(A) Prevention and mitigation. If city personnel detect any identified Red Flag, then, depending on the degree of risk posed by that Red Flag, the personnel must take one or more of the following steps:
(1) Continue to monitor the account for evidence of identity theft;
(2) Contact the customer;
(3) Change any passwords or other security devices that permit access to accounts;
(4) Refuse to open a new account;
(5) Close an existing account;
(6) Reopen an account with a new number;
(7) Notify the Program Administrator for a determination of the appropriate steps to take;
(8) Notify law enforcement; or
(9) Determine that no response is warranted under the particular circumstances.
(B) Protection of customer identifying information. In order to further prevent the likelihood of identity theft occurring with respect to city accounts, the city must take the following steps with respect to its internal operating procedures to protect customer identifying information:
(1) Ensure that its website is secure or provide clear notice that the website is not secure;
(2) Ensure the complete and secure destruction of paper documents and computer files containing customer information;
(3) Ensure that office computers are password protected and that computer screens lock after a set period of time;
(4) Keep offices clear of papers containing customer information;
(5) Ensure computer virus protection is up-to-date; and
(6) Require and keep only the kinds of customer information that are necessary for city purposes.
(Ord. 2010-15, passed 9-7-2010)