With oversight of the Program Administrator, the Program will be administered by a committee comprised of, at minimum, representation from the offices of Business Affairs, Human Resources, Computing and Telecommunications, Public Safety, and the Office of General Counsel. The committee is jointly responsible for developing, implementing and updating the Program throughout the University system. The committee will also be responsible for ensuring appropriate training of University staff on the Program, for reviewing any staff reports regarding the detection of Red Flags and the steps for identifying, preventing and mitigating identity theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the Program.
The Program will be periodically reviewed and updated to reflect changes in identity theft risks and technological changes. The Program Administrator and committee will consider the University’s experiences with identity theft, changes in identity theft methods; changes in identity theft detection, mitigation and prevention methods; changes in types of accounts the University maintains; changes in the University’s business arrangements with other entities, and any changes in legal requirements in the area of identity theft. After considering these factors, it will determined whether changes to the Program, including the listing of Red Flags, are warranted.
The Program Administrator shall confer with all appropriate University personnel as necessary to ensure compliance with the Program. The Program Administrator shall annually report to the President on the effectiveness of the Program. The Program Administrator shall present any recommended changes to the President for approval. The President’s approval shall be sufficient to make changes to the University Identity Theft Program.