HomeMy Public PortalAboutResolution #2008-29, A Resolution Approving And Adopting an Identity Theft Prevention Policy RESOLUTION#2008-29
A RESOLUTION APPROVING AND ADOPTING AN IDENTITY THEFT
PREVENTION POLICY
WHEREAS, 16 CFR § 681.2 et seq. requires certain institutions and entities to develop and
provide for the continued administration of a written Identity Theft Prevention Program;
WHEREAS, it is in the public interest to protect the citizens, customers, and City of Riverdale
("Riverdale") employees from identity theft;
WHEREAS, Riverdale has found that a comprehensive written policy establishing policies and
procedures for detecting, preventing, and mitigating identity theft is necessary to protect the
public interest;
WHEREAS, Iowa Code Section 364.1 permits cities to exercise any power and perform any
function it deems appropriate to protect and preserved the rights,privileges, and property of
Riverdale or of its residents; and
WHEREAS, Riverdale wishes to adopt the attached Identity Theft Prevention Policy.
NOW THEREFORE BE IT RESOLVED, by the City Council of the City of Riverdale, Iowa,
Riverdale adopts the Identity Theft Prevention Policy, a copy of which is attached hereto.
This Resolution shall take immediate effect.
PASSED, APPROVED AND ADOPTED THIS 18th day of November, 2008.
Ayes: Nays:
Halsey
Littrel
Hupp
Channon
Frankli
i
fFrank /, Mayor Pro Tem
ATTEST:
Theresa Ralfs, City Clerk
CITY OF RIVERDALE
IDENTITY THEFT PREVENTION
POLICY
1
' I
PURPOSE
The purpose of this policy is to establish a formal document which outlines procedures
for detecting,preventing, and mitigating identity theft for officers and employees of the City of
Riverdale, Iowa.
PREVENTION
The following list is designed to help protect individual's personal information and other
sensitive information and to prevent unauthorized access to such information.
1. Paper documents, files, and electronic media containing secure information must be
stored in locked file cabinets except when an employee is working on the file.
2. Only the Assistant City Clerk, City Clerk, Mayor and City Council members with a
legitimate need are allowed access to the locked file cabinets.
3. Employees must not leave sensitive papers out on their desks when they are away from
their workstations.
4. Employees must store files with secure information when leaving their work areas.
5. Employees must log off their computers when leaving their work for the day.
6. Employees must lock file cabinets when leaving work for the day.
7. Visitors who enter areas where sensitive files are kept must be escorted by an employee.
8. No visitor will be given any entry codes or allowed unescorted access to the office.
9. Sensitive information that is stored on computer network or portable storage
10. Anti-virus and anti-spyware programs must be run on individual computers and on
servers at regular intervals.
11. When sensitive data is received or transmitted, secure connections must be used.
12. Computer passwords are required.
13. Computer passwords must be changed at least yearly.
14. Computer passwords must not be shared or posted near workstations.
15. Password-activated screen savers must be used to lock employee computers after a period
of five minutes of inactivity.
2
SC,*".,t 44--.- .k„6, -4a*A'A,V1 4WAidahl '" -tir�:fmx
16. Employees must never leave a laptop computer visible in a car, at a hotel luggage stand,
or packed in checked luggage.
17. If a laptop must be left in a vehicle, it must be locked in a trunk.
18. Employees must only use secured wireless networks.
19. References must be checked before hiring employees who will have access to sensitive
data.
20. Access to individuals' personal identity information is limited to employees with a"need
to know."
21. Paper records must be shredded before being placed into the trash.
22. Any data storage media will be disposed of by shredding, incineration, or other
destruction.
3
i
DETECTION
The City of Riverdale adopts the following red flags to detect potential fraud. These are
not intended to be all-inclusive and other suspicious activity may be investigated as necessary:
1. Notice of address discrepancy.
2. Identification documents appear to be altered.
3. Photo and physical description do not match appearance of individual.
4. Other information is inconsistent with information provided individual.
5. Other information provided by individual is inconsistent with information on file.
6. Documentation provided by individual appears altered or destroyed and
reassembled.
7. Personal information provided by individual does not match other sources of
information(e.g. credit reports, SS#not issued or listed as deceased).
8. Lack of correlation between the SS#range and date of birth.
9. Information provided is associated with known fraudulent activity(e.g. address or
phone number provided is same as that of fraudulent activity).
10. Information commonly associated with fraudulent activity is provided by
individual (e.g. address that is a mail drop or prison,non-working phone number
or associated with answering service/pager).
11. SS#, address, or telephone#is the same as that of other individual.
12. Individual fails to provide all information requested.
13. Personal information provided is inconsistent with information on file for a
individual.
14. Individual cannot provide information requested beyond what could commonly be
found in a purse or wallet.
15. Identity theft is reported or discovered.
RESPONSE
Any employee that may suspect fraud will implement the following response as applicable. All
suspicions or detections of fraud shall be reported to the Mayor.
1. Ask individual for additional documentation.
2. Notify the Mayor of suspicion or detection.
3. Make detailed written record of interactions with individual.
4. Notify law enforcement of any attempted or actual identity theft.
4