(A) Introduction. The city operates certain utilities that offer residents and property owners the following services:
(1) Sanitary sewers.
(2) Storm sewers.
(3) Garbage pick-up.
(4) Potable water.
(B) Operational information. The Board of Works is the governing body for all utilities.
(C) Purpose of these rules.
(1) The purpose of these rules is to identify opportunities that could allow unauthorized access to customers confidential information, to alert employees of the potential for identity theft, to recognize situations when new accounts may be opened using false information, and to provide guidance on avoiding these situations so we can prevent identify theft, or the establishment of false accounts or the use of false methods to pay said accounts by methods associated with identity theft.
(2) “CONFIDENTIAL INFORMATION” is any information about a customer that may be used for identity theft such as date of birth, social security number, driver’s license number, photograph address, utility account number, bank account number(s) or any other information that may be obtained as part of the application process or payment, and maintained as part of the utilities files and records.
(D) Risk assessment. Identify documents that contain confidential information:
(1) New accounts:
(a) An application process is followed to establish a new account. The applicant must fill out an application for water, sewer and garbage service. All personal information on the application is verified by having the applicant provide a photo ID such as a state issued driver’s license or state issued identification card.
(b) Any application not signed and witnessed in the utility office must be notarized in order to verify the authenticity of the applicant(s)’s signature(s).
(c) Applications that are submitted by fax must have the original notarized application filed with the utility department within ten business days of the receipt of the faxed application.
(2) Account information:
(a) A customer’s confidential information is entered into the Utility Department’s computer billing software. The customer’s confidential information is protected by two separate passwords. These passwords are changed every 90 days as a security precaution.
(b) The City Clerk-Treasurer and the utility clerical personnel who are involved in the application and billing process have access to these passwords. No other city employee shall have access to these passwords.
(c) All paper applications are kept in a locked file cabinet. There are only three keys to this cabinet. These keys are assigned to the utility clerk, assistant clerk and Clerk-Treasurer.
(3) Payment methods: The Utility Department office employees may only accept payment on accounts in the following manner:
(a) Cash.
(b) Check from the customer drawn on the customer’s bank account. Payments received by check will be scanned. These checks will be kept by the Utility Department for at least 90 days. Once a month the Utility Department personnel shall shred all scanned checks that are at least 90 days old.
(c) Check from a third party as long as it is signed by the person named on the bank account. Payments received by check will be scanned. These checks will be kept by the Utility Department for at least 90 days. Once a month the Utility Department personnel shall shred all scanned checks that are at least 90 days old.
(d) Money order.
(e) Credit and debit cards.
(f) ACH - Invoice Cloud.
(g) Autopay - Invoice Cloud.
(E) Confidential client information. No confidential client information shall be revealed to any person except as follows:
(1) To the customer named on the account in person.
(2) To a third party who has a verified written authorization, such as a power of attorney, from the customer.
(3) When any third-party requests confidential information, a copy of the original written authorization allowing release of the information to the requestor shall be maintained by the Utility Department and the name, address, and social security number of the requestor shall be provided. The identity of the third party shall be verified with a photo ID to be sure the person named in the authorization is the same person requesting the information.
(4) Pursuant to a court order or subpoena.
(5) Information authorized or allowed by statutes or laws of the United States or the State of Indiana to be accessible to the public upon proper request.
(F) Red flags.
(1) These are activities observed by Utility Department employees that may indicate a potential for identity theft of a customer’s information or the use of the fruits of an identity theft to establish an account or to pay a customer’s account.
(a) A request for confidential information of a customer by someone not authorized to receive that information.
(b) An attempt to pay an account in an unusual way such as a third-party check.
(c) An attempt to open an account in someone else’s name or without proper identification. This would include identification documents that appear to be altered; or don’t match the applicant.
(d) Customer is unable to provide all of the required information and proof of identity.
(2) Policy when red flags are observed:
(a) Do not open the account until red flag issues are clarified.
(b) Report any unauthorized requests for information to the proper authorities.
(c) Report any suspected identity theft or use of materials from an identity to the proper authorities.
(d) Copy any suspicious materials provided to the Department in support of identifying a customer, a request to open an account, or attempts to pay an account and provide them to the proper authorities for investigation.
(G) Periodic review. These policies shall be reviewed annually by the Board of Works.
(Ord. 1782, passed 11-6-23)