The URL can be used to link to this page

Home My Public Portal AboutResolution #2008-29, A Resolution Approving And Adopting an Identity Theft Prevention Policy RESOLUTION#2008-29 A RESOLUTION APPROVING AND ADOPTING AN IDENTITY THEFT PREVENTION POLICY WHEREAS, 16 CFR § 681.2 et seq. requires certain institutions and entities to develop and provide for the continued administration of a written Identity Theft Prevention Program; WHEREAS, it is in the public interest to protect the citizens, customers, and City of Riverdale ("Riverdale") employees from identity theft; WHEREAS, Riverdale has found that a comprehensive written policy establishing policies and procedures for detecting, preventing, and mitigating identity theft is necessary to protect the public interest; WHEREAS, Iowa Code Section 364.1 permits cities to exercise any power and perform any function it deems appropriate to protect and preserved the rights,privileges, and property of Riverdale or of its residents; and WHEREAS, Riverdale wishes to adopt the attached Identity Theft Prevention Policy. NOW THEREFORE BE IT RESOLVED, by the City Council of the City of Riverdale, Iowa, Riverdale adopts the Identity Theft Prevention Policy, a copy of which is attached hereto. This Resolution shall take immediate effect. PASSED, APPROVED AND ADOPTED THIS 18th day of November, 2008. Ayes: Nays: Halsey Littrel Hupp Channon Frankli i fFrank /, Mayor Pro Tem ATTEST: Theresa Ralfs, City Clerk CITY OF RIVERDALE IDENTITY THEFT PREVENTION POLICY 1 ' I PURPOSE The purpose of this policy is to establish a formal document which outlines procedures for detecting,preventing, and mitigating identity theft for officers and employees of the City of Riverdale, Iowa. PREVENTION The following list is designed to help protect individual's personal information and other sensitive information and to prevent unauthorized access to such information. 1. Paper documents, files, and electronic media containing secure information must be stored in locked file cabinets except when an employee is working on the file. 2. Only the Assistant City Clerk, City Clerk, Mayor and City Council members with a legitimate need are allowed access to the locked file cabinets. 3. Employees must not leave sensitive papers out on their desks when they are away from their workstations. 4. Employees must store files with secure information when leaving their work areas. 5. Employees must log off their computers when leaving their work for the day. 6. Employees must lock file cabinets when leaving work for the day. 7. Visitors who enter areas where sensitive files are kept must be escorted by an employee. 8. No visitor will be given any entry codes or allowed unescorted access to the office. 9. Sensitive information that is stored on computer network or portable storage 10. Anti-virus and anti-spyware programs must be run on individual computers and on servers at regular intervals. 11. When sensitive data is received or transmitted, secure connections must be used. 12. Computer passwords are required. 13. Computer passwords must be changed at least yearly. 14. Computer passwords must not be shared or posted near workstations. 15. Password-activated screen savers must be used to lock employee computers after a period of five minutes of inactivity. 2 SC,*".,t 44--.- .k„6, -4a*A'A,V1 4WAidahl '" -tir�:fmx 16. Employees must never leave a laptop computer visible in a car, at a hotel luggage stand, or packed in checked luggage. 17. If a laptop must be left in a vehicle, it must be locked in a trunk. 18. Employees must only use secured wireless networks. 19. References must be checked before hiring employees who will have access to sensitive data. 20. Access to individuals' personal identity information is limited to employees with a"need to know." 21. Paper records must be shredded before being placed into the trash. 22. Any data storage media will be disposed of by shredding, incineration, or other destruction. 3 i DETECTION The City of Riverdale adopts the following red flags to detect potential fraud. These are not intended to be all-inclusive and other suspicious activity may be investigated as necessary: 1. Notice of address discrepancy. 2. Identification documents appear to be altered. 3. Photo and physical description do not match appearance of individual. 4. Other information is inconsistent with information provided individual. 5. Other information provided by individual is inconsistent with information on file. 6. Documentation provided by individual appears altered or destroyed and reassembled. 7. Personal information provided by individual does not match other sources of information(e.g. credit reports, SS#not issued or listed as deceased). 8. Lack of correlation between the SS#range and date of birth. 9. Information provided is associated with known fraudulent activity(e.g. address or phone number provided is same as that of fraudulent activity). 10. Information commonly associated with fraudulent activity is provided by individual (e.g. address that is a mail drop or prison,non-working phone number or associated with answering service/pager). 11. SS#, address, or telephone#is the same as that of other individual. 12. Individual fails to provide all information requested. 13. Personal information provided is inconsistent with information on file for a individual. 14. Individual cannot provide information requested beyond what could commonly be found in a purse or wallet. 15. Identity theft is reported or discovered. RESPONSE Any employee that may suspect fraud will implement the following response as applicable. All suspicions or detections of fraud shall be reported to the Mayor. 1. Ask individual for additional documentation. 2. Notify the Mayor of suspicion or detection. 3. Make detailed written record of interactions with individual. 4. Notify law enforcement of any attempted or actual identity theft. 4