214.04   IDENTITY THEFT PROGRAM.
   (a)   Generally. After the effective date of this section, Borough Council shall formally recognize a Privacy Committee, whose membership shall be in accordance with the recommendations set below. The Borough Council will also establish and recognize the position of Privacy Officer as defined below.
   (b)   Definitions.
      (1)   “Creditor” means any person who regularly extends, renews, or continues credit, any assignee of an original creditor who participates in the decision to extend, renew, or continue credit.
      (2)   “Fact Act” is the Fair and Accurate Credit Transactions Act, which is an amendment of the Fair Credit Act
      (3)   “Identity theft” includes, but is not limited to, FTC's regulation, which as currently drafted provides that the term “identity theft” means a fraud committed or attempted using the identifying information of another person without authority.
      (4)   “Person” means any person, syndicate, associate, partnership, firm, corporation, institution, agency, authority, or any entity recognized by law as the subject of rights and duties.
      (5)   “Privacy Committee” means a group consisting of two or more persons, who will meet quarterly with the Privacy Officer to develop and maintain an identity theft program. Members designated to the Privacy Committee shall be persons who have day-to-day access to personal information of Borough customers and personnel. Committee members should not be elected officials, or persons with litigation issues with the Borough.
      (6)   “Privacy Officer” means an individual who should be well established in the community, not new to the utility of area.
   (c)   Program.
      (1)   The Privacy Officer and Privacy Committee shall meet two times prior to November 1, 2008, and quarterly over the subsequent years. The Privacy Officer and Privacy Committee shall be responsible for establishing and maintaining a written privacy program. Beginning with an initial evaluation of current procedures, outlining and documentation of a formal program, and employee training.
      (2)   The Privacy Officer and Privacy Committee will be responsible for providing Council with an annual report on the establishment, progress and effectiveness of the program.
      (3)   The Privacy Officer shall as needed be authorized to make ongoing changes to the aforementioned program, to minimize the risk of loss of personal information.
   (d)   Nothing in this section shall limit, in any fashion whatsoever, the Borough's rights to enforce any ordinance, resolution or Law of the Borough of Ellwood City or Commonwealth of Pennsylvania. Nothing in this section shall be a defense of any citation issued by any municipal corporation or the Commonwealth pursuant to any other law, ordinance or resolution.
(Res. 2008-16. Passed 10-20-08.)