Re: Institution-Wide Identity Theft Management

[Trevor Wallis <twallis () SBTS EDU>]

Dennis,



In compliance with the FTC’s Identity Theft Red Flags and Address
Discrepancies rule at 16 CFR part 681, my institution established an
Identify Theft Prevention Program including a set of “Red Flags” rules,
response procedures, and employee training.  Let me know if you’re
interested in the details.



All regards,



Trevor



*Trevor A. Wallis*
*Vice President of Campus Technology*

*Chief Information Officer*

[image: Description: The SBTS shield logo.]

Southern Seminary
2820 Lexington Road
Louisville, KY 40280

*Phone: 502.897.4193*
Fax: 502.897.4125
twallis () sbts edu



*Don't be a phishing victim – Southern Seminary and other reputable
organizations will never use email to ask for your password, social security
number or confidential personal information.  *





*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Self, Dennis
*Sent:* Thursday, February 17, 2011 10:19 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Institution-Wide Identity Theft Management



Please forgive this repost.  With only three responses (thanks to those who
did), it is obviously best to ask for open responses to the list!



I proposed the notion of pursuing an institution-wide identity theft
management policy and practice at my institution, to cover multiple
compliance requirements.  In summary, the notion is to require
authorization, training, certification, audit and periodic renewal of
privilege to process SSN, payment instrument account and security numbers,
etc.  I have been asked if other universities are pursuing this as well.
 Have you taken this approach?



Dennis Self

Director, IT Security & Compliance

Samford University

800 Lakeshore Drive

Birmingham, AL 35229-2293

(205) 726-2692