Loading...
Access to utility account information shall be limited to employees that provide customer service and technical support to the city’s utilities. Any computer that has access to utility customer account or personal identifying information shall be password protected and all computer screens shall lock after not more than 15 minutes of inactivity. All paper and non-electronic based utility account or customer personal identifying information shall be stored and maintained in a locked room or cabinet and access shall only be granted by the Compliance Officer or his or her designee, or in the alternative shall be scanned for secure, password protected, digital storage, and then shredded.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
In the event credit cards are added as a payment option for utility accounts, all internet or telephone credit card payments shall only be processed through a third party service provider which certifies that it has an identity theft prevention program operating and in place. Credit card payments accepted in person shall require a reasonable connection between the person or entity billed for the utility services and the credit card owner.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
Suspicious transactions include but are not limited to the presentation of incomplete applications; unsigned applications; payment by someone other than the person named on the utility account; presentation of inconsistent signatures, addresses or identification. Suspicious transactions shall not be processed and shall be immediately referred to the Compliance Officer.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
The Executive Director of the Water and Sewer Department shall use his or her discretion on whether to report suspicious transactions to the Police Department or other appropriate law enforcement.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
All transactions process through a third party service provider shall be permitted only if the service provider certifies that is has complied with the FTC regulations and has in place a consumer identity theft prevention program.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
The “Compliance Officer” for this ITPP and chapter shall be the Mayor or his or her designee. The Compliance Officer shall conduct training of all city utility employees that transact business with customers of the city’s utilities. The Compliance Officer shall periodically review this program and recommend any necessary updates to the City Council.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)
An annual report, as required by the FTC regulations, shall be provided by the Water and Sewer Department Superintendent/Director to the Mayor and City Council. The contents of the annual report shall address and/or evaluate at least the following:
(A) The effectiveness of the policies and procedures of the city in addressing the risk of identity theft in connection with the opening of utility accounts and with respect to access to existing utility accounts;
(B) Software, credit card processing, and service provider arrangements;
(C) Any incidents involving identity theft, or suspected identity theft, with utility accounts and the city’s remedial response;
(D) Any changes, or proposed changes, in methods to identify identity theft and/or to prevent identity theft; and
(E) Any recommendations for changes or modifications to the city’s ITPP.
(Ord. 2008-12-327, passed 12-2-08; Am. Ord. 2013-05-423, passed 5-7-13)