(a) The municipality adopts this sensitive information policy to help protect employees, customers, contractors and the municipality from damages related to the loss or misuse of sensitive information.
(b) This policy will:
(1) Define sensitive information;
(2) Describe the physical security of data when it is printed on paper;
(3) Describe the electronic security of data when stored and distributed; and
(4) Place the municipality in compliance with state and federal law regarding identity theft protection.
(c) This policy enables the municipality to protect existing customers, reducing risk from identity fraud, and minimize potential damage to the municipality from fraudulent new accounts. The program will help the municipality:
(1) Identify risks that signify potentially fraudulent activity within new or existing covered accounts;
(2) Detect risks when they occur in covered accounts;
(3) Respond to risks to determine if fraudulent activity has occurred and act if fraud has been attempted or committed; and
(4) Update the program periodically, including reviewing the accounts that are covered and the identified risks that are part of the program.
(Res. 2009-13. Passed 4-21-09.)