[HISTORY: Adopted by the Common Council of the City of St.
Francis as indicated in article histories. Amendments noted where
applicable.]
[Adopted 4-2-2014 by Ord.
No. 1360]
This program is established in order to comply with Ch. 19,
Subchapter IV, of the Wisconsin Statutes[1] and, to the extent applicable, the Federal Fair and Accurate
Credit Transactions Act of 2003. This program is intended to establish
reasonable policies and procedures to:
A.
Develop
rules of conduct for City officials and employees who are involved
in collecting, maintaining, using, providing access to, sharing or
archiving personally identifiable information;
B.
Ensure
that City officials and employees know their duties and responsibilities
relating to protecting personal privacy, including applicable state
and federal laws;
C.
Identify
relevant indications that an identity theft is being perpetrated ("red
flags") for new and existing covered accounts, and incorporate those
red flags into the program;
D.
Detect
red flags that have been incorporated into the program;
E.
Respond
appropriately to any red flags that are detected to prevent and mitigate
identity theft; and
F.
Update
the program periodically to reflect changes in risks to customers
or to the safety and soundness of the City from identity theft.
[1]
Editor's Note: See § 19.62, Wis. Stats., et seq.
Employees at the City shall observe the following rules of conduct
concerning personally identifiable information. These rules shall
apply to any information that identifies a specific person by address,
telephone number, social security number, date of birth, government
passport number, employer or taxpayer identification number, e-mail
address or unique electronic identification number. Personally identifiable
information does not include a person's name for purposes of this
rule.
A.
Agendas
and minutes. Except when deemed reasonably necessary to apprise the
public of the subject of a meeting or actions taken, personally identifiable
information shall not be shown on meeting agendas or in meeting minutes.
B.
Internal
distribution. Except when deemed reasonably necessary to advise public
officials, City staff, employees or agents, personally identifiable
information shall not be distributed internally. The provisions of
this subsection shall not, however, be construed to authorize or require
any limitation on the distribution of any personally identifiable
information to any member of the City Police Department, Fire Department,
City Attorney's office, or the Municipal Court in the performance
of their duties.
D.
Public
information. Except when deemed reasonably necessary to properly advise
the public, personally identifiable information shall not be disclosed
on the City's website, in the City's newsletter, or in other public
information materials prepared and provided by the City.
City officials and employees shall check for red flags as indicators
of possible identity theft. Such red flags may include:
A.
Alerts
from consumer reporting agencies, fraud detection agencies or service
providers.
B.
Documents
provided for identification that appear to be altered or forged.
C.
Applications
that appear to have been altered or forged, or appear to have been
destroyed and reassembled.
D.
Applications
that appear to include a fictitious mailing address, mail drop addresses,
jail addresses, invalid phone numbers, page numbers or answering services.
E.
A social
security number provided that is the same as one submitted by other
applicants or customers.
F.
An applicant
or customer that fails to provide all required personal identifying
information on an application or in response to notification that
the application is incomplete.
G.
Personal
identifying information is not consistent with personal identifying
information that is on file.
H.
Mail sent
to a person is returned repeatedly as undeliverable although transactions
continued to be conducted in connection with such person's account.
I.
The City
is notified of unauthorized charges or transactions in connection
with a customer's account.
In order to detect any of the red flags identified above, City
personnel will take the following steps when it is reasonably possible
to do so:
In the event any City official and/or employee becomes aware
of red flags indicating possible identity theft, such employee shall
convey this information to the City Clerk. If, in his or her discretion,
the City Clerk deems that identity theft is unlikely or that reliable
information is available to reconcile red flags, the City Clerk may,
in his or her discretion, determine that no further action is necessary.
If the City Clerk determines that further action is necessary, the
City Clerk or his or her designee shall perform one or more of the
following responses:
The City Clerk is responsible for oversight of the program and
for program implementation. Any recommended material changes to the
program shall be submitted to the Common Council for consideration
and shall be subject to the Common Council’s approval.
The Common Council reserves the right to periodically review
this program and modify and update the program from time to time as
necessary by amendment to this chapter. In doing so, the City Board
shall consider the five following factors and exercise its discretion
in amending the program:
