(A) All detections or suspicious red flags shall be reported to the Clerk-Treasurer. Any employee that may suspect fraud or detect a red flag will implement the following response, as applicable:
(1) Ask applicant for additional documentation;
(2) Any utility employee who becomes aware of a suspected or actual fraudulent use of a customer or potential customers identity must notify the Clerk-Treasurer;
(3) Notify law enforcement: The utility will notify the Police Department at 317-831-3434 of any attempted or actual identity theft;
(4) Do not open the account;
(5) Close the account; and/or
(6) Do not attempt to collect against the account, but notify authorities.
(B) The town adopts the following security procedures.
(1) Paper documents, files and electronic media containing secure information will be stored in locked file cabinets.
(2) Employees will not leave sensitive papers out on their desks when they are away from their workstations.
(3) Employees will store files when leaving their work areas.
(4) Employees will log off their computers when leaving their work areas.
(5) Visitors who must enter areas where sensitive files are kept must be escorted by an employee of the town.
(6) No visitor will be given any entry codes or allowed unescorted access to the office.
(7) Access to sensitive information will be controlled using passwords. Employees will choose passwords with a mix of letters, numbers and characters. User names and passwords will be different. Passwords will be changed at least monthly.
(8) Passwords will not be shared or posted near workstations.
(9) Anti-virus and anti-spyware programs will be run on individual computers and on servers regularly.
(10) When installing new software, vendor supplied default passwords will be changed.
(11) The computer network will have a firewall where the network connects to the internet.
(12) References will be checked and background checks will be done before hiring employees who will have access to sensitive data.
(13) Access to a customer’s personal identity information will be limited to employees with a “need to know.”
(14) Procedures will be developed to ensure that workers who leave the employ of the town or transfer to another department no longer have access to sensitive information.
(15) Employees will be trained on a regular basis (twice per year).
(16) Employees will be alert to attempts at phone phishing.
(17) Paper records will be shredded before being placed into the trash.
(18) Any data storage media will be disposed of by shredding, punching holes in or incineration.
(Ord. 16, 2010, passed - -)