Identity Theft Red Flag Rules

Published: September 18th, 2008

Category: Memos

Kyle J. Cavanaugh, Senior Vice President for Administration

Recently, Congress passed the “Fair and Accurate Credit Transactions Act” (FACTA) to combat the growing threat of identity theft. The provisions of this Act and its implementing regulations, commonly referred to as the “Red Flag Rules,” apply to any entity that is considered to be a “creditor” under the Act. Generally, a “creditor” is any entity that regularly extends or renews credit by agreeing to defer payment for goods or services. While you may not ordinarily think of educational institutions and their related activities as being “creditors,” we have identified some activities—e. g., student loans and deferred payment arrangements by faculty practice plans—that will likely be covered under the Act.

In order to ascertain whether other activities are covered under the Act, we have prepared the attached questionnaire, which I am asking you to distribute to each unit reporting to you whose activities you believe may involve receiving deferred payments. Because of legally-mandated compliance deadlines, please make sure that the units’ completed questionnaires are returned not later than Friday, October 3rd. Instructions for completing and returning the questionnaire are set forth in the questionnaire itself. Upon receipt of the completed questionnaires, our Task Force will determine those units that require follow-up contact to determine the extent to which measures are in place to detect identity theft and what additional measures might be appropriate.

If you have any questions, please direct them to Michael W. Ford, Senior University Counsel, at (352) 392-1358 or


Comments are currently closed.