(A) Responsibility for developing, implementing and updating this program lies with the City Administrator. The City Administrator will be responsible for the program administration, for ensuring appropriate training on the program, for reviewing reports regarding the detection of red flags and the steps for preventing and mitigating identity theft, determining which steps of prevention and mitigation should be taken in particular circumstances and considering periodic changes to the program.
(B) Initially, all city office staff shall be trained by the City Administrator in the detection of red flags, and the responsive steps to be taken when a red flag is detected. Thereafter, city office staff shall undergo update training as determined by the City Administrator. Additionally, all new city office staff employees shall undergo training.
(C) In the event the city engages a service provider to perform an activity in connection with one or more accounts, including, but not limited to, franchise utility providers, the city will take the following steps to ensure the service provider performs its activity in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft:
(1) Require, by contract or contract amendment, that service providers have such policies and procedures in place; and
(2) Require, by contract or contract amendment, that service providers review the city’s program and report any red flags to the City Administrator.
(D) For the effectiveness of identity theft prevention programs, a degree of confidentiality regarding the city’s specific practices relating to identity theft detection, prevention and mitigation. Therefore, under this program, knowledge of such specific practices are to be limited to those employees who need to know them for purposes of preventing identity theft. Because this program is to be adopted by a public body and thus publicly available, it would be counterproductive to list these specific practices here. Therefore, only the program’s general red flag detection, implementation and prevention practices are listed in this document.
(2012 Code, § 2-510)