§ 38.07 PROTECTING CUSTOMER INFORMATION.
   Employees shall work to protect customer information from being disclosed outside of Whiteland Utilities. The following procedures should be followed to ensure customer information is protected, but shall not foreclose an employee from using other steps to protect customer specific information:
   (A)   Customer information will be entered into Whiteland Utilities' computer system with paper copies destroyed in a manner that limits the ability of the information to be used by those outside of Whiteland Utilities.
   (B)   Any paper documents, files and electronic media containing secure information will be stored in secure areas.
   (C)   Files containing personally identifiable information are kept in secure areas except when an employee is working on the file.
   (D)   Employees will not leave sensitive papers out on their desks when they are away from their workstations.
   (E)   Employees log off their computers when leaving their areas.
   (F)   Any sensitive information shipped using outside carriers or contractors will be encrypted.
   (G)   Visitors will be escorted through secure areas and no visitor will be provided entry codes.
   (H)   Passwords will not be shared or posted near work stations.
   (I)   Anti-virus and anti-spyware programs will be run on individual computers and on servers daily.
   (J)   When sensitive data is received or transmitted, secure connections will be used.
   (K)   Computer passwords will be required.
   (L)   Laptop users will not store sensitive information on their laptops.
   (M)   Access to customer's personal identity information is limited to employees with a "need to know."
   (N)   Any access to public records request seeking sensitive data will be directed through an attorney representing Whiteland Utilities to determine how Indiana or federal law protects the disclosure of the information.
(Res. 09-4, passed 10-13-09)