(a) Oversight of the Program shall include:
(1) Review of reports prepared by staff regarding compliance; and
(2) Approval of material changes to the Program as necessary to address changing risks of identity theft.
(b) Reports shall be prepared as follows:
(1) Staff responsible for development, implementation and administration of the Program shall report to the Finance Director and the Service Manager at least annually on compliance by the organization with the Program.
(2) The report shall address material matters related to the Program and evaluate issues such as:
A. The effectiveness of the policies and procedures in addressing the risk of identity theft in connection with the opening of covered accounts and with respect to existing covered accounts;
B. Service provider agreements;
C. Significant incidents involving identity theft and management's response; and
D. Recommendations for material changes to the Program.
(Ord. 2009-20. Passed 5-19-09.)