ORD 08-20ORDINANCE NO.: 2008-20
CITY OF OTSEGO
COUNTY OF WRIGHT, MINNESOTA
AN ORDINANCE ESTABLISHING AN IDENTITY THEFT PREVENTION PROGRAM AS
REQUIRED BY THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT OF 2003.
THE CITY COUNCIL OF THE CITY OF OTSEGO DOES HEREBY ORDAIN:
Section 1. Chapter 2 of the City Code is hereby amended to include the following
additional provisions:
Section 6
Identity Theft Prevention Program
Section:
2-6-1
Purpose
2-6-2
Definitions
2-6-3
Application
2-6-4
Red Flags
2-6-5
Administration
2-6-1: PURPOSE:
A. The City of Otsego has developed this Identity Theft Prevention Program
("Program") pursuant to the Federal Trade Commission's Red Flags Rule
("Rule"), which implements Section 114 of the Fair and Accurate Credit
Transactions Act of 2003 by implementing reasonable procedures to:
1. Identify relevant Red Flags for new and existing covered accounts and
incorporate those Red Flags into the Program;
2. Detect Red Flags that have been incorporated into the Program;
3. Respond appropriately to any Red Flags that are detected to prevent and
mitigate Identity Theft; and
4. Ensure the Program is updated periodically, to reflect changes in risks to
customers or to the safety and soundness of the creditor from Identity
Theft.
B. A degree of confidentiality regarding the City's specific practices relating to
identity theft detection, prevention and mitigation is required to ensure the
effectiveness of the Identity Theft Prevention Program. Therefore, only the City's
general practices related to implementation of red flag detection, prevention and
mitigation are listed in this Section. Any documents that may have been
produced or are produced in order to develop or implement the Identity Theft
Prevention Program established by this Section that list or describe such specific
practices and the information those documents contain are considered "security
information" as defined in Minnesota Statutes Section 13.37 and are unavailable
to the public because disclosure of them would be likely to substantially
jeopardized the security of information against improper use, that use being to
circumvent the City's identity theft prevention efforts in order to facilitate the
commission of identity theft.
2-6-2: DEFINITIONS: The following words and terms shall be defined as follows
for the purposes of this Section:
Account Owner. The individual or business that has applied for an account with the
City of Otsego and is responsible for transactions made in connection with said account.
Covered Account. A continuing relationship established by a person or business that
involves or is designated to permit multiple financial payments or transactions for which
there is a reasonably foreseeable risk to"customers or to the safety and soundness of
the City from identity theft.
FACT Officer. The individual designated by the City Council as the Fair and Accurate
Credit Transactions Officer responsible for administering the Identity Theft Prevention
Program.
Identity Theft. A fraud attempted or committed using identifying information of another
person without authority.
Red Flag. A pattern, practice or specific activity that indicates the possible existence of
identity theft.
Service Provider. shall mean a third party that provides a service directly to or on
behalf of the City of Otsego.
2-6-3: APPLICATION: The following accounts established with the City shall be
deemed to be covered accounts subject to the provisions of this Section.
2
A. Utility accounts established in accordance with Section 6-2-2 of the City Code.
2-6-4: RED FLAGS:
A. Identification. The City will consider the following risk factors in identifying red
flags for covered accounts as appropriate:
1. The types of covered accounts it offers or maintains.
2. The methods it provides to open covered accounts.
3. The methods it provides to access covered accounts.
4. Previous experience with identity theft including, but not limited to:
a. Prior instances of identity theft.
b. Methods of identity theft that reflect changes in risk.
C. Applicable supervisory guidance.
B. Categories. Red flags shall include, but are not limited to:
1. The presentation of suspicious documents:
a. Documents provided for identification that appear to have been
altered or forged.
b. Information in the document is inconsistent with information
previously provided by the person when opening a new account.
C. An application appears to have been altered or forged, or gives the
appearance of having been destroyed and reassembled.
2. The presentation of suspicious personal information:
a. Presentation of personal identifying information that is not
consistent with other personal identifying information provided by
the individual.
b. Presentation of personal identifying information is associated with
known fraudulent activity as indicated by internal or third -party
sources used by the City.
3
3. The unusual use of, or other suspicious activity related to, a covered
account:
a. Mail sent to the account owner is returned repeatedly as
undeliverable although transactions continue to be conducted in
connection with the covered account.
b. The City is notified that the account owner is not receiving account
statements mailed by the City.
C. The City is notified of unauthorized charges or transactions in
connection with a covered account.
4. Notification from account holders, victims of identity theft, law enforcement
agencies or other persons regarding possible identity theft in connection
with covered accounts.
C. Detection. The City will incorporate procedures for the detection of red flags in
connection covered accounts by:
1. Obtaining identifying information of a person prior to establishing a new
account.
2. Monitoring transactions in connection with covered accounts for
suspicious activities
D. Response. The City will document a response to all red flags detected,
cdmmensurate with the degree of risk posed.
1. The City will consider factors that may heighten the risk of identity theft in
determining an appropriate response to detection of a red flag including,
but not limited to, the categories outlined in Section 4.13 of this Section.
2. Appropriate responses by the City when a red flag is detected include, but
are not limited to:
a. Monitoring a covered account for evidence of identity theft.
b. Contacting the account owner.
C. Changing any passwords, security codes or other security devices
that permit access to a covered account.
d. Reopening a covered account with a new account number.
e. Closing an existing covered account.
2
Not opening a new covered account.
g. Not attempting to collect on a billing connected with a covered
account or not selling a covered account to a debt collector.
h. Notifying the Wright County Sheriff, Attorney General of the State of
Minnesota, or other law enforcement agencies.
i. Determining that no response is required based on the specific
circumstances related to the red flag.
3. The FACT Officer shall advise the City Council of the red flag and the
City's response.
2-6-5: ADMINSTRATION: The FACT Officer shall be responsible for
administration of the Identity Theft Prevention Program and is expected to:
A. Assign specific responsibilities for implementation of the Identity Theft Prevention
Program.
B. Train appropriate City staff in the. detection of red flags and the responsive steps
to be taken when a red flag is detected.
C. Whenever the City engages a service provider to perform an activity subject to
the provisions of this Section, the FACT Officer will ensure that the activity of the
service provider is conducted in accordance with' reasonable policies and
procedures designed to detect, prevent and mitigate identity theft.
D. Review, prepare and provide at least annually reports to the City Council on the
City's compliance with the Identity Theft Prevention Program, the effectiveness of
the procedures, significant incidents involving identity theft and the City's
response and recommendations for amendments to the Identity Theft Prevention
Program as may be appropriate.
E. Recommendations by the FACT Officer for amendment of the Identity Theft
Prevention Program shall reflect changes in risks to account owners or to the
safety of the City from identity theft based on factors such as:
The experiences of the City with identity theft.
2. . Changes in methods of identity theft.
3. Changes in methods to detect, prevent and mitigate identity theft.
4. Changes in the types of accounts the City offers or maintains.
5. Changes in the business arrangements of the City, including
establishment of joint powers agreements or contracts with service
providers.
Section 2. This Ordinance shall become effective upon its passage and publication
according to law
MOTION
BY:
CM
Vern
Heidner
SECOND
BY:
CM
Dan
Scharber
ALL IN FAVOR: Mayor Stockamp; Councilmembers: Heidner, Thorsted,
Darkenwald and Scharber
THOSE OPPOSED: NONE
ADOPTED by the Otsego City Council this 27"' day of October, 2008.
CITY OF OTSEGO
BY: (;� " I A A q4 -Pd (I JA W
J ica Stockamp, Mayor
ATTEST:
- L�" �4�
Ju Vud n Zoning Adminis ator/City Clerk
Published: 11-26-08 Star News
2