151.09 PREVENTION AND MITIGATION OF IDENTITY THEFT.
   (a)   In the event that any City employee responsible for or involved in restoring an existing covered account or accepting payment for a covered account becomes aware of red flags indicating possible identity theft with respect to existing covered accounts, such employee shall use his or her discretion to determine whether such red flag or combination of red flags suggests a threat of identity theft. If, in his or her discretion, such employee determines that identity theft or attempted identity theft is likely or probable, such employee shall immediately report such red flags to the Safety-Service Director. If, in his or her discretion, such employee deems that identity theft is unlikely or that reliable information is available to reconcile red flags, the employee shall convey this information to the Superintendent of the department providing the service for which the covered account is created, who may in his or her discretion determine that no further action is necessary. If the Superintendent in his or her discretion determines that further action is necessary, a City employee shall perform one or more of the following responses, as determined to be appropriate by the Superintendent:
      (1)   Contact the customer;
      (2)   Make the following changes to the account if, after contacting the customer, it is apparent that someone other than the customer has accessed the customer's covered account:
         A.   Change any account numbers, passwords, security codes, or other security devices that permit access to an account; or
         B.   Close the account;
      (3)   Cease attempts to collect additional charges from the customer and decline to sell the customer's account to a debt collector in the event that the customer's account has been accessed without authorization and such access has caused additional charges to accrue;
      (4)   Notify a debt collector within 24 hours of the discovery of likely or probable identity theft relating to a customer account that has been sold to such debt collector in the event that a customer's account has been sold to a debt collector prior to the discovery of the likelihood or probability of identity theft relating to such account;
      (5)   Notify law enforcement, in the event that someone other than the customer has accessed the customer's account causing additional charges to accrue or accessing personal identifying information; or
      (6)   Take other appropriate action to prevent or mitigate identity theft.
   (b)   In the event that any City employee responsible for or involved in opening a new covered account becomes aware of red flags indicating possible identity theft with respect an application for a new account, such employee shall use his or her discretion to determine whether such red flag or combination of red flags suggests a threat of identity theft. If, in his or her discretion, such employee determines that identity theft or attempted identity theft is likely or probable, such employee shall immediately report such red flags to the Superintendent of his department. If, in his or her discretion, such employee deems that identity theft is unlikely or that reliable information is available to reconcile red flags, the employee shall convey this information to the Superintendent of his department, who may in his or her discretion determine that no further action is necessary. If the Superintendent in his or her discretion determines that further action is necessary, a City employee shall perform one or more of the following responses, as determined to be appropriate by the Superintendent:
      (1)   Request additional identifying information from the applicant;
      (2)   Deny the application for the new account;
      (3)   Notify law enforcement of possible identity theft; or
      (4)   Take other appropriate action to prevent or mitigate identity theft.
         (Ord. 09-20. Passed 4-27-09.)