Back to Top
Business and Financial Policies and Procedures

19.2.1 Determine if the Red Flags Rule Applies to Your Unit

Policy Statement

The University is subject to and complies with the Federal Trade Commission (FTC) Identity Theft Red Flags Rule (Red Flags Rule, The Rule), which is a component of the Fair and Accurate Credit Transactions Act of 2003.

The Red Flags Rule applies to the University of Illinois wherever we administer the types of accounts covered by the Rule. If your unit enters, alters, or maintains personally identifying information, such as name, birth date, address, phone number, gender, social security number, NetID, Enterprise ID, email address, and UINs, you must comply with the Rule's requirements.

Procedure

To determine if the Red Flags Rule applies to your unit:

  1. Determine if your unit enters, alters, or maintains personally identifying information in:
    • Banner, HR Front End, DART, the i-card database, or similar systems. (Filing an I-9 is exempt from the Red Flags Rule.)
    • Systems that generate UINs, Net IDs, email addresses, or other personal identifiers
    • SAR or GAR accounts administered by or on behalf of your unit
    • Payroll records
    • Administering accounts distributed by declining balance or debit (for example, meal plans, Extra Credits, Campus Cash, Dragon Dollars, and scholarships or other aid or funds)
  2. Determine if your unit engages in any of these activities:
    • Making loans
    • Administering campus-based student loans
    • Issuing cards used to access accounts
    • Using consumer credit reports such as those issued by Experian, TransUnion, and Equifax
    • Reporting information to credit reporting agencies
    • Selling or transferring debts to a third party
    • Pursuing debt collection in cases where services were not paid for (even if your unit requires payment at the time of service)
    • Billing for fines
    • Leasing to individuals for personal use or non-business purposes
  3. If your unit engages in any of the activities in Step #1 or 2, you must (19.2.2) Comply with the Red Flags Rule requirements.

Related Policies and Procedures

19.2.2 Comply with the Red Flags Rule

Additional Resources

University of Illinois Red Flags Rule Identity-Theft Prevention Program
Federal Trade Commission (FTC) Identity Theft Red Flags Rule
Fair and Accurate Credit Transactions Act of 2003

Last Updated: January 21, 2016 | Approved: Senior Associate Vice President for Business and Finance | Effective: January 2002

Give us feedback about this page Submit Feedback