The URL can be used to link to this page

Home My WebLink AboutOCSD 09-03 (REPEALED)634324.1 RESOLUTION NO. OCSD 09-03 A RESOLUTION OF THE BOARD OF DIRECTORS OF THE ORANGE COUNTY SANITATION DISTRICT ADOPTING AN IDENTITY THEFT PREVENTION PROGRAM IN ORDER TO COMPLY WITH THE FAIR AND ACCURATE CREDIT TRANSACTION ACT OF 2003 WHEREAS, the Federal Trade Commission (FTC) implemented the Fair and Accurate Credit Transaction (FACT) Act of 2003; WHEREAS, the FACT requires that creditors implement written programs which provide for detection of and response to specific activities (“red flags”) that could be related to identity theft; WHEREAS, the Orange County Sanitation District qualifies as a creditor for purposes of this program; WHEREAS, the FACT requires that the program: 1.Identify relevant red flags and incorporate them into the program 2.Identify ways to detect red flags 3.Include appropriate responses to red flags 4.Address new and changing risks through periodic program updates 5.Include a process for administration and oversight of the program; NOW, THEREFORE, BE IT RESOLVED, that the Board of Directors of the Orange County Sanitation District hereby adopts, and directs staff to implement, the Identity Theft Prevention Program attached hereto as Exhibit “A”. BE IT FURTHER RESOLVED that the Director of Finance and Administrative Services, or his or her designee, shall implement and administer the Identity Theft Prevention Program. BE IT FURTHER RESOLVED, that the Director of Finance and Administrative Services shall annually review the Identity Theft Prevention Program to determine if revisions are needed, and is hereby authorized and directed to make any changes to the Identity Theft Prevention Program that are found to be necessary. BE IT FURTHER RESOLVED, that this Resolution shall become effective immediately upon its adoption. PASSED AND ADOPTED at a regular meeting held April 22, 2009. __________________________ Chair ATTEST: _____________________ Clerk of the Board //Doug Davert //Penny Kyle Repealed by OC SAN 23-18 1 IDENTITY THEFT PREVENTION PROGRAM Exhibit “A” to Resolution No. OCSD 09-03 PURPOSE This program was created in order to comply with the regulations issued by the Federal Trade Commission (FTC) as part of the implementation of the Fair and Accurate Credit Transaction (FACT) Act of 2003. The FACT Act requires that financial institutions and creditors implement written programs which provide for detection of and response to specific activities (“red flags”) that could be related to identity theft. The FTC regulations require that the program: 1. Identify relevant red flags and incorporate them into the program. 2. Identify ways to detect red flags. 3. Include appropriate responses to red flags. 4. Address new and changing risks through periodic program updates. 5. Include a process for administration and oversight of the program. PROGRAM DETAILS RELEVANT RED FLAGS Red Flags are warning signs or activities that alert a creditor to potential identity theft. The guidelines published by the FTC include 26 examples of red flags which fall into the following five categories: 1. Alerts, notifications, or other warnings received from consumer reporting agencies or service problems. 2. Presentation of suspicious documents. 3. Presentation of suspicious personal identifying information. 4. Unusual use of, or other suspicious activity related to a covered account. 5. Notice from customers, victims of identity theft, or law enforcement authorities. After reviewing the FTC guidelines and examples, the OCSD Financial Management Division determined that the following red flags are applicable to customer accounts. These red flags, and the appropriate responses, are the focus of this program. 2 • Suspicious Documents and Activities o Documents provided for identification appear to have been altered or forged. o A customer refuses to provide proof of identity when discussing an established account. o A person other than the account holder requests information or asks to make changes to an established account. o Nonpayment when there is no history of late or missed payments. o An inactive account being used. o Mail sent to customer is returned repeatedly as undeliverable although transactions continue to be conducted in connection with the customer’s covered account. • A customer notifies OCSD of any of the following activities: o Account statements are not being received. o Fraudulent activity on the customer’s bank account that is used to pay account charges. • OCSD is notified by a customer, a victim of identity theft, or a member of law enforcement that an account has been opened for a person engaged in identity theft. DETECTING AND RESPONDING TO RED FLAGS Red flags will be detected as OCSD employees interact with customers. An employee will be alerted to these red flags during the following processes: • Reviewing customer identification in order to establish an account or process a payment: Documents are presented that appear altered or inconsistent with the information provided by the customer. Response: Do not establish the account or accept payment until the customer’s identity has been confirmed. • Answering customer inquiries on the phone, via email, and at the counter: Someone other than the account holder may ask for information about an account or may ask to make changes to the information on an account. A customer may also refuse to verify their identity when asking about an account. Response: Inform the customer that the account holder must give permission for them to receive information about the account. Do not make changes to or provide any information about the account, with one exception: if the service on the account has been suspended for non-payment, payment may be accepted in the amount needed to reactivate the account. 3 • Receiving notification that there is unauthorized activity associated with an account: Customers may call to alert OCSD about fraudulent activity related to their account and/or the ban account used to make payments on the account. Response: Verify the customer’s identity and notify the Accounting Supervisor immediately. Take appropriate actions to correct any errors on the account, which may include: o Suspending or reactivating the account o Updating personal information on the account o Updating the mailing address on the account o Updating account notes to document the fraudulent activity o Notifying and working with law enforcement officials • Receiving notification that an account has been established for a person engaged in identity theft. Response: Notify the Accounting Supervisor immediately. The claim will be investigated, and appropriate action will be taken to resolve the issue as quickly as possible. ADMINISTRATION AND OVERSIGHT OF THE PROGRAM The Director of Finance and Administrative Services or his or her designee shall review this program annually and provide recommendations to the General Manager to update the program as needed based on the following events: • Experience with identity theft. • Changes to the types of accounts and/or programs offered. • Implementation of new systems and/or vendor contracts. Specific roles are as follows: The Accounting Supervisor will oversee the daily activities related to identity theft detection and prevention, and ensure that all members of the Revenue Section staff are trained to detect and respond to red flags. The Director of Finance and Administrative Services will provide ongoing oversight to ensure that the program is effective. The General Manager will review and approve recommended changes to the program both annually and on as as-needed basis. The OCSD Board of Directors must approve the initial program.