§ 36.091 RISK ASSESSMENT/IDENTIFYING RELEVANT RED FLAGS.
   (A)   While the overall risk of identity theft involving the village appears low, the village will focus on detection and prevention from identity theft on the following covered accounts: accounts to individual customers; all of the village’s accounts that are individual utility service accounts held by customers of the utility whether residential, commercial or industrial; any account the village offers or maintains primarily for personal, family or household purposes that involves multiple payments or transactions; and any other account for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the village from identity theft, as well as automatic deposits to the accounts of the village employees. There will be a periodic review to determine if the covered accounts are still accurate due to any changes such as changes of address or other changes which may occur relating to an account.
   (B)   Each type of covered account will be examined and reviewed for relevant red flags in part by considering:
      (1)   The methods provided to open covered accounts;
      (2)   The methods provided to access covered accounts; and
      (3)   Previous experiences with identity theft.
   (C)   As part of the process, the village will consider the relevant red flags provided by the regulatory guidance, as well as incidents of identity theft that the village and/or the village customers have experienced and applicable supervisory guidance.
(2009 Code, § 22-1-2)