[Amended 12-16-2008 by Ord. No. 08-12-2002]
This chapter is designed to identify and address the warning
signs that indicate potential identity theft in order to prevent the
misappropriation of identifying information in connection with the
opening and maintenance of certain utility accounts. The utility has
developed this chapter to comply with the Federal Trade Commission's
(FTC) red flag rules, implemented under Section 114 of the Fair and
Accurate Credit Transactions Act of 2003, pursuant to 16 CFR 681.2.
The Commission analyzed the utility's billing practices and concluded
the utility maintains covered accounts (as defined in the red flag
rules) and, consequently, must implement a written program to comply
with the red flag rules.
This chapter was developed with oversight and approval of the
Village Board and shall be implemented by senior management staff.
After consideration of the size and complexity of the utility's operations
and account systems, and the nature and scope of the utility's activities,
the Village Board determined that this chapter appropriately satisfies
the utility's obligation under the red flag rules and therefore approves
this chapter on December 16, 2008.
For purposes of this chapter:
ACCOUNT or COVERED ACCOUNT
(A)
A continuing relationship the utility has with an individual
through an account the utility offers or maintains primarily for personal,
family or household purposes, that involves multiple payments or transactions;
and
(B)
Any other account the utility offers or maintains for which
there is a reasonably foreseeable risk to customers or to the safety
and soundness of the utility from identity theft.
IDENTITY INFORMATION
Any name or number that may be used, alone or in conjunction
with any other information, to identify a specific person, and includes
name, address, telephone number, social security number, date of birth,
governmental issued driver's license number or other identification
number, alien registration number, government passport number, employer
or tax identification number, unique electronic identification number,
computer internet protocol address, and routing codes.
IDENTITY THEFT
Fraud committed using the identifying information of another
person.
RED FLAG
A pattern, practice, or specific activity that indicates
the possible existence of Identity Theft.
In order to identify relevant red flags, the utility considered,
and shall continue to consider, the following risk factors: i) the
types of covered accounts that it offers and maintains, ii) the method
it provides to open its covered accounts, iii) the methods it provides
to access its covered accounts, and iv) its previous experience with
identity theft. The utility incorporated relevant red flags from the
following sources: i) incidents of identity theft that the utility
has experienced, ii) methods of identity theft that the utility has
identified that reflect changes in identity theft risks, and iii)
applicable supervisory guidance. The utility identified the following
red flags, in each of the listed categories:
(A) Suspicious Documents.
(1)
Receiving documents provided for identification that appears
to be forged or altered;
(2)
A customer's photograph or physical description on an identification
is not consistent with the person presenting the documentation;
(3)
Receiving other documentation with information that is not consistent
with existing customer information, such as a signature or recent
check; and
(4)
Receiving an application for service that appears to have been
altered or forged, or gives the appearance of being destroyed and
reassembled.
(B) Suspicious Identifying Information.
(1)
A customer's identifying information is inconsistent with other
sources of identifying information;
(2)
A customer's identifying information is inconsistent with other
information the customer provides (such as inconsistent SSNs or birth
dates);
(3)
A customer's identifying information is the same as shown on
other applications found to be fraudulent;
(4)
A customer's identifying information is consistent with fraudulent
activity (such as an invalid phone number or fictitious billing address);
(5)
A customer's SSN is the same as another customer's SSN;
(6)
A customer's address or phone number is the same as that of
another person;
(7)
A customer fails to provide complete personal identifying information
on an application when reminded to do so; and
(8)
A customer's identifying information is not consistent with
the information that is on file for the customer.
(C) Unusual Use of, or Suspicious Activity Related to, a Covered Account.
(1)
A request to change the account holder's name or add other parties
is received shortly after a change of address for an account;
(2)
A new account is used in a manner consistent with fraud (such
as the customer failing to make the first payment, or making the initial
payment and no other payments);
(3)
An account being used in a way that is not consistent with prior
use (such as late or no payments when the account has been timely
in the past);
(4)
Mail sent to the account holder is repeatedly returned as undeliverable;
(5)
The utility receives notice that a customer is not receiving
paper statements;
(6)
The utility receives notice that an account has unauthorized
activity;
(7)
The utility's computer system is breached; and
(8)
Unauthorized access to or use of customer account information.
(D) Notice Regarding Possible Identity Theft. The utility receives notice
from a customer, a victim of identity theft, law enforcement authority
or any other person regarding possible identity theft in connection
with a covered account.
This chapter will be periodically reviewed and updated to reflect
changes in risks to customers and soundness of the utility from identity
theft. At least once per year, the program administrator will consider
the utility's experiences with identity theft situation, changes in
identity theft methods, changes in identity theft detection and prevent
methods, changes in types accounts the utility maintains and changes
in the utility's business arrangements with other entities. After
considering these factors, the program administrator will determine
whether changes to this chapter, including the listing of red flags,
are warranted. If warranted, the program administrator will present
the Village Board with recommended changes and the Village Board will
make a determination of whether to accept, modify or reject those
changes to this chapter.
[Amended 5-17-2011 by Ord. No. 2011-05-01]
As required by the Illinois Identity Protection Act of 2010, there is hereby adopted in the Village of Brownstown the privacy policy as stated in the attached document entitled "Chapter
22, Article
II: Use of Social Security Numbers" with regard to the collection, use, and communication of an individual's social security number by employees, officials, contractors and/or subcontractors of the Village which is hereby adopted by reference as if fully set forth herein.
The privacy policy adopted in this article and chapter shall
be subject to amendment from time to time by the Village Board as
the Village Board shall deem necessary in its sole discretion in order
to maintain the Village's compliance with the Illinois Identity Protection
Act as now or hereafter amended. (see Addendum A).