[Ord. No. 1953, 11-12-2008]
To establish an Identity Theft Prevention Program designed to
detect, prevent and mitigate identity theft in connection with the
opening of a covered account or an existing covered account and to
provide for continued administration of the program in compliance
with Part 681 of Title 16 of the Code of Federal Regulations implementing
Sections 114 and 315 of the Fair and Accurate Credit Transactions
Act (FACTA) of 2003.
[Ord. No. 1953, 11-12-2008]
As used in this Article, the following terms shall have these
prescribed meanings:
An account that the City maintains, primarily for personal,
family or household purposes that involves or is designed to permit
multiple payments or transactions. Covered accounts include utility
accounts.
Any other account that the City offers or maintains for which
there is a reasonably foreseeable risk to customers or the safety
and soundness from identity theft, including financial, operational,
compliance, reputation or litigation risks.
Fraud committed or attempted using the identifying information
of another person without authority.
A pattern, practice or specific activity that indicates the
possible existence of identity theft.
[Ord. No. 1953, 11-12-2008]
A.
The
City establishes an Identity Theft Prevention Program which includes
reasonable policies and procedures to:
1.
Identify relevant red flags for covered accounts it offers or maintains
and incorporate those red flags into the program;
2.
Detect red flags that have been incorporated into the program;
3.
Respond appropriately to any red flags that are detected to prevent
and mitigate identity theft; and
4.
Ensure the program is updated periodically to reflect changes in
risks to customers and to the safety and soundness of the creditor
from identity theft.
|
|
The program shall, as appropriate, incorporate existing policies
and procedures that control reasonably foreseeable risks.
|
[Ord. No. 1953, 11-12-2008]
A.
Relevant
red flags include the following categories:
1.
Alerts, notifications or other warnings received from consumer reporting
agencies or service providers, such as fraud detection services;
2.
The presentation of suspicious documents;
3.
The presentation of suspicious personal identifying information;
4.
The unusual use of, or other suspicious activity related to, a covered
account;
5.
Notice from customers, victims of identity theft, law enforcement
authorities or other persons regarding possible identity theft in
connection with covered accounts; and
6.
Requests for public records which seek birth dates and/or social
security numbers.
B.
The
following risk factors shall be considered in identifying relevant
red flags for covered accounts:
[Ord. No. 1953, 11-12-2008]
A.
To
aid in the detection of red flags in connection with the opening of
covered accounts and existing covered accounts, the City shall:
[Ord. No. 1953, 11-12-2008]
A.
Appropriate
responses to detected red flags to prevent and mitigate identity theft
may include:
1.
Monitor a covered account for evidence of identity theft;
2.
Contact a customer;
3.
Change any passwords, security codes or other security devices that
permit access to a covered account;
4.
Reopen a covered account with a new account number;
5.
Not open a new covered account;
6.
Close an existing covered account;
7.
Notify law enforcement;
8.
Redact all birthday and social security number information in response
to a Sunshine Law request; or
9.
Determine no response is warranted under the particular circumstances.
[Ord. No. 1953, 11-12-2008]
A.
The
Program shall be updated periodically to reflect changes in risks
to customers or to the safety and soundness of the organization from
identify theft based on factors such as:
1.
The experiences of the organization with identity theft;
2.
Changes in methods of identity theft;
3.
Changes in methods to detect, prevent and mitigate identity theft;
4.
Changes in the types of accounts that the organization offers or
maintains;
5.
Changes in the business arrangements of the organization, including
mergers, acquisitions, alliances, joint ventures and service provider
arrangements.
[Ord. No. 1953 , 11-12-2008]
B.
Reports Shall Be Prepared As Follows.
1.
Staff responsible for development, implementation and administration
of the program shall report to the Council at least annually on compliance
by the organization with the program.
2.
The report shall address material matters related to the program
and evaluate issues such as:
a.
The effectiveness of the policies and procedures in addressing the
risk of identity theft in connection with the opening of covered accounts
and with respect to existing covered accounts;
b.
Service provider agreements;
c.
Significant incidents involving identity theft and management's response;
and
d.
Recommendations for material changes to the program.
[Ord. No. 1953, 11-12-2008]
The organization shall take steps to ensure that the activity
of a service provider is conducted in accordance with reasonable policies
and procedures designated to detect, prevent and mitigate the risk
of identity theft whenever the organization engages a service provider
to perform an activity in connection with one (1) or more covered
accounts.
[Ord. No. 1953, 11-12-2008]
A.
The
City shall develop policies and procedures designed to enable the
organization to form a reasonable belief that a credit report relates
to the consumer for whom it was requested if the organization receives
a notice of address discrepancy from a nationwide consumer reporting
agency indicating the address given by the consumer differs from the
address contained in the consumer report.
C.
If
an accurate address is confirmed, the City shall furnish the consumer's
address to the nationwide consumer reporting agency from which it
received the notice of address discrepancy if:
