(a) 
A ruling known as the “identity theft red flags regulation” was jointly issued by the Federal Trade Commission, Office of Thrift Supervision and several other governing agencies (agencies), implemented section 114 of the Fair and Accurate Credit Transactions Act of 2003 (FACT Act) and is effective November 1, 2008.
(b) 
The identity theft red flags regulation requires financial institutions to develop and implement a written identity theft program to detect, prevent and diminish identity theft in connection with opening of certain accounts or existing accounts.
(c) 
Under the regulation only those financial institutions that offer or maintain covered accounts must develop and implement a written program. The term “covered account” means:
(1) 
An account primarily used for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions;
(2) 
Any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft.
(d) 
The agencies believe that accounts such as credit cards, mortgage loans, and cell phone, utility, checking, automobile loans and savings accounts are examples of accounts designed to permit multiple payments or transactions and also contain a reasonably foreseeable risk of identity theft.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. I), adopted 10/21/08; 2013 Code, sec. 60-50)
The purpose of this article is to ensure the city has a program in place to detect, prevent and diminish identity theft in connection with the opening of utility accounts and to establish written procedures for security and storing of personal information.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. II), adopted 10/21/08; 2013 Code, sec. 60-51)
This policy applies to all city employees and service providers that have access to utility billing records containing customers’ personal information that is submitted in person, by fax, by e-mail and over the internet.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. III), adopted 10/21/08; 2013 Code, sec. 60-52)
The following words, terms and phrases, when used in this article, shall have the meanings ascribed to them in this section, except where the context clearly indicates a different meaning:
Identifying information
means any name or number that may be used along or with any other information to identify a specific person, including the following:
(1) 
Name;
(2) 
Date of birth;
(3) 
Address;
(4) 
Telephone number;
(5) 
Government-issued driver’s license or ID number;
(6) 
Alien registration number;
(7) 
Government-issued passport number;
(8) 
Routing code;
(9) 
Tax identification number.
Identity theft
means a fraud committed using the identifying information of another person.
Red flags
means a pattern, practice or specific activity that indicates the possible risk of identity theft.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. IV), adopted 10/21/08; 2013 Code, sec. 60-53)
(a) 
When opening new accounts, staff needs to carefully scrutinize documents submitted for identification or proof of residency for red flags such as:
(1) 
Documents provided for identification appear to be altered or forged.
(2) 
The photograph or physical description on the identification is not consistent with the appearance of the customer requesting service.
(3) 
Other information on the identification is not consistent with information provided by the person requesting service.
(4) 
Other information is not consistent with information that is on file (i.e., previous application submitted with driver’s license).
(5) 
Lease submitted for proof of residency appears to be altered or forged.
(6) 
Personal information submitted is associated with known fraudulent activity.
(7) 
The state-issued driver’s license number and date of birth are the same as another customer’s.
(8) 
A new account requested immediately after disconnection for nonpayment.
(b) 
Under any of the cases listed in subsection (a) of this section, city staff will request additional identification, proof of residence by asking to view other bills and/or seek additional documentation as deemed necessary to properly identify the patron.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. V(A)), adopted 10/21/08; 2013 Code, sec. 60-80)
To ensure proper identification verification, effective November 1, 2008, all requests for new service must be completed in person.
(1) 
Applicants must show a government-issued photo ID to initiate service.
(2) 
New applications submitted by fax, e-mail, mail or internet will no longer be processed until proper identification verification is completed in person.
(3) 
Applications must be submitted by the responsible party; parents, siblings or any other interested party cannot activate service on behalf of another person.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. V(B)), adopted 10/21/08; 2013 Code, sec. 60-81)
(a) 
City’s security system.
Electronic data is transmitted and exchanged through the city’s secure socket layer security system which enables encryption of sensitive information during online transactions.
(b) 
Disclosure of personal information.
Information is used as a means of identification, for internal verification or administrative purposes.
(c) 
Data storage.
All hard copy information is stored in secured filing cabinets. Cash receipt information containing credit card numbers is decoded.
(d) 
Internal database security.
All employees undergo a background check conducted by the human resources department prior to hiring. Employees are assigned security levels which limit access to sensitive data. Access into the system requires a password assigned by the system administrator. Upon termination, employee passwords are immediately disabled.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. V(C)), adopted 10/21/08; 2013 Code, sec. 60-82)
Records are disposed of in accordance with state and federal law, including the records retention schedule issued by the state library and archives commission.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. V(D)), adopted 10/21/08; 2013 Code, sec. 60-83)
A zero tolerance policy is in effect for all fraudulent transactions within utility billing customer service. Once written notification and verification is received of fraudulent activity from a customer, banking institution or collection agency, utility billing customer service will proceed with:
(1) 
Notating and taking corrective actions on the account;
(2) 
Gathering all pertinent information that is available; and
(3) 
Immediately contacting the city police department to initiate a criminal investigation.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. V(E)), adopted 10/21/08; 2013 Code, sec. 60-84)
The utility billing supervisor will conduct an annual review of the current policy.
(1998 Code, sec. 2-15; Ordinance 2008121, sec. 2 (exh. A, sec. V(F)), adopted 10/21/08; 2013 Code, sec. 60-85)