The utilities shall take steps to ensure that the activity of a service provider is conducted in accordance with reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft whenever the utility or utilities engage(s) a service provider to perform an activity in connection with one or more covered accounts. For example, if the utilities determine to outsource business functions such as payroll, web hosting, customer call center operations, data process, or the like, the outsourcing company’s data security practices will be compared with the utilities to assure adequate security measures are in place to detect, prevent and mitigate identity theft. Service providers shall be required to notify the utilities of any security incidents they experience which might result in or create a risk of identity theft of any of the utilities’ customers.
(Ord. No. 1752, § 1, 4-22-09)