Code of Ordinances

of Union County, Illinois.

Ordinance Chapter: Article I - Identity Theft Programs

This Pol­i­cy does not super­sede any more restric­tive law, rule, or reg­u­la­tion regard­ing the col­lec­tion, use, or dis­clo­sure of Social Secu­ri­ty Num­bers. [NOTE:  This Pol­i­cy is to com­ply with Pub­lic Act 096‑9874 of the State of Illi­nois, cit­ed as the Iden­ti­ty Pro­tec­tion Act, and cod­i­fied as Title 30, Act 5, Sec­tion 1, et seq., as now or here­after amended.]

The Pri­va­cy Pol­i­cy adopt­ed in this Divi­sion and Chap­ter shall be sub­ject to amend­ment from time to time by the Coun­ty Com­mis­sion­ers as the Coun­ty Com­mis­sion­ers shall deem nec­es­sary in its sole dis­cre­tion in order to main­tain the County’s com­pli­ance with the Illi­nois Iden­ti­ty Pro­tec­tion Act as now or here­after amended.

Any per­son who vio­lates any por­tion of this Arti­cle, as now or here­after amend­ed, shall be sub­ject to a fine of not less than One Hun­dred Dol­lars ($100.00) for the first such vio­la­tion and a fine of not less than One Thou­sand Dol­lars ($1,000.00) for each vio­la­tion thereafter.

(A) All offi­cers, employ­ees and agents of the Coun­ty iden­ti­fied as hav­ing access to Social Secu­ri­ty Num­bers in the course of per­form­ing their duties to be trained to pro­tect the con­fi­den­tial­i­ty of all Social Secu­ri­ty Num­bers.  Train­ing shall include instruc­tions on the prop­er han­dling of infor­ma­tion that con­tains Social Secu­ri­ty Num­bers from the time of col­lec­tion through the destruc­tion of the information.

(B) Only employ­ees who are required to use or han­dle infor­ma­tion or doc­u­ments that con­tain Social Secu­ri­ty Num­bers have access to such infor­ma­tion or documents.

(C) Social Secu­ri­ty Num­bers request­ed from an indi­vid­ual shall be pro­vid­ed in a man­ner that makes the Social Secu­ri­ty Num­ber eas­i­ly redact­ed if required to be released as part of a pub­lic records’ request.

(D) When col­lect­ing a Social Secu­ri­ty Num­ber or upon request by the indi­vid­ual, a state­ment of the pur­pose or pur­pos­es for which the Coun­ty is col­lect­ing and using the Social Secu­ri­ty Num­ber be provided.

(E) A writ­ten copy of this Pri­va­cy Pol­i­cy, and any amend­ment there­to, shall be filed with the Coun­ty Com­mis­sion­ers with­in thir­ty (30) days after approval of this Pol­i­cy or any amend­ment thereto.

(F) The Coun­ty shall advise its employ­ees of the exis­tence of the Pol­i­cy and make a copy of this Pol­i­cy avail­able to each employ­ee, and shall also make this Pri­va­cy Pol­i­cy avail­able to any mem­ber of the pub­lic, upon request and at no charge for a sin­gle copy of this Pri­va­cy Pol­i­cy.  If the Coun­ty amends this Pri­va­cy Pol­i­cy, then the Coun­ty shall also advise its employ­ees of the exis­tence of the amend­ed Pol­i­cy and make a copy of the amend­ed Pol­i­cy avail­able to each employee.

Begin­ning imme­di­ate­ly on the effec­tive date of the County’s autho­riz­ing Ordi­nance, no offi­cer or employ­ee of the Coun­ty may encode or embed a Social Secu­ri­ty Num­ber in or on a card or doc­u­ment, includ­ing, but not lim­it­ed to, using a bar code, chip, mag­net­ic strip, RFID tech­nol­o­gy, or oth­er tech­nol­o­gy, in place of remov­ing the Social Secu­ri­ty Num­ber as required by this Policy.

If a fed­er­al law takes effect requir­ing any fed­er­al agency to estab­lish a nation­al unique patient health iden­ti­fi­er pro­gram, the Coun­ty shall fol­low that law.

(A) This pol­i­cy does not apply to the col­lec­tion, use, or dis­clo­sure of a Social Secu­ri­ty Num­ber as required by State or Fed­er­al law, rule, or regulation.

(B) This pol­i­cy does not apply to doc­u­ments that are required to be open to the pub­lic under any State or Fed­er­al law, rule, or reg­u­la­tion, applic­a­ble case law, Supreme Court Rule, or the Con­sti­tu­tion of the State of Illinois.

Notwith­stand­ing any oth­er pro­vi­sion of this pol­i­cy to the con­trary, all offi­cers and employ­ees of the Coun­ty must com­ply with the pro­vi­sions of any oth­er State law with respect to allow­ing the pub­lic inspec­tion and copy­ing of infor­ma­tion or doc­u­ments con­tain­ing all or any por­tion of an individual’s Social Secu­ri­ty Num­ber.  All offi­cers and employ­ees of the Coun­ty must redact Social Secu­ri­ty Num­bers from the infor­ma­tion or doc­u­ments before allow­ing the pub­lic inspec­tion or copy­ing of the infor­ma­tion or documents.

 (A) No offi­cer or employ­ee of the Coun­ty shall do any of the following:

  1. Pub­licly post or pub­licly dis­play in any man­ner an individual’s Social Secu­ri­ty Number.
  2. Print an individual’s Social Secu­ri­ty Num­ber on any card required for the indi­vid­ual to access prod­ucts or ser­vices pro­vid­ed by the per­son or entity.
  3. Require an indi­vid­ual to trans­mit his or her Social Secu­ri­ty Num­ber over the Inter­net, unless the con­nec­tion is secure or the Social Secu­ri­ty Num­ber is encrypted.
  4. Print an individual’s Social Secu­ri­ty Num­ber on any mate­ri­als that are mailed to the indi­vid­ual, through the Unit­ed States Postal Ser­vice, any pri­vate mail ser­vice, elec­tron­ic mail, or a sim­i­lar method of deliv­ery, unless Illi­nois or fed­er­al law requires the Social Secu­ri­ty Num­ber to be on the doc­u­ment to be mailed.  Notwith­stand­ing any pro­vi­sion in this Sec­tion to the con­trary, Social Secu­ri­ty Num­bers may be includ­ed in appli­ca­tions and forms sent by mail, includ­ing, but not lim­it­ed to, any mate­r­i­al mailed in con­nec­tion with the admin­is­tra­tion of the Illi­nois Unem­ploy­ment Insur­ance Act, any mate­r­i­al mailed in con­nec­tion with any tax admin­is­tered by the Illi­nois Depart­ment of Rev­enue, and doc­u­ments sent as part of an appli­ca­tion or enroll­ment process or to estab­lish, amend, or ter­mi­nate an account, con­tract, or pol­i­cy or to con­firm the accu­ra­cy of the Social Secu­ri­ty Num­ber.  A Social Secu­ri­ty Num­ber that may per­mis­si­bly be mailed under this Sec­tion may not be print­ed, in whole or in part, on a post­card or oth­er mail­er that does not require an enve­lope or be vis­i­ble on an enve­lope with­out the enve­lope hav­ing been opened.

(B) Except as oth­er­wise pro­vid­ed in this pol­i­cy, begin­ning imme­di­ate­ly on the effec­tive date of the County’s autho­riz­ing Ordi­nance, no offi­cer or employ­ee of the Coun­ty shall do any of the following:

  1. Col­lect, use, or dis­close a Social Secu­ri­ty num­ber from an indi­vid­ual, unless (i) required to do so under State or Fed­er­al law, rules, or reg­u­la­tions, or the col­lec­tion, use, or dis­clo­sure of the Social Secu­ri­ty Num­ber is oth­er­wise nec­es­sary for the per­for­mance of that agency’s duties and respon­si­bil­i­ties; (ii) the need and pur­pose for the Social Secu­ri­ty Num­ber is doc­u­ment­ed before col­lec­tion of the Social Secu­ri­ty Num­ber; and (iii) the Social Secu­ri­ty Num­ber col­lect­ed is rel­e­vant to the doc­u­ment­ed need and purpose.
  2. Require an indi­vid­ual to use his or her Social Secu­ri­ty Num­ber to access an Inter­net website.
  3. Use the Social Secu­ri­ty Num­ber for any pur­pose oth­er than the pur­pose for which it was collected.

(C) The pro­hi­bi­tions in sub­sec­tion (B) do not apply in the fol­low­ing circumstances:

  1. The dis­clo­sure of Social Secu­ri­ty Num­bers to agents, employ­ees, con­trac­tors, or sub­con­trac­tors of the Coun­ty or dis­clo­sure to anoth­er gov­ern­men­tal enti­ty or its agents, employ­ees, con­trac­tors, or sub­con­trac­tors if dis­clo­sure is nec­es­sary in order for the enti­ty to per­form its duties and respon­si­bil­i­ties; and, if dis­clos­ing to a con­trac­tor or sub­con­trac­tor, pri­or to such dis­clo­sure, the offi­cer or employ­ee of the Coun­ty must first receive from the con­trac­tor or sub­con­trac­tor a copy of the contractor’s or subcontractor’s pol­i­cy that sets forth how the require­ments imposed under this Pol­i­cy on the Coun­ty to pro­tect an individual’s Social Secu­ri­ty Num­ber will be achieved.
  2. The dis­clo­sure of Social Secu­ri­ty Num­bers pur­suant to a court order, war­rant, or subpoena.
  3. The col­lec­tion, use, or dis­clo­sure of Social Secu­ri­ty Num­bers in order to ensure the safe­ty of: Coun­ty employ­ees; per­sons com­mit­ted to cor­rec­tion­al facil­i­ties, local jails, and oth­er law enforce­ment facil­i­ties or reten­tion cen­ters; wards of the State; and all per­sons work­ing in or vis­it­ing a Coun­ty facility.
  4. The col­lec­tion, use, or dis­clo­sure of Social Secu­ri­ty Num­bers for Inter­nal ver­i­fi­ca­tion or admin­is­tra­tive purposes.
  5. The col­lec­tion or use of Social Secu­ri­ty Num­bers to inves­ti­gate or pre­vent fraud, to con­duct back­ground checks, to col­lect a debt, to obtain a cred­it report from a con­sumer report­ing agency under the fed­er­al Fair Cred­it Report­ing Act, to under­take any per­mis­si­ble pur­pose that is enu­mer­at­ed under the fed­er­al Gramm Leach Bliley Act, or to locate a miss­ing per­son, a lost rel­a­tive, or a per­son who is due a ben­e­fit such as a pen­sion ben­e­fit or an unclaimed prop­er­ty benefit.

(D) Any stan­dards of the Coun­ty for the col­lec­tion, use, or dis­clo­sure of Social Secu­ri­ty Num­bers that are stricter than the stan­dards under this Pol­i­cy with respect to the pro­tec­tion of those Social Secu­ri­ty Num­bers, then, in the event of any con­flict with the pro­vi­sions of this Pol­i­cy, the stricter stan­dards adopt­ed by the Coun­ty shall control.

Per­son” means any indi­vid­ual in the employ of the County.

Pol­i­cy” or “Pri­va­cy Pol­i­cy” means this doc­u­ment, as now or here­after amended.

Pub­licly post” or “pub­licly dis­play” means to inten­tion­al­ly com­mu­ni­cate or oth­er­wise inten­tion­al­ly make avail­able to the gen­er­al public.

Social Secu­ri­ty Num­ber” means the nine (9) dig­it num­ber assigned to an indi­vid­ual by the Unit­ed States Social Secu­ri­ty Admin­is­tra­tion for the pur­pos­es autho­rized or required under the Unit­ed States Social Secu­ri­ty Act of August 14, 1935, as amend­ed (Pub­lic Law 74–271).

In the event one of the County’s cus­tomers becomes a vic­tim of iden­ti­ty theft, the fol­low­ing steps will be tak­en, as appro­pri­ate, to assist them:

(A) Have trained per­son­nel respond to cus­tomer calls regard­ing iden­ti­ty theft or pre­text calling.

(B) Deter­mine if it is nec­es­sary to close an account imme­di­ate­ly after a cus­tomer reports unau­tho­rized use of that account and cre­ate a new cus­tomer account when appro­pri­ate.  Where a cus­tomer has mul­ti­ple accounts, an assess­ment will be made as to whether any oth­er account has been the sub­ject of poten­tial fraud.

(C) Help edu­cate the cus­tomer about appro­pri­ate steps to take if they have been victimized.

As part of the over­all Pro­gram, the Coun­ty will include oth­er legal require­ments when need­ed, such as:

(A) Fil­ing a Sus­pi­cious Activ­i­ty Report; and

(B) Imple­ment­ing any require­ments under which accounts may be cre­at­ed, changed or altered when the Coun­ty detects a fraud or active duty alert. 

Edu­cat­ing con­sumers about pre­vent­ing iden­ti­ty theft and iden­ti­fy­ing poten­tial pre­text calls may help reduce their vul­ner­a­bil­i­ty to these fraud­u­lent prac­tices.  The Coun­ty will have brochures avail­able to con­sumers and an iden­ti­ty theft pre­ven­tion sec­tion on the County’s web­site that describes pre­ven­ta­tive mea­sures con­sumers can take to avoid becom­ing vic­tims of these types of fraud.

The Coun­ty staff respon­si­ble for imple­ment­ing the Pro­gram will be trained to rec­og­nize and detect Red Flags and prop­er­ly react to unau­tho­rized or fraud­u­lent attempts to obtain cus­tomer infor­ma­tion.  The Coun­ty directs the Pro­gram Admin­is­tra­tor to con­duct annu­al train­ing for all employ­ees regard­ing iden­ti­ty theft and to sup­ple­ment that train­ing through­out the year as more schemes are uncovered.

The Coun­ty will over­see any ser­vice provider who per­forms an activ­i­ty in con­nec­tion with one or more cov­ered accounts.  The Coun­ty will take steps to ensure that the activ­i­ty of the ser­vice provider is con­duct­ed in accor­dance with rea­son­able poli­cies and pro­ce­dures designed to detect, pre­vent, and mit­i­gate the risk of Iden­ti­ty Theft and require the ser­vice provider to report any Red Flag to the Pro­gram Admin­is­tra­tor. 

(A) The ulti­mate over­sight of the pro­gram is the Coun­ty Com­mis­sion­ers.  The Coun­ty Com­mis­sion­ers have assigned spe­cif­ic respon­si­bil­i­ty for the Program’s imple­men­ta­tion to the Pro­gram Administrator.

(B) The Pro­gram Admin­is­tra­tor will report to the Coun­ty Com­mis­sion­ers, at least annu­al­ly, on com­pli­ance by the Coun­ty with all iden­ti­ty theft issues.

(C) The report will address mate­r­i­al mat­ters relat­ed to the Pro­gram and eval­u­ate issues such as:

  1. The effec­tive­ness of the poli­cies and pro­ce­dures of the Coun­ty in address­ing the risk of iden­ti­ty theft in con­nec­tion with the open­ing of cov­ered accounts and with respect to exist­ing cov­ered accounts;
  2. Ser­vice provider arrangements;
  3. Sig­nif­i­cant inci­dents involv­ing iden­ti­ty theft and management’s response; and
  4. Rec­om­men­da­tions for mate­r­i­al changes to the Program.

The Coun­ty Com­mis­sion­ers will take any addi­tion­al steps nec­es­sary to sup­port this pro­gram. 

he Coun­ty will peri­od­i­cal­ly review and update this pol­i­cy (includ­ing the Red Flags deter­mined to be rel­e­vant) to reflect changes in risks to cus­tomers or to the safe­ty and sound­ness of the Coun­ty from iden­ti­ty theft, based on fac­tors such as:

(A) Expe­ri­ences with iden­ti­ty theft;

(B) Changes in meth­ods of iden­ti­ty theft;

(C) Changes in meth­ods to detect, pre­vent, and mit­i­gate iden­ti­ty theft;

(D) Changes in the types of accounts or ser­vices that the Coun­ty offers or main­tains; and

(E) Changes in our busi­ness arrange­ments, includ­ing ser­vices pro­vid­ed and ser­vice provider arrangements.

After con­sid­er­ing these fac­tors, the Pro­gram Admin­is­tra­tor will deter­mine whether changes to the Pro­gram, includ­ing the list­ing of Red Flags, are war­rant­ed.  If war­rant­ed, the Pro­gram Admin­is­tra­tor will update the Pro­gram or present the Coun­ty Com­mis­sion­ers with his or her rec­om­mend­ed changes, and the Coun­ty Com­mis­sion­ers will make a deter­mi­na­tion of whether to accept, mod­i­fy or reject those changes to the Program.

If a notice of change of address for an exist­ing account is received and then with­in thir­ty (30) days a request for a change to the account is made, the Coun­ty will assess the valid­i­ty of the change of address or request­ed change to the account.

In order to pre­vent and mit­i­gate Iden­ti­ty Theft, the Coun­ty will pro­vide appro­pri­ate respons­es to the fol­low­ing Red Flags:

(A) Alerts, Noti­fi­ca­tions or Warn­ings from a Con­sumer Report­ing Agency.

  1. A fraud or active duty alert is includ­ed with a cred­it report.
  2. A cred­it report­ing agency pro­vides a notice of cred­it freeze in response to a request for a cred­it report.
  3. A cred­it report­ing agency pro­vides a notice of address discrepancy.
  4. Receiv­ing a report of fraud with a cred­it report.
  5. Receiv­ing indi­ca­tion from a cred­it report of activ­i­ty that is incon­sis­tent with a customer’s usu­al pat­tern or activity.

(B) Sus­pi­cious Documents.

  1. Doc­u­ments pro­vid­ed for iden­ti­fi­ca­tion appear to have been altered, forged or unauthentic.
  2. The pho­to­graph or phys­i­cal descrip­tion on the iden­ti­fi­ca­tion is not con­sis­tent with the appear­ance of the appli­cant or per­son pre­sent­ing the identification.
  3. Receiv­ing oth­er doc­u­men­ta­tion with infor­ma­tion that is not con­sis­tent with exist­ing cus­tomer infor­ma­tion (such as if a person’s sig­na­ture on a check appears forged).
  4. Receiv­ing an appli­ca­tion for ser­vice that appears to have been altered or forged.

(C) Sus­pi­cious Per­son­al Iden­ti­fy­ing Information.

  1. The per­son open­ing the cov­ered account or the cus­tomer fails to pro­vide all required per­son­al iden­ti­fy­ing infor­ma­tion on an appli­ca­tion or in response to noti­fi­ca­tion that the appli­ca­tion is incomplete.
  2. Per­son­al iden­ti­fy­ing infor­ma­tion pro­vid­ed is not con­sis­tent with per­son­al iden­ti­fy­ing infor­ma­tion that is on file with the County.
  3. A person’s iden­ti­fy­ing infor­ma­tion is the same as shown on oth­er appli­ca­tions found to be fraudulent.
  4. A person’s iden­ti­fy­ing infor­ma­tion is con­sis­tent with fraud­u­lent activ­i­ty (such as an invalid phone num­ber or fic­ti­tious billing address).
  5. A person’s social secu­ri­ty num­ber is the same as anoth­er customer’s social secu­ri­ty number.
  6. A person’s address or phone num­ber is the same as that of anoth­er person.
  7.  A person’s iden­ti­fy­ing infor­ma­tion is not con­sis­tent with oth­er infor­ma­tion the cus­tomer provides.

(D) Unusu­al Use of, or Sus­pi­cious Activ­i­ty Relat­ed to, the Cov­ered Account.

  1. A change of address for a cov­ered account fol­lowed by the Coun­ty receiv­ing a request for the addi­tion of autho­rized users on the account or adding oth­er parties.
  2. A cov­ered account that has been inac­tive and then becomes active.
  3. Pay­ments stop on an oth­er­wise con­sis­tent­ly up-to-date account.
  4. Mail sent to the cus­tomer is returned repeat­ed­ly as unde­liv­er­able although trans­ac­tions con­tin­ue to be con­duct­ed in con­nec­tion with the customer’s cov­ered account.
  5. The Coun­ty is noti­fied of unau­tho­rized charges or trans­ac­tions in con­nec­tion with a customer’s cov­ered account.
  6. A new account is used in a man­ner con­sis­tent with fraud (such as the cus­tomer fail­ing to make the first pay­ment, or mak­ing the ini­tial pay­ment and no oth­er payments).
  7. An account being used in a way that is not con­sis­tent with pri­or use (such as late or no pay­ments when the account has been time­ly in the past).
  8. The Coun­ty receives notice that a cus­tomer is not receiv­ing his/her paper statements.

(E) Notice From Cus­tomers, Vic­tims of Iden­ti­ty Theft, Law Enforce­ment Author­i­ties, or Oth­er Per­sons Regard­ing Pos­si­ble Iden­ti­ty Theft in Con­nec­tion with Cov­ered Accounts Held by the County.

  1. The Coun­ty is noti­fied by a cus­tomer, a vic­tim of iden­ti­ty theft, a law enforce­ment author­i­ty, or any oth­er per­son that it has opened a fraud­u­lent account for a per­son engaged in iden­ti­ty theft.
  2. Should any of the above instances of sus­pi­cious activ­i­ty that could be iden­ti­ty theft occur, the Coun­ty will take imme­di­ate actions to either pre­vent or mit­i­gate the situation.

In order to detect any of the Red Flags iden­ti­fied above with the open­ing of a new account, Coun­ty per­son­nel will take the fol­low­ing steps to obtain and ver­i­fy the iden­ti­ty of the per­son open­ing the account:

Steps can include:

  • Requir­ing cer­tain iden­ti­fy­ing infor­ma­tion such as name, date of birth, res­i­den­tial or busi­ness address, prin­ci­pal place of busi­ness for an enti­ty, social secu­ri­ty num­ber, driver’s license or oth­er identification.
  • Ver­i­fy­ing the customer’s iden­ti­ty, such as by copy­ing and review­ing a driver’s license or oth­er iden­ti­fi­ca­tion card.
  • Review­ing doc­u­men­ta­tion show­ing the exis­tence of a busi­ness entity.
  • Inde­pen­dent­ly con­tact­ing the customer.

In order to detect any of the Red Flags iden­ti­fied above for an exist­ing account, Coun­ty per­son­nel will take the fol­low­ing steps to mon­i­tor trans­ac­tions with an account:

Steps can include:

  • Ver­i­fy­ing the iden­ti­fi­ca­tion of cus­tomers if they request infor­ma­tion (in per­son, via tele­phone, via fac­sim­i­le, via e‑mail).
  • Ver­i­fy­ing the valid­i­ty of requests to change billing addresses.
  • Ver­i­fy­ing changes in bank­ing infor­ma­tion giv­en for billing and pay­ment purposes.

Respons­es to these Red Flags are com­men­su­rate with the degree of risk posed based on the County’s risk assessment.

  • Appro­pri­ate respons­es may include the following:
  • Com­plete ver­i­fi­ca­tion of iden­ti­fi­ca­tion for fraud, active duty, cred­it freeze or address dis­crep­an­cy alert for any of these types of alerts found on a con­sumer cred­it report when apply­ing for services;
  • Mon­i­tor­ing a cov­ered account for evi­dence of iden­ti­ty theft or sus­pi­cious activ­i­ty by plac­ing on the County’s watch list;
  • Con­tact­ing the customer;
  • Chang­ing any pass­words, secu­ri­ty codes, or oth­er secu­ri­ty devices that per­mit access to a cov­ered account;
  • Reopen­ing a cov­ered account with a new account number;
  • Not open­ing a new cov­ered account;Closing an exist­ing cov­ered account;
  • Not attempt­ing to col­lect on a cov­ered account or not send­ing a cov­ered account to a debt collector;
  • Noti­fy­ing law enforce­ment; or
  • Deter­min­ing that no response is war­rant­ed under the par­tic­u­lar circumstances.

The Coun­ty is com­mit­ted to detect­ing sit­u­a­tions in which iden­ti­ty theft might have or may have occurred.

A “Red Flag” is a pat­tern, prac­tice or spe­cif­ic activ­i­ty that indi­cates the pos­si­ble exis­tence of Iden­ti­ty Theft.  In order to iden­ti­fy rel­e­vant Red Flags, the Coun­ty con­sid­ered risk fac­tors such as the types of accounts that it offers and main­tains, the meth­ods it pro­vides to open its accounts, the meth­ods it pro­vides to access its accounts and its pre­vi­ous expe­ri­ences with Iden­ti­ty Theft.

Iden­ti­ty Theft will be com­bat­ed by detect­ing Red Flags in con­nec­tion with the open­ing of cov­ered accounts and exist­ing cov­ered accounts, such as by:

(A) Obtain­ing iden­ti­fy­ing infor­ma­tion about, and ver­i­fy­ing the iden­ti­ty of, a per­son open­ing a cov­ered account.

(B) Authen­ti­cat­ing cus­tomers’ trans­ac­tions, includ­ing pho­to ID if nec­es­sary, plus pos­si­ble addi­tion­al ver­i­fi­ca­tion meth­ods such as a user ID and password.

(C) Mon­i­tor­ing trans­ac­tions with empha­sis on a change of address close­ly fol­lowed by a new ser­vice request or a mate­r­i­al change in a customer’s cred­it use.

(D) Ver­i­fy­ing the valid­i­ty of change of address requests, in the case of exist­ing cov­ered accounts in order to mon­i­tor the diver­sion of state­ments as a pre­lude to pos­si­ble account manipulation.

While the over­all risk of iden­ti­ty theft involv­ing the Coun­ty appears low, the Coun­ty will focus on detec­tion and pre­ven­tion from iden­ti­ty theft on the fol­low­ing cov­ered accounts: accounts to indi­vid­ual cus­tomers; all of the County’s accounts that are indi­vid­ual util­i­ty ser­vice accounts held by cus­tomers of the util­i­ty whether res­i­den­tial, com­mer­cial or indus­tri­al; any account the Coun­ty offers or main­tains pri­mar­i­ly for per­son­al, fam­i­ly or house­hold pur­pos­es that involves mul­ti­ple pay­ments or trans­ac­tions; and any oth­er account for which there is a rea­son­ably fore­see­able risk to cus­tomers or to the safe­ty and sound­ness of the Coun­ty from Iden­ti­ty Theft, as well as auto­mat­ic deposits to the accounts of the Coun­ty employ­ees.  There will be a peri­od­ic review to deter­mine if the cov­ered accounts are still accu­rate due to any changes such as changes of address or oth­er changes which may occur relat­ing to an account.

Each type of cov­ered account will be exam­ined and reviewed for rel­e­vant Red Flags in part by considering:

(A) The meth­ods pro­vid­ed to open cov­ered accounts;

(B) The meth­ods pro­vid­ed to access cov­ered accounts; and

(C) Pre­vi­ous expe­ri­ences with iden­ti­ty theft.

As part of the process, the Coun­ty will con­sid­er the rel­e­vant Red Flags pro­vid­ed by the reg­u­la­to­ry guid­ance, as well as inci­dents of iden­ti­ty theft that the Coun­ty and/or the Coun­ty cus­tomers have expe­ri­enced and applic­a­ble super­vi­so­ry guidance.

The Coun­ty is com­mit­ted to com­ply with the Fed­er­al Fair and Accu­rate Cred­it Trans­ac­tions Act of 2003, as well as pro­vide cus­tomers, par­tic­u­lar­ly cus­tomers with util­i­ty accounts, the max­i­mum iden­ti­ty theft pro­tec­tion pos­si­ble.  Sit­u­a­tions that lead to iden­ti­ty theft would hurt and incon­ve­nience the County’s cus­tomers, while at the same time dam­age the County’s rep­u­ta­tion and place the Coun­ty at risk for loss­es.  The Coun­ty devel­oped this Iden­ti­ty Theft Pre­ven­tion Pol­i­cy with the over­sight and approval of the Coun­ty Com­mis­sion­ers after con­sid­er­ing the size and com­plex­i­ty of the County’s oper­a­tions and account sys­tems and the nature and scope of the County’s activities.

(A) Exam­ples of Iden­ti­ty Theft.

  1. An iden­ti­ty thief uses anoth­er person’s social secu­ri­ty num­ber to open a util­i­ty account.
  2. An iden­ti­ty thief uses a victim’s infor­ma­tion to obtain unau­tho­rized ser­vices from the County.
  3. An iden­ti­ty thief opens a util­i­ty account using a victim’s name and good credit.
  4. An iden­ti­ty thief files for bank­rupt­cy using a victim’s name.
  5. An iden­ti­ty thief gives a victim’s name as his/her own when arrest­ed by police.