(A) In the event utility personnel detect any identified red flags, such personnel shall take one or more of the following steps, depending on the degree of risk posed by the red flag:
(1) Continuing to monitor an account for evidence of identity theft by placing a red flag exists warning on the account;
(2) Creating a database to track past red flags;
(3) Contacting the customer;
(4) Changing any passwords or other security devices that permit access to accounts;
(5) Reopening an account with a new number;
(6) Not opening a new account;
(7) Closing an existing account;
(8) Notifying law enforcement;
(9) Determining that no response is warranted under the particular circumstances; or
(10) Notifying the Program Administrator (as defined below) for determination of the appropriate step(s) to take.
(B) In order to further prevent the likelihood of identity theft occurring with respect to utility accounts, the utility will take the following steps with respect to its internal operating procedures:
(1) Providing a secure website or clear notice that a website is not secure;
(2) Ensuring complete and secure destruction of paper documents and computer files containing customer information, including documentation of such destruction;
(3) Ensuring that office computers are password protected;
(4) Limiting access to accounts to only employees that require access;
(5) Prohibiting account information to be written on sticky pads or note pads;
(6) Ensuring that computer screens are only visible to the employee accessing the account; and
(7) Requiring customers to authenticate addresses and personal information, rather than account representatives asking if the information is correct.
(Prior Code, § 37.35) (Ord. 09-02, passed 4-20-2009)