Document establishment and maintenance of procedures for the identification, prevention, and mitigation of possible instances of identity theft, also refered to as the "Red Flags Rule."

These records found in all media (paper, digital, or other) may include but are not limited to:

• procedures for identifying red flags for new and existing covered accounts, detecting red flags, responding to any red flags detected;
• determinations that the consumers whose personal information was subject to a breach of security are unlikely to suffer harm;
• notifications from students, identity theft victims, law enforcement, or other party;
• related documentation.