PCC compliance
1. Pretexting Rule
CC’s Board of Directors Resolution B710: Identity Theft Prevention Program supports:
- GLBA Pretexting Rule
- Federal Red Flag Rule (16 CRF 681)
- Sections 114 and 315 of the Fair and Accurate Credit Transactions Act (FACT Act) of 2003
- Oregon Identity Theft Act as provided by ORS 646A.622(2)(a) and (b)
To meet GLBA standards in this regard, PCC must:
- Educate employees to recognize social engineering attacks
PCC IT actively promotes social engineering education for students, faculty, and staff.- Our Information Security (InfoSec) Department has a prescribed method of engagement in support of victims of identity theft, including federal pamphlets and instructional materials.
- Since 2016, PCC Information Technology (IT) has conducted district-wide programs during October in support of National Cyber Security Awareness Month – including TED Talks, video productions, in-person support and educational events, promotional materials, guest speakers, FBI engagement, etc.
- IT has produced several educational videos on various topics from “phishing” to “what to do if your identity has been stolen” that are posted on the PCC website.
- The InfoSec and Client Services teams actively engage users in direct education when dealing with tickets and incidents.
- The Service Desk is trained to answer general queries regarding information security and identity theft.
- Federal Red Flag Rule (16 CRF 681)
PCC has established an active Red Flag Committee with representation from Finance, IT, Human Resources, faculty, Internal Auditor, Registrar, and other key constituents. The Committee meets quarterly to review risks, incidents, policy, and other topics pertinent to identity theft.
2. Privacy Rule
PCC is considered in compliance with the Privacy Rule because we are in compliance with the Family Educational Rights and Privacy Act (FERPA).
3. Safeguards Rule
Details on PCC’s actions to comply with the Safeguards Rule can be found on the engaging with the Safeguards Rule page.