Back to Top
Business and Financial Policies and Procedures

19.2.2 Comply with the Red Flags Rule

Policy Statement

If the Red Flags Rule applies to your unit, you must have procedures in place to detect, prevent, respond to, and lessen the effects of identity theft for accounts covered by the Rule.

Procedure

To comply with the Red Flags Rule:

  1. Consult the University of Illinois Red Flags Rule Identity Theft Prevention Program for suggestions on implementing your Red Flag procedures.
  2. Ensure you are following the University's data security and privacy policies as well as legislation for FERPA (Family Educational Rights and Privacy Act), HIPAA (Health Insurance Portability and Accountability Act), and PIPA (Illinois Personal Information Protection Act).
  3. Document your procedures for monitoring and detecting instances of red flags. Include step-by-step instructions for compliance to the Rule and what to do if you suspect a security breach.
  4. Ensure all involved employees and supervisors are trained in these procedures.
  5. Ensure that any third-party service providers your unit contracts with comply with the relevant requirements of the Red Flags Rule. Ensure that service providers report to you any incidents related to the data they handle on your behalf.
  6. Designate a Red Flags unit contact person.
  7. Follow the guidelines in 19.2.3 Verify Identity for In-Person Services when providing in-person services.
  8. Complete and submit the Red Flags Unit Registration and Update form each year.
  9. Report confirmed or suspected identity theft, including incidents reported by third-party service providers. Complete and submit the Red Flags Incident Report form for each incident as soon as possible.

Forms Associated with this Procedure

Red Flags Unit Registration and Update
Red Flags Incident Report

Related Policies and Procedures

19.2.1 Determine if the Red Flags Rule Applies to Your Unit
19.2.3 Verify Identity for In-Person Services

Additional Resources

University of Illinois Red Flags Rule Identity Theft Prevention Program
FERPA (Family Educational Rights and Privacy Act)
HIPAA (Health Insurance Portability and Accountability Act)
PIPA (Illinois Personal Information Protection Act)
Fighting Identify Theft with Red Flag Rules - Examples of Red Flags under the heading How to Comply: A Four Step Process, Identify Relevant Red Flags, from the Federal Trade Commission.

Last Updated: January 21, 2016 | Approved: Senior Associate Vice President for Business and Finance | Effective: January 2002

Give us feedback about this page Submit Feedback