§ 31.56 PREVENTION AND MITIGATION OF IDENTITY THEFT.
   (A)   In the event that any city employee responsible for or involved in restoring an existing covered account or accepting payment for a covered account becomes aware of red flags indicating possible identity theft with respect to existing covered accounts, such employee shall use his or her discretion to determine whether such red flag or combination of red flags suggests a threat of identity theft. If, in his or her discretion, such employee determines that identity theft or attempted theft is likely or probable, such employee shall immediately report such red flags to his or her supervisor. If, in his or her discretion, such employee deems that identity theft is unlikely or that reliable information is available to reconcile red flags, the employee shall convey this information to his or her supervisor, who may in his or her discretion determine that no further action is necessary. If the supervisor in his or her discretion determines that further action is necessary, a city employee shall perform one or more of the following responses, as determined to be appropriate by his or her supervisor:
      (1)   Contact the customer;
      (2)   Make the following changes to the account if, after contacting the customer, it is apparent that someone other that the customer has accessed the customer's covered account:
         (a)   Change any account numbers; or
         (b)   Close the account;
      (3)   Cease attempts to collect additional charges from the customer and decline to sell the customer's account to a debt collector in the event that the customer's account has been accessed without authorization and such access has caused additional charges to accrue;
      (4)   Notify law enforcement, in the event that someone other than the customer has accessed the customer's account causing additional charges to accrue or accessing personal identifying information; or
      (5)   Take other appropriate action to prevent or mitigate identity theft.
   (B)   In the event that any city employee responsible for or involved in opening a new covered account becomes aware of red flags indicating possible identify theft with respect to an application for a new account, such employee shall use his or her discretion to determine whether such red flag or combination of red flags suggests a threat of identity theft. If, in his or her discretion, such employee determines that identity theft or attempted identity theft is likely or probable, such employee shall immediately report such red flags to his or her supervisor. If, in his or her discretion, such employee deems that identity theft is unlikely or that reliable information is available to reconcile red flags, the employee shall convey this information to his or her supervisor, who may in his or her discretion determine that no further action is necessary. If the supervisor in his or her discretion determines that further action is necessary, a city employee shall perform one or more of the following responses, as determined to be appropriate by his or her supervisor.
      (1)   Request additional identifying information from the applicant;
      (2)   Deny the application for the new account;
      (3)   Notify law enforcement of possible identity theft; or
      (4)   Take other appropriate action to prevent or mitigate identity theft.
(Ord. 122-2010, passed 12-2-10)