[HISTORY: Adopted by the Common Council of the City of St. Francis as indicated in article histories. Amendments noted where applicable.]
[Adopted 4-2-2014 by Ord. No. 1360]
This program is established in order to comply with Ch. 19, Subchapter IV, of the Wisconsin Statutes[1] and, to the extent applicable, the Federal Fair and Accurate Credit Transactions Act of 2003. This program is intended to establish reasonable policies and procedures to:
A. 
Develop rules of conduct for City officials and employees who are involved in collecting, maintaining, using, providing access to, sharing or archiving personally identifiable information;
B. 
Ensure that City officials and employees know their duties and responsibilities relating to protecting personal privacy, including applicable state and federal laws;
C. 
Identify relevant indications that an identity theft is being perpetrated ("red flags") for new and existing covered accounts, and incorporate those red flags into the program;
D. 
Detect red flags that have been incorporated into the program;
E. 
Respond appropriately to any red flags that are detected to prevent and mitigate identity theft; and
F. 
Update the program periodically to reflect changes in risks to customers or to the safety and soundness of the City from identity theft.
[1]
Editor's Note: See § 19.62, Wis. Stats., et seq.
Employees at the City shall observe the following rules of conduct concerning personally identifiable information. These rules shall apply to any information that identifies a specific person by address, telephone number, social security number, date of birth, government passport number, employer or taxpayer identification number, e-mail address or unique electronic identification number. Personally identifiable information does not include a person's name for purposes of this rule.
A. 
Agendas and minutes. Except when deemed reasonably necessary to apprise the public of the subject of a meeting or actions taken, personally identifiable information shall not be shown on meeting agendas or in meeting minutes.
B. 
Internal distribution. Except when deemed reasonably necessary to advise public officials, City staff, employees or agents, personally identifiable information shall not be distributed internally. The provisions of this subsection shall not, however, be construed to authorize or require any limitation on the distribution of any personally identifiable information to any member of the City Police Department, Fire Department, City Attorney's office, or the Municipal Court in the performance of their duties.
C. 
External disclosures. Except as required by Wisconsin’s Public Records Law[1] or other applicable laws, personally identifiable information shall not be released in response to public records requests.
[1]
Editor's Note: See § 19.31, Wis. Stats., et seq.
D. 
Public information. Except when deemed reasonably necessary to properly advise the public, personally identifiable information shall not be disclosed on the City's website, in the City's newsletter, or in other public information materials prepared and provided by the City.
City officials and employees shall check for red flags as indicators of possible identity theft. Such red flags may include:
A. 
Alerts from consumer reporting agencies, fraud detection agencies or service providers.
B. 
Documents provided for identification that appear to be altered or forged.
C. 
Applications that appear to have been altered or forged, or appear to have been destroyed and reassembled.
D. 
Applications that appear to include a fictitious mailing address, mail drop addresses, jail addresses, invalid phone numbers, page numbers or answering services.
E. 
A social security number provided that is the same as one submitted by other applicants or customers.
F. 
An applicant or customer that fails to provide all required personal identifying information on an application or in response to notification that the application is incomplete.
G. 
Personal identifying information is not consistent with personal identifying information that is on file.
H. 
Mail sent to a person is returned repeatedly as undeliverable although transactions continued to be conducted in connection with such person's account.
I. 
The City is notified of unauthorized charges or transactions in connection with a customer's account.
In order to detect any of the red flags identified above, City personnel will take the following steps when it is reasonably possible to do so:
A. 
Require submittal of complete applications.
B. 
Verify identity when necessary.
In the event any City official and/or employee becomes aware of red flags indicating possible identity theft, such employee shall convey this information to the City Clerk. If, in his or her discretion, the City Clerk deems that identity theft is unlikely or that reliable information is available to reconcile red flags, the City Clerk may, in his or her discretion, determine that no further action is necessary. If the City Clerk determines that further action is necessary, the City Clerk or his or her designee shall perform one or more of the following responses:
A. 
Notify law enforcement;
B. 
Contact the affected person;
C. 
Cease attempts to collect funds owed by the customer or affected person;
D. 
Notify the City's debt collector of the matter;
E. 
Notify all members of the City Board; or
F. 
Take other appropriate action to prevent identity theft.
The City Clerk is responsible for oversight of the program and for program implementation. Any recommended material changes to the program shall be submitted to the Common Council for consideration and shall be subject to the Common Council’s approval.
The Common Council reserves the right to periodically review this program and modify and update the program from time to time as necessary by amendment to this chapter. In doing so, the City Board shall consider the five following factors and exercise its discretion in amending the program:
A. 
The City's experience with identity theft;
B. 
Updates in methods of identity theft;
C. 
Updates in customary methods used to detect and prevent identity theft;
D. 
Updates in the types of accounts that the City offers and maintains; and
E. 
Updates in service provider arrangements.