Ohio Administrative Code
Title 3341 - Bowling Green State University
Chapter 3341-6 - Compliance with Occupational Safety and Health Standards
Section 3341-6-56 - Theft prevention policy (red flag rules)
Current through all regulations passed and filed through March 18, 2024
(A) Policy statement and purpose
Bowling Green state university has developed an identity theft prevention program pursuant to the federal trade commission's (FTC) red flag rules, found at 16 C.F.R. § 681.2, which implements Section 114 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003. The university's program is designed to detect, prevent and mitigate identify theft in connection with the opening of a covered account or any existing covered accounts within the university, and is appropriate to the size and complexity of the university as a creditor and the nature and scope of its activities.
The red flag rules require a creditor to periodically determine, by conducting a risk assessment, whether it offers or maintains covered accounts. The university adopts this identity theft prevention program to detect, prevent, and mitigate identity theft in connection with the opening of a "covered account" or any existing "covered account," and to provide for continued administration of the program. Upon identifying any covered account(s), the creditor is required to develop and implement a written identity theft prevention program designed to:
(B) Policy definitions
(C) Policy
(D) Oversight of the program
Successful implementation of the identity theft program ultimately is the responsibility of each office, the employees of each office that maintains accounts or databases covered by the program, and the university community as a whole. As permitted by the red flags rule regulations, responsibility for overseeing the administration of the program has been delegated by the board of trustees to the vice president for finance and administration and chief financial officer of the university.
The program administrator will be responsible for day-to-day administration, ensuring appropriate training of university staff on the program, reviewing any staff reports regarding the detection of red flags and the steps for preventing and mitigating identity theft, determining which steps of prevention and mitigation should be taken in particular circumstances, and considering periodic changes to the program.
(E) Oversight of service provider arrangements
The university shall take steps to ensure that the activity of a service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft whenever the organization engages a service provider to perform an activity in connection with one or more covered accounts. The university will require, by contract, that service providers have such policies and procedures in place and report any red flags to the program administrator.
(F) Approval by the board of trustees
Under the red flags regulations, implementation and oversight of the identify theft program is the responsibility of the governing body or an appropriate committee of such governing body. Approval of the initial plan must be appropriately documented and maintained. After its initial approval of the program, however, the governing body may delegate its responsibility to implement and oversee the identify theft program. As the governing body of Bowling Green state university, the board of trustees, through is audit committee, as of the date below, hereby approved the initial identity theft program. Having made such initial approval, the board of trustees hereby delegates the responsibility for implementing, monitoring, and overseeing the university's identity theft program to the vice president for finance and administration and chief financial officer.