May 14, 2025  
Employee Handbook 
    
Catalog Navigation
  Publication Home
  Table of Contents
  About Howard College
  Former and Current Trustees Years of Service
  Membership Associations
  Guiding Principles
  Organizational Structure
  Institutional Effectiveness and Advancement
  Business and Operating Policies and Procedures
  Relationship of Full-Time Employee to College
  Relationship of Faculty to College
  Relationship of Non-Exempt Employee to College
  Relationship of Exempt Employee to College
  Relationship of Part-Time Employee to College
  Appendix
  My Portfolio
HELP
Employee Handbook

Policy: 4.13 Identity Theft Prevention

Business and Operating Policies and Procedures  

Policy: 4.13 Identity Theft Prevention

Adoption Date: March 31, 2015  Revised

The Howard County Junior College District (“College”) developed this Identity Theft Prevention Policy (“Policy”) pursuant to the Federal Trade Commission’s Red Flags Rule (“Rule”), which implements Section 114 of the Fair and Accurate Credit Transactions (“FACT”) Act of 2003.  The College will maintain compliance with the FACT Act, its amendments and regulations.

 

A. Purpose

The purpose of the Policy is to implement procedures to detect, prevent, and mitigate Identity Theft in connection with the opening of a Covered Account or an existing Covered Account, and to provide continued administration of the Policy as defined in the College’s Identity Theft Prevention Procedures (“Procedures”). The Board of Trustees, through the approval of this Policy, directs management to create and implement procedures which shall include reasonable guidelines to:

1.   Identify Red Flags for new and existing Covered Accounts and incorporate those Red Flags into the Procedures. College Covered Accounts include Tuition and Room/Board Payment Plans (in-house and administered by Service Providers) and Emergency Loans to Students;

2.   Detect Red Flags that have been incorporated into the Procedures;

3.   Respond appropriately to any Red Flags that are detected to prevent and mitigate Identity Theft; and

4.   Ensure the Procedures are updated periodically to reflect changes with Identity Theft risks.

B. Administration

The Board of Trustees designates the Chief Financial Officer as the Administrator, and said designee is authorized to delegate duties under this Policy to appropriate staff. The Administrator will be responsible for:

1.   Oversight, development, implementation, and administration;  

2.   Ensuring appropriate training of relevant staff; 

3.   Periodically review and update the Procedures, as necessary, to reflect changes in risks to students and the soundness of the College from Identity Theft; and

4.   Ensuring that the activity of any Service Provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of Identity Theft  in performing any activity in connection with one or more Covered Accounts.

I.   Procedures

The purpose of these Identity Theft Prevention Procedures (“Procedures”) is to detect, prevent, and mitigate Identity Theft in connection with the opening of a Covered Account or an existing Covered Account, and to provide continued administration of the Identity Theft Prevention Policy (“Policy”) of the Howard County Junior College District (“College”).   In establishing these procedures related to the Policy, the College gave consideration to the size and complexity of the College’s operations and systems, as well as the nature and scope of the College’s activities.

II.  Definitions

Covered Account – primarily a consumer account that involves multiple payments or transactions.

Identity Theft – fraud committed or attempted using the identifying information of another person without authority.

Red Flag - a pattern, practice, or specific activity that indicates the possible existence of Identity Theft.

Service Provider - a person or entity that provides a service directly to the College.

III.  Covered Accounts

a.   College administered:

1.     Tuition and Room/Board Payment Plans

2.     Emergency Loans

b.     Service Provider administered:

1.     Tuition and Room/Board Payment Plans administered by any Service Provider

IV.  Identification of Relevant Red Flags

a.     The College considers the following risk factors in identifying Red Flags for Covered Accounts:  

1.     The types of Covered Accounts as noted above.

2.     Application to the College requires the following information to confirm identity:

a.   Common application with personally identifying information;

b.   GED, high school or college transcript (whichever appropriate); and

c.   Official Texas Success Initiative Assessment (TSIA) Scores (i.e., ACT, SAT, etc).

3.     The methods provided to access Covered Accounts:

a.     Disbursements obtained in person require picture identification.

b.     Disbursements obtained by mail can only be mailed to an address on file.

4.     The College’s previous experiences with Identity Theft.

b.   The College will consider the following sources in identifying Red Flags for Covered Accounts:

1.     Incidents of Identity Theft that it has experienced;

2.     Experience from other institutions;

3.     Methods of Identity Theft that the College has identified as changes in Identity Theft risks and

4.     Applicable regulatory guidance and updates.

c.   The categories of Red Flags will include but are not limited to the following:

1.     Suspicious Documents

a.     Identification provided appears to have been altered, forged, or not authentic;

b.     Identification document or card with a person’s photo or physical description is inconsistent with the person presenting the document;

c.     Other document(s) with information is inconsistent with existing student information; and

d.     Application for Covered Accounts or services appears to have been altered or forged.

2.     Suspicious Personal Identifying Information

a.     Identifying information presented is inconsistent with other information the student provides (i.e., inconsistent birth date or social security number);

b.     Identifying information presented is inconsistent with other sources of information or with existing student information on file;

c.     Identifying information presented matches information that has been used on an account that is known to be fraudulent;

d.     Identifying information presented is the same of another student; and

e.     A student fails to provide required personal identifying information, especially after being reminded;

3.     Suspicious Covered Account Activity or Unusual Use of Account

a.     Change of address followed by a request to change the student’s name;

b.     Payments cease on an otherwise consistently up-to-date account;

c.     Mail sent to the student is repeatedly returned as undeliverable;

d.     Notice to the College that a student is not receiving mail sent by the College;

e.     Notice to the College that an account has unauthorized activity;

f.     Breach in the College’s computer system security; and

g.     Unauthorized access to or use of student account information.

4.     Notice from Other Sources

a.     Notice from a student, an Identity Theft Victim, law enforcement, or other persons or entities regarding possible Identity Theft in connection with Covered Accounts.

V.  Detection of Red Flags      

a.   Student Enrollment

In order to detect any of the Red Flags identified in Section C associated with the enrollment of a student, College personnel will:

1.       Require certain identifying information such as name, date of birth, home address, academic records, or other identification; and

2.       Verify the student’s identity at the time of issuance of a student identification card (review some type of photo identification and copy of student’s schedule).

b.   Existing Students

In order to detect any of the Red Flags identified in Section C for an existing student’s Covered Account, College personnel will:

1.      Verify the identity of students if they request information or request a change to permanent records whether in person or via telephone, facsimile or e-mail.

 

VI.   Responding to Red Flags

a.   The College shall take one or more of the following steps to each Red Flag detected, commensurate on the degree of risk posted: 

1.       Monitor a Covered Account for evidence of Identity Theft;

2.       Contact the student or potential student;

3.       Change passwords, security codes or other security devices that permit access to a Covered Account;

4.       Notify law enforcement;

5.       Determine no response is warranted under the particular circumstances.

 

VII.  Administration

a.  Responsibilities

Oversight, development, implementation, and updating of the Procedures lies with the Administrator, as designated by the Board of Trustees.  Per the Policy, the Administrator is authorized by the Board to delegate these duties to appropriate staff. 

b.  Staff Training

Relevant College staff shall be trained either by or under the direction of the Administrator in the detection of Red Flags, and the responsive steps to be taken when a Red Flag is  detected.       College employees are expected to notify the Administrator once they become aware of an incident of Identity Theft or the College’s failure to comply with the Policy.

c.  Service Provider Agreements

The College shall take steps to ensure the activity of a Service Provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of Identity Theft in performing any activity in connection with one or more Covered Accounts.  Prior to contracting with a Service Provider, the College will obtain a copy of their Identity Theft Prevention Program to ensure compliance with the FTC’ Red Flags Rule. 

d.  Updates

The Administrator will periodically review and update the Procedures to address changes in risks from Identity Theft to students and the soundness of the College from Identity Theft, as well as make recommendations to the Board of Trustees regarding changes to the Policy as needed.  In doing  so the Administrator will consider the College’s experiences with Identity Theft, changes in methods of  Identity Theft, changes in methods of detecting, preventing, and mitigating Identity Theft, changes in types of accounts the College maintains, and changes in the College’s business arrangements with other entities.