Identity Theft Prevention

Kutztown University Policy TEC-002

  1. Purpose

    This policy is to help protect employees, customers, its contractors and the University from damages related to the loss or misuse of sensitive information. Furthermore, to ensure compliance with the rules issued by the Federal Trade Commission pursuant to the Fair and Accurate Credit Transactions ACT (FACTA), the University will establish an “Identity Theft Prevention Program” with reasonable policies and procedures designed to detect, identify, and mitigate identity theft in its covered accounts.   

  2. Scope

    This policy and protection program applies to employees, contractors, consultants, temporary workers, and other workers of the University.  Responsibility for the Identity Theft Prevention Program lies with the Vice President for Administration and Finance and the Controller serves as the Program Administrator. The Program Administrator will review the University’s identity theft program annually and will update the program if warranted to reflect changes in identity theft risks and technological changes.     

  3. Key Words and Phrases

    1. Identify Theft:  Fraud committed or attempted using the identifying information of another person without authority. 

    2. Red Flag: A pattern, practice or specific activity that indicates the possible existence of identity theft. 

    3. Covered Account:  An account that the University maintains that is designed to permit multiple payments or transactions. 

    4. University Covered Accounts:

      1. Refund of credit balances involving student loans

      2. Refund of credit balances without student loans 

      3. Deferment of tuition payments 

      4. Emergency loans 

  4. Policy
    1. General Policy:   In order to identify Red Flags, the University considers the types of accounts that it offers and maintains, the methods it provides to open its covered accounts, the methods it provides to access its accounts, and its previous experiences with Identity Theft.  In support of this effort the university maintains an Identity Theft Red Flag program.
    2. Identity Theft Red Flag Program:  The program includes:
      1. Guidelines for identifying patterns, practices or specific activities that indicate the possible existence of an identity theft. 
      2. Identification of reasonable and appropriate action steps that will be taken when a pattern, practice or specific activity has been detected. 
      3. Processes for requiring that accounts accessed or managed by external vendors on behalf of the university have implemented an appropriate program.
      4. Training to educate employees on the program.
      5. Periodic review and updates to the program.
      6. Annual program reporting to appropriate university leadership. 

  5. Effective Dates

    April 30, 2009

  6. Approved by

    Council of Trustees

  7. Amendments 

    April 24, 2014:  Updated for compliance with federal rules under the Fair and Accurate
    Credit Transactions ACT (FACTA); and deleted Identity Theft Program procedure language. 

  8. Last Review

     December 24, 2013 
    April 29, 2014
    June 2026 (renamed from COT-007)