[HISTORY: Adopted by the Board of Trustees of the Village
of Westville as indicated in article histories. Amendments noted where
applicable.]
[Adopted 2-24-2009 by Ord. No. 09-1387 (Ch. 22, Art. I, of the 2015 Code)]
The purpose of this Identity Theft Prevention Program (Program)
is to protect customers of the municipality's utility services from
identity theft. The Program is intended to establish reasonable policies
and procedures to facilitate the detection, prevention and mitigation
of identity theft in connection with the opening of new covered accounts
and activity on existing covered accounts.
This Program applies to the creation, modification and access
to identifying information of a customer of one or more of the utilities
operated by the municipality (electric, natural gas, water and wastewater)
by any and all personnel of the municipality, including management
personnel. This Program does not replace or repeal any previously
existing policies or programs addressing some or all of the activities
that are the subject of this Program, but rather it is intended to
supplement any such existing policies and programs.
A. When used in this Program, the following terms have the meanings
set forth herein, unless the context clearly requires that the term
be given a different meaning:
COVERED ACCOUNT
An account that the municipality offers or maintains, primarily
for personal, family or household purposes, that involves or is designed
to permit multiple payments of transactions. [16 CFR 681.1(b)(3)(i)]
A utility account is a "covered account." The term "covered account"
also includes other accounts offered or maintained by the municipality
for which there is a reasonably foreseeable risk to customers, the
municipality or its customers from identity theft. [16 CFR 681.1(b)(3)(ii)]
[Amended at time of adoption of Code (see Ch. 1, General
Provisions, Art. I)]
IDENTIFYING INFORMATION
Any name or number that may be used, alone or in conjunction
with any other information, to identify a specific person, including
any name, social security number, date of birth, official state or
government-issued driver's license or identification number, alien
registration number, government passport number, employer or taxpayer
identification number. Additional examples of identifying information
are set forth in 16 CFR 1022.3(h).
[Amended at time of adoption of Code (see Ch. 1, General
Provisions, Art. I)]
IDENTITY THEFT
A fraud committed or attempted using the identifying information
of another person without authority. [16 CFR 681.1(b)(8) and 16 CFR
603.1(a)]
[Amended at time of adoption of Code (see Ch. 1, General
Provisions, Art. I)]
RED FLAG
A pattern, practice or specific activity that indicates the
possible existence of identity theft.
B. Certain terms used but not otherwise defined herein shall have the
meanings given to them in the FTC's Identity Theft Rules (16 CFR Part
681) or the Fair Credit Reporting Act of 1970 (15 U.S.C. § 1681
et seq.), as amended by the Fair and Accurate Credit Transactions
Act of 2003, enacted into law on December 4, 2003. (Public Law 108-159)
A. The initial adoption and approval of the Identity Theft Prevention
Program shall be by ordinance of the Village Board of Trustees. Thereafter,
changes to the Program of a day-to-day operational character and decisions
relating to the interpretation and implementation of the Program may
be made by the Village President (Program Administrator). Major changes
or shifts of policy positions under the Program shall only be made
by the Board of Trustees.
[Amended at time of adoption of Code (see Ch. 1, General
Provisions, Art. I)]
B. Development, implementation, administration and oversight of the
Program will be the responsibility of the Program Administrator. The
Program Administrator may, but shall not be required to, appoint a
committee to administer the Program. The Program Administrator shall
be the head of any such committee. The Program Administrator will
report at least annually to the Village Board of Trustees regarding
compliance with this Program.
[Amended at time of adoption of Code (see Ch. 1, General
Provisions, Art. I)]
C. Issues to be addressed in the annual Identity Theft Prevention Report
include:
(1) The effectiveness of the policies and procedures in addressing the
risk of identity theft in connection with the opening of new covered
accounts and activity with respect to existing covered accounts.
(2) Service provider arrangements.
(3) Significant incidents involving identity theft and management's response.
(4) Recommendations for material changes to the Program, if needed for
improvement.
The municipality has considered the guidelines and the illustrative
examples of possible red flags from the FTC's Identity Theft Rules
and has reviewed the municipality's past history with instances of
identity theft, if any. The municipality hereby determines that the
following are the relevant red flags for purposes of this Program
given the relative size of the municipality and the limited nature
and scope of the services that the municipality provides to its citizens:
A. Alerts, notifications, or other warnings received from consumer reporting
agencies or service providers.
(1) A fraud or active duty alert is included with a consumer report or
an identity verification response from a credit reporting agency.
(2) A consumer reporting agency provides a notice of credit freeze in
response to a request for a consumer report.
(3) A consumer reporting agency provides a notice of address discrepancy,
as defined in Section 681.1(b) of the FTC's Identity Theft Rules.
(4) A consumer report indicates a pattern of activity that is inconsistent
with the history and usual pattern of activity of an applicant or
customer, such as:
(a)
A recent and significant increase in the volume of inquiries;
(b)
An unusual number of recently established credit relationships;
(c)
A material change in the use of credit, especially with respect
to recently established credit relationships; or
(d)
An account that was closed for cause or identified for abuse
of account privileges by a financial institution or creditor.
B. The presentation of suspicious documents.
(1) Documents provided for identification appear to have been altered
or forged.
(2) The photograph or physical description on the identification is not
consistent with the appearance of the applicant or customer presenting
the identification.
(3) Other information on the identification is not consistent with information
provided by the person opening a new covered account or customer presenting
the identification.
(4) Other information on the identification is not consistent with readily
accessible information that is on file with the municipality, such
as a signature card or a recent check.
(5) An application appears to have been altered or forged, or gives the
appearance of having been destroyed and reassembled.
C. The presentation of suspicious personal identifying information,
such as a suspicious address change.
(1) Personal identifying information provided is inconsistent when compared
against external information sources used by the municipality. For
example:
(a)
The address does not match any address in the consumer report
or CRA ID Check response; or
(b)
The social security number (SSN) has not been issued, or is
listed on the Social Security Administration's Death Master File.
(2) Personal identifying information provided by the customer is not
consistent with other personal identifying information provided by
the customer. For example, there is a lack of correlation between
the SSN range and date of birth.
(3) Personal identifying information provided is associated with known
fraudulent activity as indicated by internal or third-party sources
used by the municipality. For example:
(a)
The address on an application is the same as the address provided
on a fraudulent application; or
(b)
The phone number on an application is the same as the number
provided on a fraudulent application.
(4) Personal identifying information provided is of a type commonly associated
with fraudulent activity as indicated by internal or third-party sources
used by the municipality. For example:
(a)
The billing address on an application is fictitious, a mail
drop, or a prison; or
(b)
The phone number is invalid, or is associated with a pager or
answering service.
(5) The SSN provided is the same as that submitted by other persons opening
an account or other customers.
(6) The address or telephone number provided is the same as or similar
to the account number or telephone number submitted by an unusually
large number of other persons opening accounts or other customers.
(7) The person opening the covered account or the customer fails to provide
all required personal identifying information on an application or
in response to notification that the application is incomplete.
(8) Personal identifying information provided is not consistent with
personal identifying information that is on file with the municipality.
(9) If the municipality uses challenge questions, the person opening
the covered account or the customer cannot provide authenticating
information beyond that which generally would be available from a
wallet or consumer report.
D. The unusual use of, or other suspicious activity related to, a covered
account.
(1) Shortly following the notice of a change of address for a covered
account, the municipality receives a request for the addition of authorized
users on the account.
(2) A new utility account is used in a manner commonly associated with
known patterns of fraud. For example: the customer fails to make the
first payment or makes an initial payment but no subsequent payments.
(3) A covered account with a stable history shows irregularities.
(4) A covered account that has been inactive for a reasonably lengthy
period of time is used (taking into consideration the type of account,
the expected pattern of usage and other relevant factors).
(5) Mail sent to the customer is returned repeatedly as undeliverable
although usage of utility products or services continues in connection
with the customer's covered account.
(6) The municipality is notified that the customer is not receiving paper
account statements.
(7) The municipality is notified of unauthorized usage of utility products
or services in connection with a customer's covered account.
E. Notice of possible identity theft. The municipality is notified by
a customer, a victim of identity theft, a law enforcement authority,
or any other person that it has opened a fraudulent account for a
person engaged in identity theft.
A. The employees of the municipality that interact directly with customers
on a day-to-day basis shall have the initial responsibility for monitoring
the information and documentation provided by the customer and any
third-party service provider in connection with the opening of new
accounts and the modification of or access to existing accounts and
the detection of any red flags that might arise. Management shall
see to it that all employees who might be called upon to assist a
customer with the opening of a new account or with modifying or otherwise
accessing an existing account are properly trained such that they
have a working familiarity with the relevant red flags identified
in this Program so as to be able to recognize any red flags that might
surface in connection with the transaction. An employee who is not
sufficiently trained to recognize the red flags identified in this
Program shall not open a new account for any customer, modify any
existing account or otherwise provide any customer with access to
information in an existing account without the direct supervision
and specific approval of a management employee. Management employees
shall be properly trained such that they can recognize the relevant
red flags identified in this Program and exercise sound judgment in
connection with the response to any unresolved red flags that may
present themselves in connection with the opening of a new account
or with modifying or accessing of an existing account. Management
employees shall be responsible for making the final decision on any
such unresolved red flags.
B. The Program Administrator shall establish from time to time a written
policy setting forth the manner in which a prospective new customer
may apply for service, the information and documentation to be provided
by the prospective customer in connection with an application for
a new utility service account, the steps to be taken by the employee
assisting the customer with the application in verifying the customer's
identity and the manner in which the information and documentation
provided by the customer and any third-party service provider shall
be maintained. Such policy shall be generally consistent with the
spirit of the Customer Identification Program rules (31 CFR 103.121)
implementing Section 326(a) of the USA PATRIOT Act but need not be
as detailed. The Program Administrator shall establish from time to
time a written policy setting forth the manner in which customers
with existing accounts shall establish their identity before being
allowed to make modifications to or otherwise gain access to existing
accounts.
A. If the responsible employees of the municipality as set forth in
the previous section are unable, after making a good faith effort,
to form a reasonable belief that they know the true identity of a
customer attempting to open a new account or modify or otherwise access
an existing account based on the information and documentation provided
by the customer and any third-party service provider, the municipality
shall not open the new account or modify or otherwise provide access
to the existing account as the case may be. Discrimination in respect
to the opening of new accounts or the modification or access to existing
accounts will not be tolerated by employees of the municipality and
shall be grounds for immediate dismissal.
B. The Program Administrator shall establish from time to time a written
policy setting forth the steps to be taken in the event of an unresolved
red flag situation. Consideration should be given to aggravating factors
that may heighten the risk of identity theft, such as a data security
incident that results in unauthorized access to a customer's account,
or a notice that a customer has provided account information to a
fraudulent individual or website. Appropriate responses to prevent
or mitigate identity theft when a red flag is detected include:
(1) Monitoring a covered account for evidence of identity theft.
(3) Changing any passwords, security codes, or other security devices
that permit access to a covered account.
(4) Reopening a covered account with a new account number.
(5) Not opening a new covered account.
(6) Closing an existing covered account.
(7) Not attempting to collect on a covered account or not selling a covered
account to a debt collector.
(8) Notifying law enforcement.
(9) Determining that no response is warranted under the particular circumstances.
Utility accounts for personal, family and household purposes
are specifically included within the definition of "covered account"
in the FTC's Identity Theft Rules. Therefore, the municipality determines
that with respect to its residential utility accounts it offers and/or
maintains covered accounts. The municipality also performed an initial
risk assessment to determine whether the utility offers or maintains
any other accounts for which there are reasonably foreseeable risks
to customers or the utility from identity theft. In making this determination
the municipality considered the methods it uses to open its accounts,
the methods it uses to access its accounts, and its previous experience
with identity theft, and it concluded that it does not offer or maintain
any such other covered accounts.
The Program, including relevant red flags, is to be updated
as often as necessary but at least annually to reflect changes in
risks to customers from identity theft. Factors to consider in the
Program update include:
A. An assessment of the risk factors identified above.
B. Any identified red flag weaknesses in associated account systems
or procedures.
C. Changes in methods of identity theft.
D. Changes in methods to detect, prevent, and mitigate identity theft.
E. Changes in business arrangements, including mergers, acquisitions,
alliances, joint ventures, and service provider arrangements.
All staff and third-party service providers performing any activity
in connection with one or more covered accounts are to be provided
appropriate training and receive effective oversight to ensure that
the activity is conducted in accordance with policies and procedures
designed to detect, prevent, and mitigate the risk of identity theft.
[Adopted as Ch. 22, Art. II, of the 2015 Code]
[NOTE: This policy is enacted to comply with Public Act 096-9874
of the State of Illinois, cited as the Identity Protection Act and
codified as Title 30, Act 5, Section 1 et seq., as now or hereafter
amended.]
As used in this article, the following terms shall have the
meanings indicated:
PERSON
Any individual in the employ of the Village.
SOCIAL SECURITY NUMBER
The nine-digit number assigned to an individual by the United
States Social Security Administration for the purposes authorized
or required under the United States Social Security Act of August
14, 1935, as amended (Public Law 74-271).
A. No officer or employee of the Village shall do any of the following:
(1) Publicly post or publicly display in any manner an individual's social
security number.
(2) Print an individual's social security number on any card required
for the individual to access products or services provided by the
person or entity.
(3) Require an individual to transmit his or her social security number
over the internet, unless the connection is secure or the social security
number is encrypted.
(4) Print an individual's social security number on any materials that
are mailed to the individual, through the United States Postal Service,
any private mail service, electronic mail, or a similar method of
delivery, unless Illinois or federal law requires the social security
number to be on the document to be mailed. Notwithstanding any provision
in this section to the contrary, social security numbers may be included
in applications and forms sent by mail, including, but not limited
to, any material mailed in connection with the administration of the
Illinois Unemployment Insurance Act, any material mailed in connection
with any tax administered by the Illinois Department of Revenue, and
documents sent as part of an application or enrollment process or
to establish, amend, or terminate an account, contract, or policy
or to confirm the accuracy of the social security number. A social
security number that may permissibly be mailed under this section
may not be printed, in whole or in part, on a postcard or other mailer
that does not require an envelope or be visible on an envelope without
the envelope having been opened.
B. Except as otherwise provided in this policy, beginning immediately
on the effective date of the Village's authorizing ordinance, no officer
or employee of the Village shall do any of the following:
(1) Collect, use, or disclose a social security number from an individual,
unless:
(a)
Required to do so under state or federal law, rules, or regulations,
or the collection, use, or disclosure of the social security number
is otherwise necessary for the performance of that agency's duties
and responsibilities;
(b)
The need and purpose for the social security number is documented
before collection of the social security number; and
(c)
The social security number collected is relevant to the documented
need and purpose.
(2) Require an individual to use his or her social security number to
access an internet website.
(3) Use the social security number for any purpose other than the purpose
for which it was collected.
C. The prohibitions in Subsection
B do not apply in the following circumstances:
(1) The disclosure of social security numbers to agents, employees, contractors,
or subcontractors of the Village or disclosure to another governmental
entity or its agents, employees, contractors, or subcontractors if
disclosure is necessary in order for the entity to perform its duties
and responsibilities; and, if disclosing to a contractor or subcontractor,
prior to such disclosure, the officer or employee of the Village must
first receive from the contractor or subcontractor a copy of the contractor's
or subcontractor's policy that sets forth how the requirements imposed
under this policy of the Village to protect an individual's social
security number will be achieved.
(2) The disclosure of social security numbers pursuant to a court order,
warrant, or subpoena.
(3) The collection, use, or disclosure of social security numbers in
order to ensure the safety of: Village employees; persons committed
to correctional facilities, local jails, and other law enforcement
facilities or retention centers; wards of the state; youth in care
as defined in Section 4d of the Children and Family Services Act (20
ILCS 505/4d); and all persons working in or visiting a Village facility.
[Amended at time of adoption of Code (see Ch. 1, General
Provisions, Art. I)]
(4) The collection, use, or disclosure of social security numbers for
internal verification or administrative purposes.
(5) The collection or use of social security numbers to investigate or
prevent fraud, to conduct background checks, to collect a debt, to
obtain a credit report from a consumer reporting agency under the
federal Fair Credit Reporting Act, to undertake any permissible purpose
that is enumerated under the federal Gramm Leach Bliley Act, or to
locate a missing person, a lost relative, or a person who is due a
benefit such as a pension benefit or an unclaimed property benefit.
D. If any standards of the Village for the collection, use, or disclosure
of social security numbers are stricter than the standards under this
policy with respect to the protection of those social security numbers,
then, in the event of any conflict with the provisions of this policy,
the stricter standards adopted by the Village shall control.
Notwithstanding any other provision of this policy to the contrary,
all officers and employees of the Village must comply with the provisions
of any other state law with respect to allowing the public inspection
and copying of information or documents containing all or any portion
of an individual's social security number. All officers and employees
of the Village must redact social security numbers from the information
or documents before allowing the public inspection or copying of the
information or documents.
A. This policy does not apply to the collection, use, or disclosure
of a social security number as required by state or federal law, rule,
or regulation.
B. This policy does not apply to documents that are required to be open
to the public under any state or federal law, rule, or regulation,
applicable case law, Supreme Court rule, or the Constitution of the
State of Illinois.
If a federal law takes effect requiring any federal agency to
establish a national unique patient health identifier program, the
Village shall follow that law.
Beginning immediately on the effective date of the Village's
authorizing ordinance, no officer or employee of the Village may encode
or embed a social security number in or on a card or document, including,
but not limited to, using a bar code, chip, magnetic strip, RFID technology,
or other technology, in place of removing the social security number
as required by this policy.
A. All officers, employees and agents of the Village identified as having
access to social security numbers in the course of performing their
duties shall be trained to protect the confidentiality of all social
security numbers. Training shall include instructions on the proper
handling of information that contains social security numbers from
the time of collection through the destruction of the information.
B. Only employees who are required to use or handle information or documents
that contain social security numbers shall have access to such information
or documents.
[Amended at time of adoption of Code (see Ch. 1, General
Provisions, Art. I)]
C. Social security numbers requested from an individual shall be provided
in a manner that makes the social security number easily redacted
if required to be released as part of a public records request.
D. When collecting a social security number or upon request by the individual,
a statement of the purpose or purposes for which the Village is collecting
and using the social security number shall be provided.
[Amended at time of adoption of Code (see Ch. 1, General
Provisions, Art. I)]
E. A written copy of this privacy policy, and any amendment thereto,
shall be filed with the Village Board within 30 days after approval
of this policy or any amendment thereto.
F. The Village shall advise its employees of the existence of the policy
and make a copy of this policy available to each employee, and shall
also make this privacy policy available to any member of the public,
upon request and at no charge for a single copy of this privacy policy.
If the Village amends this privacy policy, then the Village shall
also advise its employees of the existence of the amended policy and
make a copy of the amended policy available to each employee.
Any person who violates any portion of this article, as now
or hereafter amended, shall be subject to a fine of not less than
$100 for the first such violation and a fine of not less than $750
for each violation thereafter.
The privacy policy adopted in this article shall be subject
to amendment from time to time by the Village Board as the Village
Board shall deem necessary in its sole discretion in order to maintain
the Village's compliance with the Illinois Identity Protection Act
(5 ILCS 179/1 et seq.), as now or hereafter amended.
This policy does not supersede any more restrictive law, rule,
or regulation regarding the collection, use, or disclosure of social
security numbers.