Loading...
For the purpose of this chapter, the following definitions shall apply unless the context clearly indicates or requires a different meaning.
(a) “Covered account” means:
(1) An account that a financial institution or creditor offers or maintains, primarily for personal, family, or household purposes that involves or is designed to permit multiple payments or transactions. Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts and savings accounts; and
(2) Any other account that the financial institution or creditor offers or maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the financial institution or creditor from identity theft, including financial, operational, compliance, reputation or litigation risks.
(b) “Identify theft” means fraud committed or attempted using the identifying information of another person without authority.
(c) “Red flag” means a pattern, practice or specific activity that indicates the possible existence of identity theft.
(Ord. 109-09. Passed 7-13-09.)
The Utility Billing Department establishes an Identity Theft Prevention Program to detect, prevent and mitigate identity theft. The program shall include reasonable policies and procedures to:
(a) Identify relevant red flags for covered accounts.
(b) Detect red flags and report them to the Finance Director.
(c) Respond appropriately to any red flags that are detected to prevent and mitigate identity theft.
(d) Ensure the program is updated periodically to reflect changes in risks to customers and to the safety and soundness of the creditor from identity theft
(Ord. 109-09. Passed 7-13-09.)
(a) The Finance Director shall be designated the “Privacy Official” responsible for the development, implementation, oversight and continued administration of the program.
(b) The program shall require training of pertinent staff to effectively implement the program; and
(c) The program shall exercise appropriate and effective oversight of service provider arrangements.
(Ord. 109-09. Passed 7-13-09.)
The program shall include relevant red flags from the following categories as appropriate:
(a) Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services;
(b) The presentation of suspicious documents;
(c) The presentation of suspicious personal identifying information;
(d) The unusual use of, or other suspicious activity related to, a covered account; and
(e) Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts.
(Ord. 109-09. Passed 7-13-09.)
The program shall address the detection of red flags in connection with the opening of covered accounts and existing covered accounts, such as by:
(a) Obtaining identifying information about, and verifying the identity of, a person opening a covered account; and
(b) Authenticating customers, monitoring transactions, and verifying the validity of change of address requests in the case of existing covered accounts.
(Ord. 109-09. Passed 7-13-09.)
The program shall provide for appropriate responses to detected red flags to prevent and mitigate identity theft. The response shall be commensurate with the degree of risk posed. Appropriate responses may include:
(a) Monitor a covered account for evidence of identity theft;
(b) Contact the customer;
(c) Change any passwords, security codes or other security devices that permit access to a covered account;
(d) Reopen a covered account with a new account number;
(e) Not open a new covered account;
(f) Close an existing covered account;
(g) Notify law enforcement; or
(h) Determine no response is warranted under the particular circumstances.
(Ord. 109-09. Passed 7-13-09.)
The program shall be updated periodically to reflect changes in risks to customers or to the safety and soundness of the organization from identity theft based on factors such as:
(a) The experiences of the organization with identity theft;
(b) Changes in methods of identity theft;
(c) Changes in methods to detect, prevent and mitigate identity theft;
(d) Changes in the types of accounts that the organization offers or maintains;
(e) Changes in the business arrangements of the organization, including mergers, acquisitions, alliances, joint ventures and service provider arrangements.
(Ord. 109-09. Passed 7-13-09.)
The Utility Billing Department shall take steps to ensure that the activity of a service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft whenever the organization engages a service provider to perform an activity in connection with one or more covered accounts.
(Ord. 109-09. Passed 7-13-09.)
(a) The Utility Billing Department shall develop policies and procedures designed to enable the organization to form a reasonable belief that a credit report relates to the consumer for whom it was requested if the organization receives a notice of address discrepancy from a nationwide consumer reporting agency indicating the address given by the consumer differs from the address contained in the consumer report.
(b) The Utility Billing Department may reasonably confirm that an address is accurate by any of the following means;
(1) Verification of the address with the consumer;
(2) Review of the utility's records;
(3) Verification of the address through third-party sources; or
(4) Other reasonable means.
(c) If an accurate address is confirmed, the Utility Billing Department shall furnish the consumer's address to the nationwide consumer reporting agency from which it received the notice of address discrepancy if:
(1) The City establishes a continuing relationship with the consumer; and
(2) The City, regularly and in the ordinary course of business, furnishes information to the consumer reporting agency.
(Ord. 109-09. Passed 7-13-09.)