Red Flags Rule

Overview:

The Red Flags Rule was issued by the Federal Trade Commission (FTC) to help organizations detect, prevent, and mitigate identity theft in their daily operations.  Red Flags are suspicious patterns or practices or specific activities that indicate the possibility that identity theft may occur.  The University's Identity Theft Prevention Program (ITPP), or Red Flags Rule Program, was approved by the University's Board of Trustees in 2009. All departments, colleges, and units who are involved with handling Personally Identifiable Information (PII) must comply with the University's ITPP and develop reasonable processes and procedures to verify the identity of persons for whom services are being provided and to detect, prevent, and mitigate any instances of identity theft.

Other links of interest:


UNC Charlotte Procedures and WebForms

Red Flags Rule Annual Survey, to be completed by Key Areas (as defined in Procedures)

Red Flag Detection Form, to be completed if Red Flags are detected in the course of University operations

Note that, while we are specifically concerned with Key Areas from a risk management perspective, all employees who are involved with handling PII must comply with the University's ITPP.  The following can be used to educate your staff regarding the Red Flags Rule:

  • UNC Charlotte’s Red Flags Rule Procedures include specific actionable items on how to prevent and mitigate identity theft, including a “Red Flag Identification and Detection Grid.”
  • A 3 ½-minute video overview of the Red Flags Rule can be viewed at any time by all faculty and staff via the University’s Security Awareness Training Course located in Canvas (Module 11: Red Flags Rule). Access guidance is also available via the FAQ page.