(A) All paper documents or files, as well as CDs, floppy disks, zip drives, tapes, and backups containing personally identifiable customer information (such as name, social security number, date of birth, driver’s license number, alien registration number, passport number, employer tax identification number, and the like) will be stored in a locked file cabinet or cabinets. File cabinets containing personally identifiable customer information will be stored in a locked room. The Town Administrator and Clerk-Treasurer will control keys to the file cabinet and room and will only distribute keys to those employees of the utility with a legitimate need for such customer information.
(B) Personal identifying customer information will be kept in locked file cabinets except when an employee is working on the file. Employees are not to leave such information on their desks in plain view when they are away from their workstations. At the end of the day, employees will put files containing personally identifiable customer information away in locked file cabinets. To the extent the utility maintains personal identifying customer information in offsite storage facilities, access to such facilities will be limited to employees needing access to such information and visits to such facilities shall be documented.
(C) Visitors who visit the utility’s offices and who must enter areas where personally identifiable customer information or other sensitive information is kept shall be escorted by an employee of the utility.
(D) The utility shall take appropriate measures to assure that personal identifying customer information contained on computers in the utility’s offices or on laptops of the utility will be reasonably protected (e.g., passwords, encryption, firewalls and the like).
(Ord. 1046, passed 2-3-08)