Skip to Content

Red Flags Rule Program

Definitions of Red Flag Rule Terms

  • Covered Account: A consumer account or payment plan that involves multiple payments over time.

  • Creditor: Any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.

  • Identifying Information: Any name or number that may be used, alone or in conjunction with any other information, to identify a specific person.

  • Identity Theft: A fraud committed using the identifying information of another person.

  • Personally Identifiable Information (PII):Personally identifiable information includes any piece of information, which may be used to uniquely identify, contact, or locate an individual, and includes, but is not limited to:
    • All or part of a Social Security Number (SSN) in any form
    • Personal Identification Numbers: SSN, Passport number, driver’s license, taxpayer ID, patient ID
    • Date and place of birth
    • Unpublished home addresses or phone numbers,
    • Full name, maiden name, mother’s maiden name, or alias associated with an individual
    • Internet Protocol (IP) addresses or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people
    • Passwords, personal Identification Numbers (PINs), computer accounts and passwords.
    • Information identifying personally owned property, such as vehicle registration or identification number, and title numbers and related information
    • Biometric records (e.g., x-rays, fingerprints, voice signatures, or retinal scans)
    • Medical history
    • Medical conditions, including history of disease
    • Criminal history
    • Education history (if not available in publicly released or releasable records)
    • Employment history (if not available in publicly released or releasable records), including ratings, disciplinary actions, performance elements, and standards (or work expectations) are PII when they are so intertwined with performance appraisals that their disclosure would reveal an individual’s performance appraisal
    • Nature of personal leave taken
    • Financial information including credit card numbers, bank account numbers, and bank routing numbers
    • Security clearance history or related information (not including actual clearances held)

    • Information related to an individual that is not PII includes:
    • Office address or telephone number
    • Home address or telephone number (if published in directories)
    • Business or personal email address
    • Education history separately available in publicly released or releasable records
    • Employment history separately available in publicly released or releasable records

  • Red Flag: A pattern, practice, or specific activity that indicates the possible existence of identity theft. Red flags fall into several categories such as:
    • Presentation of suspicious documents, such as an altered or forged identification card.
    • Suspicious personal identifying information, such as a fictitious address or telephone number.
    • Unusual use of or suspicious activity related to an account, such as mail sent to an individual that is repeatedly returned as undeliverable.

    Questions about the University of Virginia's Red Flag Rule Program? Contact us at: