216.02  PURPOSE.
   (a)   The City adopts this sensitive information policy to help protect employees, customers, contractors and the City from damages related to the loss or misuse of sensitive information.
   (b)   This policy will:
      (1)   Define sensitive information;
      (2)   Describe the physical security of data when it is printed on paper;
      (3)   Describe the electronic security of data when stored and distributed; and
      (4)   Place the City in compliance with State and Federal law regarding identity theft protection.
   (c)   This policy enables the City to protect existing customers, reducing risk from identity fraud, and minimize potential damage to the City from fraudulent new accounts. The program will help the City:
      (1)   Identify risks that signify potentially fraudulent activity within new or existing covered accounts;
      (2)   Detect risks when they occur in covered accounts;
      (3)   Respond to risks to determine if fraudulent activity has occurred and act if fraud has been attempted or committed; and
      (4)   Update the program periodically, including reviewing the accounts that are covered and the identified risks that are part of the program.
(Res. 2008-R63.  Passed 11-25-08.)