[Adopted by Ord. No. 12-07-09G]
The City hereby adopts the attached Identity Theft Prevention
Program in compliance with Part 681 of Title 16 of the Code of Federal
Regulations implementing Sections 114 and 315 of the Fair and Accurate
Credit Transactions Act (FACTA) of 2003. Said program is established
and designed to detect, prevent and mitigate identity theft in connection
with the opening of an account or an existing covered account and
to provide for continued administration of the programs pursuant to
federal regulations.
The purpose of this article is to establish an Identity Theft
Prevention Program designed to detect, prevent and mitigate identity
theft in connection with the opening of a covered account or an existing
covered account and to provide continued administration of the program
in compliance with Part 681 of Title 16 of the Code of Federal Regulations
implementing Sections 114 and 315 of the Fair and Accurate Credit
Transactions Act (FACTA) of 2003.
As used in this article, the following terms shall have the
meanings indicated:
An account that a financial institution or creditor offers or
maintains primarily for personal, family or household purposes that
involves or is designed to permit multiple payments or transactions.
Covered accounts include credit card accounts, mortgage loans, automobile
loans, margin accounts, cell phone accounts, utility accounts, checking
accounts and savings accounts; and
Any other account that the financial institution or creditor
offers or maintains for which there is a reasonably foreseeable risk
to customers or to the safety and soundness of the financial institution
or creditor from identity theft, including financial, operational,
compliance, reputation or litigation risks.
Fraud committed or attempted using the identifying information
of another person without authority.
A pattern, practice or specific activity that indicates the
possible existence of identity theft.
A.
The City
of Mendota provides utility services to its residents and therefore
establishes an Identity Theft Prevention Program to detect, prevent
and mitigate identity theft. The Program shall include reasonable
policies and procedures to:
(1)
Identity
relevant red flags for covered accounts it offers or maintains and
incorporate those red flags into the program;
(2)
Detect
red flags that have been incorporated into the program;
(3)
Respond
appropriately to any red flags that are detected to prevent and mitigate
identity theft; and
(4)
Ensure
the program is updated periodically to reflect changes in risks to
customers and to the safety and soundness of the creditor from identity
theft.
B.
The program
shall, as appropriate, incorporate existing policies and procedures
that control reasonably foreseeable risks.
A.
The City Council of the City of Mendota shall be responsible for
the development, implementation, oversight and continued administration
of the program;
B.
The program shall train staff, as necessary, to effectively implement
the program; and
C.
The program shall exercise appropriate and effective oversight of
service provider arrangements.
A.
The program shall include relevant red flags from the following categories
as appropriate:
(1)
Alerts, notifications, or other warnings received from consumer reporting
agencies or service providers, such as fraud detection services;
(2)
The presentation of suspicious documents;
(3)
The presentation of suspicious personal identifying information;
(4)
The unusual use of, or other suspicious activity related to, a covered
account; and
(5)
Notice from customers, victims of identity theft, law enforcement
authorities, or other persons regarding possible identity theft in
connection with covered accounts.
B.
The program shall consider the following risk factors in identifying
relevant red flags for covered accounts as appropriate:
The program shall address the detection of red flags in connection
with the opening of covered accounts and existing covered accounts,
such as by:
The program shall provide for appropriate responses to be detected
red flags to prevent and mitigate identity theft. The response shall
be commensurate with the degree of risk posed. Appropriate responses
may include:
A.
Monitor a covered account for evidence of identity theft;
B.
Contact the consumer;
C.
Change any passwords, security codes or other security devices that
permit access to a covered account;
D.
Reopen a covered account with a new account number;
E.
Not open a new covered account;
F.
Close an existing covered account;
G.
Notify law enforcement; or
H.
Determine no response is warranted under the particular circumstances.
The program shall be updated periodically to reflect changes
in risks to customers or to the safety and soundness of the organization
from identity theft based on factors such as:
A.
The experiences of the organization with identity theft.
B.
Changes in methods of identity theft.
C.
Changes in methods to detect, prevent and mitigate identity theft.
D.
Changes in the types of accounts that the organization offers or
maintains.
E.
Changes in the business arrangements of the organization, including
mergers, acquisitions, alliances, joint ventures, and service provider
arrangements.
B.
Reports shall be prepared as follows:
(1)
Staff responsible for development, implementation and administration
of the program shall report to the City Council of the City of Mendota
at least annually on compliance by the organization with the program.
(2)
The report shall address material matters related to the Program
and evaluate issues such as:
(a)
The effectiveness of the policies and procedures in addressing
the risk of identity theft in connection with opening of covered accounts
and with respect to existing covered accounts;
(b)
Service provider agreements;
(c)
Significant incidents involving identity theft and management's
response; and
(d)
Recommendations for material changes to the program.
The City of Mendota shall take steps to ensure that the activity
of a service provider is conducted in accordance with reasonable policies
and procedures designed to detect, prevent and mitigate the risk of
identity theft whenever the organization engages a service provider
to perform an activity in connection with one or more covered accounts.
A.
The City of Mendota shall develop policies and procedures designed
to enable the organization to form a reasonable belief that a credit
report relates to the consumer for whom it was requested if the organization
receives a notice of address discrepancy from a nationwide consumer
reporting agency indicating the address given by the consumer differs
from the address contained in the consumer report.
C.
If an accurate address is confirmed, the City of Mendota shall furnish
the consumer's address to the nationwide consumer reporting agency
from which it received the notice of address discrepancy if: