A. The finance director is appointed the compliance administrator and is responsible for oversight of the program and for program implementation. The city manager is responsible for reviewing reports prepared by staff regarding compliance with red flag requirements and with recommending material changes to the program to address changing identity theft risks and to identify new or discontinued types of covered accounts. Any recommended material changes to the program shall be submitted to the city council for consideration.
B. The finance director will review the program in November 2009, and prepare a report for the city manager and the city council in May 2010. The report will address material matters related to the program and evaluate issues such as:
1. The effectiveness of its policies and procedures in addressing the risk of identity theft in connection with the covered accounts;
2. Service provider arrangements;
3. Significant incidents involving identity theft and management's response; and
4. Recommendations for material changes to the program.
Thereafter, the finance director shall report at least annually to the city manager on compliance with the identity theft prevention program.
C. The finance director is responsible for providing training to all employees responsible for or involved in opening a new covered account, restoring an existing covered account or accepting payment for a covered account with respect to the implantation and requirements of the identity theft prevention program. The finance director shall determine the amount and substance of training necessary. (Ord. 2009-12, 4-21-2009)