Red Flags Rule Red Flags Rule

The Red Flags Rule is a 2008 (clarified in 2010) FTC policy which sets out how certain businesses and organizations must develop, implement, and administer an Identity Theft Prevention Program designed to detect the warning signs (red flags) of identity theft in day-to-day operations. Taylor University falls under this rule and has implemented a Red Flag Program, including security-related policies and procedures, to protect students, employees, and alumni from identity theft.

As laid out in the Red Flags Rule, Taylor's program includes four basic elements, which together create a framework designed to deter, detect, and mitigate identity theft. Taylor's Red Flag Program is designed to allow the university to:
  1. identify patterns, practices, and specific types of activity, relevant to Taylor University business, that signal possible identity theft (red flags)
  2. incorporate business practices to detect red flags, including the education of operational staff
  3. detail an appropriate response to red flags
  4. keep our program updated to reflect changes in risks from identity theft


As defined by the Red Flags Rule, red flags fall into five categories:
  1. alerts, notifications, or warnings from a consumer reporting agency
  2. suspicious documents
  3. suspicious identifying information, such as a suspicious address
  4. unusual use of, or suspicious activity relating to a covered account
  5. notices from customers, victims of identity theft, law enforcement authorities, or other businesses about possible identity theft in connection with covered accounts

Taylor's Response

As employees of Taylor University, we share responsibility for indentifying and reporting identity theft attempts. Per Taylor's Red Flag Policy and using the above five categories as a guideline, the following five activities have been identified as potential red flag events specific to the business of Taylor University and require monitoring for possible red flags:
  1. Frequent Password Changes – Information Technology will regularly browse password management logs and report anomalies to the Program Administrator.
  2. Frequent Address Record Changes within Banner – Departmental Information Resource Coordinators (IRCs) will regularly run reports on address changes and report anomalies to the Program Administrator.
  3. Known Information Security Breach – Information Technology and other departments will monitor for information security breaches as part of standard business practice and report anomalies to the Program Administrator.
  4. Suspicious documents for business practices – multiple departments will verify that documents which may be required for a business transaction have not been altered. Examples include documents for various student services and documents required for employee hiring.
  5. External reports or credentials submitted to Taylor University via an outside agency. For example, HR or other departments that may require criminal background checks or financial background checks will monitor such reports for possible identity theft indicators. Business and Finance will verify that W9’s, Tax ID numbers, or any paperwork submitted for a financial transaction do not have the potential of identity theft.


Information about staff training will be provided soon...