§ 51.60 OVERSIGHT OF SERVICE PROVIDER ARRANGEMENTS.
   The utility shall take steps to ensure that the activity of a service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft whenever the utility or utilities engage(s) a service provider to perform an activity in connection with one or more covered accounts. For example, if the utility determines to outsource business functions such as payroll, web hosting, customer call center operations, data process, or the like, the outsourcing company’s data security practices will be compared with the utility to assure adequate security measures are in place to detect, prevent and mitigate identity theft. Service providers shall be required to notify the utility of any security incidents they experience which might result in or create a risk of identity theft of any of the utility’s customers.
(Ord. 1046, passed 2-3-08)