FERPA Policy
The University’s FERPA Policy provides important information on the protection of student rights and privacy at UConn. The policy outlines student rights, when we may share information from education records, and the process for challenging the accuracy of education records.
The Red Flags Policy
In response to the growing threats of identity theft in the United States, Congress passed the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which amended a previous law, the Fair Credit Reporting Act (FCRA). This amendment to FCRA charged the Federal Trade Commission (FTC) and several other federal agencies with promulgating rules regarding identity theft. On November 7, 2007, the FTC, in conjunction with several other federal agencies, promulgated a set of final regulations known as the “Red Flags Rule”. The Red Flags Rule became effective November 1, 2008.
The Red Flags Rule regulations require entities with accounts covered by the Red Flags Rule regulations, including universities, to develop and implement a written Identity Theft Prevention Program for combating identity theft in connection with certain accounts. This Program must include reasonable policies and procedures for detecting, preventing and mitigating identity theft and enable the entity with covered accounts to:
- Identify relevant patterns, practices, and activities, dubbed “Red Flags”, signaling possible identity theft and incorporate those Red Flags into the Program;
- Detect Red Flags;
- Respond appropriately to any Red Flags that are detected to prevent and mitigate identity theft; and
- Ensure the program is updated periodically to reflect changes in risks.
The Red Flags Rule Program at the University of Connecticut is broader than this. To further encourage identity theft prevention, our program extends to not just financial or credit accounts, but any University account or database for which the University believes there is a reasonably foreseeable risk to the University, its students, faculty, staff, patients, constituents or customers from identity theft.
Use of Social Security Number Policy
This policy is intended to protect the confidentiality and privacy of students and employees of the University of Connecticut regarding the collection, use, and disclosure of Social Security numbers. Social Security numbers have been used to uniquely identify students and employees in various University systems. As systems are updated and replaced, the reliance on Social Security numbers should be used only as required.
Data Classification Policy
This policy defines the classifications of institutional data (i.e., the categories of data that the University is responsible for safeguarding) and the associated measures that are necessary to safeguard each classification. It applies to all University faculty, staff, students, student employees, volunteers, and contractors who have access to protected or confidential information.