The program shall be updated periodically to reflect changes in risks to customers or to the safety and soundness of the organization from identity theft based on factors such as:
(a) The experiences of the organization with identity theft;
(b) Changes in methods of identity theft;
(c) Changes in methods to detect, prevent and mitigate identity theft;
(d) Changes in the types of accounts that the organization offers or maintains;
(e) Changes in the business arrangements of the organization, including mergers, acquisitions, alliances, joint ventures and service provider arrangements.
(Ord. 109-09. Passed 7-13-09.)