Identity Theft Prevention (Red Flags Rule) Program

Millions of Americans are victims of identity theft each year—17.6 million in 2014 alone. The number of victims grows each year, and the cost to individuals and businesses is huge. To combat identity theft at a business level, the Federal Trade Commission enacted the Red Flags Rule (the "Rule"). The Rule compels companies and organizations that handle personal information and financial accounts (which identity thieves misuse) to establish identity theft prevention programs.

The University of Illinois System adopted an Identity Theft Prevention policy and program in 2010. Administration and universities are not exempt from the Rule, because each has unit that handles personal data and conduct financial activities covered by it. For instance, the system bills individuals through Accounts Receivable, and each university has meal plan accounts that thieves could misuse. In addition, many units enter or alter personal identifying information, and ID Centers vet the identity of each person who receives an ID card. These are just a few examples of our operations that relate to funds or data at risk for theft.

This site provides the material you need to comply with the policy, as follows:

• Covered Activities explains what activities require a unit to comply with University of Illinois policy and the Rule.
• General Requirements lists the conditions that all covered units must meet to comply with Rule.
• Additional Activity-specific Requirements are listed for Accounts and Cards.
• Forms is the repository for the unit registration and annual update form, incident form, and exception form.

For big-picture and background information, refer to descriptions of the Identity Theft Prevention Program. For a primer on the Red Flags Rule, read the FTC's Fighting Identity Theft with the Red Flags Rule.

If you have questions, email the Red Flags Steering Committee: rfsc@uillinois.edu.

Last Updated: July 23, 2018