13.40.050 Preventing and mitigating identity theft.
In the event city personnel detect any identified red flags, such personnel shall take one or more of the following steps, depending on the degree of risk posed by the red flag:
A. Prevent and Mitigate Identity Theft.
1. Monitor a covered account for evidence of identity theft;
2. Contact the customer with the covered account;
3. Change any passwords or other security codes and devices that permit access to a covered account;
4. Not open a new covered account;
5. Close an existing covered account;
6. Reopen a covered account with a new number;
7. Not attempt to collect payment on a covered account;
8. Notify the finance director for determination of the appropriate step(s) to take;
9. Notify law enforcement; or
10. Determine that no response is warranted under the particular circumstances.
B. Protect Customer Identifying Information. In order to further prevent the likelihood of identity theft occurring with respect to city accounts, the city shall take the following steps with respect to its internal operating procedures to protect customer identifying information:
1. Secure the city website but provide clear notice that the website is not secure;
2. Undertake complete and secure destruction of paper documents and computer files containing customer information;
3. Make office computers password protected and provide that computer screens lock after a set period of time;
4. Keep offices clear of papers containing customer identifying information;
5. Request only the last four digits of Social Security numbers (if any);
6. Maintain computer virus protection up to date; and
7. Require and keep only the kinds of customer information that are necessary for city purposes.