Michael K. (Oct 08)
- Re: FTC and Red Flag Rule Valerie Vogel (Oct 08)
- Re: FTC and Red Flag Rule Basgen, Brian (Oct 08)
- Re: FTC and Red Flag Rule Rodney Petersen (Oct 08)
- Re: FTC and Red Flag Rule Allison Dolan (Oct 09)
- Re: FTC and Red Flag Rule Matthew Clark (Oct 09)
- Re: FTC and Red Flag Rule Schattle, Donald (Oct 09)
- Re: FTC and Red Flag Rule Smith, Bob (Oct 09)
- Re: FTC and Red Flag Rule Robin Stubbs (Oct 09)
- Re: FTC and Red Flag Rule Valdis Kletnieks (Oct 09)
- Re: FTC and Red Flag Rule Roger Safian (Oct 09)
- Re: FTC and Red Flag Rule Foerst, Daniel P. (Oct 09)
(Thread continues...)