§ 30.70 PROGRAM ADMINISTRATION.
   (A)   All utility managers are responsible for oversight of the program and for program implementation. All utility managers are responsible for reviewing reports prepared by staff regarding compliance with red flag requirements and with recommending material changes to the program, as necessary in the opinion of the manager, to address changing identity theft risks, and to identify new or discontinued types of covered accounts. Any recommended material changes to the program shall be submitted to the City Board of Public Works and Safety.
   (B)   The Utility Director will report to the City Board of Public Works and Safety at least annually on compliance with the red flag requirements. The report shall be due no later than December 31 each year and shall address material matters related to the program and evaluate issues, including, but not limited to:
      (1)   The effectiveness of the program policies and procedures in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts;
      (2)   Service provider arrangements;
      (3)   Significant incidents involving identity theft and management’s response; and
      (4)   Recommendations for material changes to the program.
   (C)   All managers are responsible for providing training to all employees responsible for or involved in opening a new covered account, restoring an existing covered account, or accepting payment for a covered account with respect to the implementation and requirements of the identity theft prevention program. Each Utility Manager shall exercise his or her discretion in determining the amount and substance of training necessary.
(Ord. 2009-9, passed 5-13-2009)