(a) These procedures shall supplant and take precedence over any existing practices, rules or regulations (formal or informal) which are inconsistent therewith. Employees of the City shall be required to comply with the procedures in the same fashion as all other rules and regulations which govern public operations by City officials or employees.
(b) The City shall maintain copies of the procedures at the City Utility Office and provide each employee of the City Utility Office a copy to familiarize themselves with the policies and procedures of this Identity Theft Policy.
(c) The municipality adopts this sensitive information policy to help protect employees, customers, contractors, third party service providers and the municipality from damages related to the loss or misuse of sensitive information.
This policy will:
(1) Define sensitive information;
(2) Describe the physical security of data when it is printed on paper;
(3) Describe the electronic security of data when stored and distributed; and
(4) Place the municipality in compliance with state and federal law regarding identity theft protection.
(d) This policy enables the Municipality to protect existing customers, reducing risk from identity fraud, and minimize potential damage to the municipality from fraudulent new accounts. The program will help the municipality:
(1) Identify risks that signify potentially fraudulent activity within new or existing covered accounts;
(2) Detect risks when they occur in covered accounts;
(3) Respond to risks to determine if fraudulent activity has occurred and act if fraud has been attempted or committed; and
(4) Update the program periodically, including reviewing the accounts that are covered and the identified risks that are part of the program.
(e) This policy and protection program applies to employees, contractors, consultants, temporary workers, and other workers at the municipality, including all personnel affiliated with third parties.
(f) Municipal personnel are encouraged to use common sense judgment in securing confidential information to the proper extent. Furthermore, this section should be read in conjunction with the Ohio Public Records Act and the municipality’s open records policy. If an employee is uncertain of the sensitivity of a particular piece of information, he/she should contact their supervision. In the event that the municipality cannot resolve a conflict between this policy and the Ohio Public Records Act, the municipality will consult with legal counsel.
(Ord. 2011-5. Passed 1-4-11.)