Red Flags Identity Theft Prevention
What is the Red Flags Rule ?
The Red Flags Rule was issued by the Federal Trade Commission (FTC) in 2009 to help organizations detect, prevent, and mitigate identity theft in their daily operations.
Red Flags are suspicious patterns or practices or specific activities that indicate the possibility that identity theft may occur.
UO Red Flags Team
- Registrar, Jim Bouse
- BAO Student Financial Services, Krista Borg
- Payroll, Shelby Cooper
- BAO Financial Services, Rob Freytag
- University Health Center, Volga Koval
- BAO Information Systems, Mark McCulloch
- Information Security Office and IS Accounts Team, Cleven Mmari
- Financial Aid, Morgan Ramsey Daniel
- UO Card Office, Tamarra White
The University's Identity Theft Prevention Program (ITPP), section1.6 of the UO Fiscal Procedures is available on the UO Fiscal Policy Manual site. The program was originally developed by the former Oregon University System and was refined in 2020 by the UO Red Flags team (link to team charter).
All units that process Personally Identifiable Information (PII) must:
- Comply with the University's Identity Theft Prevention Program (ITPP),
- Verify the identity of persons before providing services, and
- Detect, prevent, and mitigate any instances of identity theft.
- Annual Survey of Identity Theft Prevention Units (ITPUs),
- Report a Security incident, if a Red Flag is detected.
- UO Identity Theft Prevention Program document.
- UO Identity Theft Prevention Training in My Track
- Full text of the FTC's Red Flags Rule FTC 16 CFR Part 681, as amended by the Red Flag Program Clarification Act of 2010 (effective Jan. 1, 2011)
- SEC and CFTC's final Identity Theft Red Flags Rule rule (effective May 20, 2013)
- Other FTC resources:
- NACUBO Red Flags Rule resources
- IRS site on Identity Protection