If City of El Paso personnel detect any identified red flag,
then, depending on the degree of risk posed by that red flag, the
personnel must take one or more of the following steps:
A.
Continue to monitor the account for evidence of identity theft;
B.
Contact the customer;
C.
Change any passwords or other security devices that permit access
to the account;
D.
Refuse to open a new account;
E.
Close an existing account;
F.
Reopen an account with a new number;
G.
Notify the Program Administrator for a determination of the appropriate
steps to take;
H.
Notify law enforcement; or
I.
Determine that no response is warranted under the particular circumstances.
In order to further prevent the likelihood of identity theft
occurring with respect to City of El Paso accounts, the City of El
Paso must take the following steps with respect to its internal operating
procedures to protect customer identifying information:
A.
Ensure that its website is secure or provide clear notice that the
website is not secure;
B.
Ensure the complete and secure destruction of paper documents and
computer files containing customer information;
C.
Ensure that office computers are password protected and that computer
screens lock after a set period of time;
D.
Keep offices clear of papers containing customer information;
E.
Ensure computer virus protection is up-to-date; and
F.
Require and keep only the kinds of customer information that are
necessary for City of El Paso purposes.
