[teknoids] Red Flags Rule :: Delayed ::

Elmer Masters elmer at teknoids.net
Sat May 2 13:26:39 EDT 2009


The FTC has pushed back enforcement of the rule 3 months, until August
1: http://www.ftc.gov/opa/2009/04/redflagsrule.shtm.

Seems like they're hoping Congress will step up and more narrowly
define what a creditor is for the purpose of the rule.

Elmer.
Just say I always a good follow up.


On Fri, Apr 24, 2009 at 10:31 AM, Elmer Masters <elmer at teknoids.net> wrote:
> Well this is interesting.  Not sure if it really applies to
> Universities, but hey what do I know:)  What Greg is referring to is
> the FTC's "Red Flags Rule".  They have a website at
> http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml with
> the fuzzy details.  The intent of the rule really seems to be that it
> "seeks to prevent identity theft by ensuring that your business or
> organization is on the lookout for the signs that a crook is using
> someone else’s information, typically to get products or services from
> you with no intention of paying." (pg7 of "Fighting Fraud with the Red
> Flags Rule: A How-To Guide for Business"
> http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.pdf).  In a
> nutshell you may need policies in place to make sure someone doesn't
> pay for law school using a stolen identity.
>
> FWIW, the question is/will be whether or not educational institutions
> are considered "creditors" under the rule.  This search
> http://www.google.com/search?q=ftc+red+flag+rules+university reveals
> that a number of universities have already adopted policies addressing
> the rule.
>
> Elmer.
> web guy at teknoids.net
>
>
> On Thu, Apr 23, 2009 at 7:31 PM, Greg Mathes <gmathes at pacific.edu> wrote:
>> All,
>>
>>
>>
>> Our parent university is working to update the institutional privacy policy
>> in consideration of updated FTC regulations.  Apparently, the original scope
>> of these FTC regulation changes was thought to be limited to financial
>> institutions, but is now being generally considered to include anyone that
>> offers any form or deferred payment.  As we understand it, the new
>> requirements that go into effect on May 1 include:
>>
>> Having your privacy policy conspicuously posted, including
>>
>> Identifying categories of protected information
>> Identifying categories of anyone that you share this data
>> Detailing any procedures that allow updating of your constituents personal
>> information
>> Detailing your method of notifying individuals when their information has
>> been updated
>>
>> Inventorying and assessing risk of all systems that contain “protected
>> information”
>> Maintaining an active committee of group that investigates any changes made
>> to “red flag” areas, for possible security holes
>>
>>
>>
>> Have others had this issue lobbed over their transom recently?  If so, do
>> you have any written policies that you could share?
>>
>>
>>
>> Many thanks,
>>
>>
>>
>> Greg
>>
>>
>>
>> Greg Mathes, Chief Technology Officer
>>
>> University of the Pacific, McGeorge School of Law
>>
>> 3200 5th Ave. Sacramento, CA 95817
>>
>> (Office) 916-739-7224
>>
>> (Fax) 916-739-7388
>>
>>
>>
>> _______________________________________________
>> You are currently subscribed to teknoids as: elmer at teknoids.net.
>> To unsubscribe send a blank email to teknoids-leave at ruckus.law.cornell.edu
>> --
>> See the web interface at
>> http://ruckus.law.cornell.edu/mailman/listinfo/teknoids to get your list
>> password, unsubscribe, and view your list settings.
>>
>


More information about the Teknoids mailing list