REG 07.70.01 – Identity Theft Prevention Program

Authority: Chancellor.

History: First Issued: May 1, 2009. Last Revised: May 27, 2025.

Related Policies:
NCSU POL08.00.01 – Use of IT Resources Policy 
NCSU REG08.00.02 – Use of IT Resources Regulation 
NCSU REG08.00.03 – Data Management Procedures 
NCSU REG01.25.11 – Process for Requesting Access to Social Security Numbers 
NCSU REG11.00.01 – Family Education Rights and Privacy (FERPA)

Additional References:
FTC Identity Theft Red Flags and Address Discrepancies Rule 
Federal Rule on Customer Identification Programs 
N.C. Gen. State. § 14-453 (1999) – computer-related crimes
North Carolina Identity Theft Protection Act (2005 SB-1048) 
Identity Theft Prevention Program (ITPP) Document

Contact Info: University Controller (919-515-3824)

---

1. INTRODUCTION

This Regulation is issued to implement compliance with the FTC Identity Theft Red Flags and Address Discrepancies Rule at 16 CFR part 681.

1.1. The general purpose of this Regulation is to detect, prevent, and mitigate identity theft in connection with certain financial accounts maintained at North Carolina State University (NC State). Additional details regarding the identity theft and NC State’s Identity Theft Prevention Program are in the Identity Theft Prevention Program (ITPP) Document. The ITPP addresses (1) identification of relevant identity theft Red Flags for our university, (2) detection of Red Flags, (3) appropriate responses to Red Flags to prevent and mitigate identity theft and (4) periodic updates to the ITPP and other materials to reflect changes in risks. All capitalized terms in this regulation have been defined in the ITPP.

2. SCOPE

The ITPP defines the scope of this regulation and lists the departments with Covered Accounts with their respective responsibilities.

3. PROGRAM ADMINISTRATION

The University Controller shall be the Program Administrator and shall chair the Red Flag Rules Committee.

The Red Flag Rules Committee shall be appointed by the Executive Vice Chancellor, Finance and Administration, and the Executive Vice Chancellor and Provost, and shall assist the Program Administrator with the implementation and oversight of the Program (including the ITPP).  The Program Administrator shall maintain the definitive list of personnel serving as members of the Red Flag Rules Committee.

4. NON-COMPLIANCE AND VIOLATIONS

4.1.  Non-compliance and violations will be addressed as follows:

4.1.1.  This regulation requires compliance with the ITPP, and employees who violate this regulation or the ITPP will be subject to sanctions by the university in accordance with the applicable employee disciplinary procedures.

4.1.2.  For all others, violations will result in appropriate action depending on their affiliation with the university and the degree of impact on the university.

4.1.3.  Violations of law may also be referred for criminal prosecution.

4.1.4.  The Program Administrator or the Program Administrator’s designees may authorize suspending access to a Covered Account for as long as necessary to protect the account, to prevent an ongoing threat of harm to persons or property, or to prevent a threat to university operations, services or activities.