HomeMy WebLinkAboutCOW 2009-03-09 Item 4E - Resolution - Identity Theft Prevention ProgramCAS NUMBER 09-035
C. \"I'I ;G )RY
SPONSOR
SPONSOR'S
SUMi \RY
RI ;V'll :wI ;D BY
MTG. DATE
03/09/09
MTG. DATE
03/09/09
03/23/09
Discussion n Motion
Altg Date 03/09/09 illtg Date
n COW Mtg.
Utilities Cmte
illeetina Date
03/09/09
03/23/09
CouNcIL AGENDA SYNOPSIS
Prepared by
SH
SH
Initiate
Mayor's review
Council re/ev i
ITEM INFORMATION
ORIGINAL. AGENDA DATE: MARCH 9, 2009
AG km) III ;VI Trrl.l; Adoption of identify theft prevention program.
Resolution Ordinance
Mtg Date 3/23/09 Mtg Date
CA &P Cmte
U Arts Comm.
I
I
Mtg Date
Council U Mayor n Adm Svcs DCD Finance U Fire Legal 1 P &R Police n Pr
The city is required to adopt an identity theft detection and prevention program according
to the Federal Trade Commission's Red Flags Rule. The requirements specifically apply to
City utility accounts, but also apply to any account the City maintains where there is a risk
of potential identity theft. The Council is being asked to consider and adopt the resolution
and associated program.
F &S Cmte
Parks Comm.
DATE: 3/3/09
RECOMMENDATIONS:
SP()NS()R /ADMIN. Adoption of Ordinance
COMMITTEE Unanimous Approval; Forward to Committee of the Whole
COST IMPACT FUND SOURCE
Ex1I NDITURI; RI;QUIRIiD AMOUNT BUDGETED APPROPRIATION REQUIRED
'Fund Source: N/A
Comments: N/A
RECORD OF COUNCIL ACTION
Bid Award Public Hearing n Other
ATTACHMENTS
Informational Memorandum dated 2/18/09
Resolution in draft form
Exhibit A Identity Theft Prevention Program
Memorandum from Shelley Kerslake Shawn Hunstock dated 2/18/09
Minutes from the Finance and Safety Committee Meeting of 3/3/09
Planning Comm.
ITEM NO.
tlltg Date Mtg Date
Transportation Cmte
TO: Mayor Haggerton
Finance and Safety Committee
FROM: Shawn Hunstock, Finance Director
DATE: February 18, 2009
SUBJECT: Adoption of Red Flags Rule Program
ISSUE
The Federal Trade Commission issued regulations requiring businesses to adopt identity theft detection
and prevention policies and procedures. The policies and procedures must be in place by May 1, 2009.
BACKGROUND
The Red Flags Rule is a consumer protection law passed by Congress in 2003. The purpose of the Red
Flags Rule is to put in place procedures which will prevent or detect the release of information that
could lead to identity theft. The Rule specifically applies to utility accounts according to the law passed
by Congress.
The identity theft policies and procedures, referred to as a "Program" in the law passed by Congress,
must be approved by the City Council. I am identified as the Program Administrator in the proposed
policies.
DISCUSSION
The Program applies to utility accounts specifically, as well as "any other account the City offers or
maintains for which there is a reasonably foreseeable risk to customers or to the safety and soundness
of the City from identity theft." It has not been determined at this time how far reaching the Program
applies, but that will be determined during implementation and training. The issue is most relevant,
however, to utility accounts given the nature of the information the City maintains and how that
information might be used. For instance, changing a name or address on a utility account could help an
individual, using the utility bill, in getting a driver's license or other forms of identification.
As a part of the Program, the City will conduct on -going training for employees on the prevention and
detection of identity theft. We will also be working with third -party service providers, such as credit card
processing companies, to insure they agree to comply with the City's identity theft prevention policies.
RECOMMENDATION
The Council is being asked to consider a resolution adopting an Identity Theft Prevention Program. This
issue will be presented at the March 3, 2009 Finance and Safety Committee Meeting, the March 9,
2009 Committee of the Whole Meeting and the March 23, 2009 Special Meeting. Because the policy
must be approved and implemented, including training, by May 1, 2009, consideration of this issue at
the March 23, 2009 Special Meeting will allow more time for employee training.
ATTACHMENTS
City of Tukwila
INFORMATIONAL MEMORANDUM
Draft Resolution adopting the Program.
Draft copy of Identity Theft Prevention Program.
Letter from Shelley Kerslake, City Attorney, dated February 18, 2009.
Jim Haggerton, Mayor
A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF TUKWILA,
WASHINGTON, APPROVING AND ADOPTING AN IDENTITY THEFT
PREVENTION PROGRAM.
WHEREAS, the City has a water -sewer utility providing water and /or sewer
utility services pursuant to Title 57 RCW; and
WHEREAS, the Fair and Accurate Credit Transactions Act of 2003, Pub. L. 108 -159
"Red Flags Rule 16 C.F.R. Part 681, requires certain financial institutions and
creditors with "covered accounts" to prepare, adopt, and implement an identity theft
prevention program to identify, detect, respond to and mitigate patterns, practices or
specific activities, which could indicate identity theft; and
WHEREAS, the City maintains certain continuing accounts with utility service
customers and for other purposes, which involve multiple payments or transactions,
and such accounts are "covered accounts" within the meaning of the Red Flags Rule;
and
WHEREAS, to comply with the Red Flags Rule, City staff has prepared an identity
theft prevention program in the form attached hereto as Exhibit A, "Identity Theft
Prevention Program," and incorporated herein by this reference (the "ITPP" or the
"Program and has recommended the Program now be approved and adopted by the
City Council for implementation;
NOW, THEREFORE, THE CITY COUNCIL OF THE CITY OF TUKWILA,
WASHINGTON, HEREBY RESOLVES AS FOLLOWS:
Identity Theft Prevention Program Adopted. The Tukwila Identity Theft
Protection Program, a copy of which is attached hereto as Exhibit A, and by this
reference fully incorporated herein, is hereby approved and adopted, effective the date
set forth below. City staff is hereby authorized and directed to implement the Program
in accordance with its terms.
PASSED BY THE CITY COUNCIL OF THE CITY OF TUKWILA, WASHINGTON,
at a Special Meeting thereof this day of 2009.
ATTEST /AUTHENTICATED:
Christy O'Flaherty, CMC, City Clerk
APPROVED AS TO FORM BY:
Office of the City Attorney
DRAFT
Attachment: Exhibit A, Identity Theft Prevention Program
Joan Hernandez, Council President
Filed with the City Clerk:
Passed by the City Council:
Resolution Number:
C: \Documents and Settings \All Users Desktop Kelly MSDATA Resolutions Red Flags Identity Theft.doc
SH:ksn 3/4/2009
Page 1 of 1
CITY OF TUKWILA
IDENTITY THEFT PREVENTION PROGRAM
C:\Documents and Settings\All Users\ Desktop \Kelly\iYISDATA\Resolutions\Red Flags Identity Theft Exhibit A.doc
SH:ksn 2/25/2009
1. PROGRAM ADOPTION. The City of Tukwila developed this Identity Theft
Prevention Program "Program pursuant to the Federal Trade Commission's Red
Flags Rule "Rule which implements Sections 114 and 315 of the Fair and
Accurate Credit Transactions Act of 2003. This Program was developed with the
oversight and approval of the City's Finance Director. After consideration of the
size and complexity of the City's operations and account systems and the nature and
scope of the City's activities, the City Council determined that this Program was
appropriate for the City, and therefore approved this Program by the adoption of
Resolution No. on the day of 2009.
2. PROGRAM PURPOSE AND DEFINITIONS
Exhibit A
A. Fulfilling Requirements of the Red Flags Rule. Under the Red Flags Rule, every
financial institution and creditor is required to establish an identity theft
prevention program tailored to its size, complexity and the nature of its
operation. The Program must contain reasonable policies and procedures to:
1) Identify relevant red flags as defined in the Rule and this Program for new
and existing covered accounts, and incorporate those red flags into the
Program;
2) Detect red flags that have been incorporated into the Program;
3) Respond appropriately to any red flags that are detected to prevent and
mitigate identity theft; and
4) Update the Program periodically to reflect changes in risks to customers or to
the safety and soundness of the City from identity theft.
B. Red Flags Rule Definitions Used in this Program. For the purposes of this
Program, the following definitions apply:
1) Account. "Account" means a continuing relationship established by a person
with a creditor to obtain a product or service for personal, family, household
or business purposes.
2) Covered Account. A "covered account" means:
a) Any account the City offers or maintains primarily for personal, family or
household purposes, that involves multiple payments or transactions; and
Page 1 of 7
b) Any other account the City offers or maintains for which there is a
reasonably foreseeable risk to customers or to the safety and soundness of
the City from identity theft.
3) Creditor. "Creditor" has the same meaning as defined in Section 701 of the
Equal Credit Opportunity Act, 15 U.S.C. 1691a, and includes a person or
entity that arranges for the extension, renewal or continuation of credit,
including the City.
4) Customer. A "customer" means a person or business entity that has a
covered account with the City.
5) Financial Institution. "Financial institution" means a state or national bank, a
state or federal savings and loan association, a mutual savings bank, a state or
federal credit union, or any other entity that holds a "transaction account"
belonging to a customer.
6) Identifying Information. "Identifying information" means any name or
number that may be used, alone or in conjunction with any other information,
to identify a specific person, including name, address, telephone number,
social security number, date of birth, government passport number, employer
or taxpayer identification number or unique electronic identification number.
7) Identity Theft. "Identity theft" means fraud committed using the identifying
information of another person.
8) Red Flag. A "red flag" means a pattern, practice, or specific activity that
indicates the possible existence of identity theft.
9) Service Provider. "Service provider" means a person or business entity that
provides a service directly to the City relating to or in connection with a
covered account.
3. IDENTIFICATION OF RED FLAGS. In order to identify relevant red flags, the
City shall review and consider the types of covered accounts that it offers and
maintains, the methods it provides to open covered accounts, the methods it
provides to access its covered accounts, and its previous experiences with identity
theft. The City identifies the following red flags, in each of the listed categories:
A. Notification and Warnings from Credit Reporting Agencies Red Flags.
1) Report of fraud accompanying a credit report;
2) Notice or report from a credit agency of a credit freeze on a customer or
applicant;
C:\Documents and Settings\All Users\ Desktop \Kelly\MSDATA\Resolutions\Red Flags Identity Theft Exhibit A.doc
SH:ksn 2/25/2009
Page 2 of 7
3) Notice or report from a credit agency of an active duty alert for an applicant;
and
4) Indication from a credit report of activity that is inconsistent with a
customer's usual pattern or activity.
B. Suspicious Documents Red Flags.
1) Identification document or card that appears to be forged, altered or
inauthentic;
2) Identification document or card on which a person's photograph or physical
description is not consistent with the person presenting the document;
3) Other document with information that is not consistent with existing
customer information (such as a person's signature on a check appears
forged); and
4) Application for service that appears to have been altered or forged.
C. Suspicious Personal Identifying Information -Red Flags.
1) Identifying information presented that is inconsistent with other information
the customer provides (such as inconsistent birth dates);
2) Identifying information presented that is inconsistent with other sources of
information (for instance, an address not matching an address on a driver's
license);
3) Identifying information presented that is the same as information shown on
other applications that were found to be fraudulent;
4) Identifying information presented that is consistent with fraudulent activity
(such as an invalid phone number or fictitious billing address);
5) Social security number presented that is the same as one given by another
customer;
6) An address or phone number presented that is the same as that of another
person;
7) Failing to provide complete personal identifying information on an
application when reminded to do so (however, by law social security
numbers must not be required); and
8) Identifying information which is not consistent with the information that is
on file for the customer.
C:\Documents and Settings\A11 Users\ Desktop \Kelly\MSDATA\Resolutions\Red Flags Identity Theft Exhibit A.doc
SH:ksn 2/25/2009
Page 3 of 7
D. Suspicious Account Activity or Unusual Use of Account Red Flags.
1) Change of address for an account followed by a request to change the account
holder's name;
2) Payments stop on an otherwise consistently up -to -date account;
3) Account used in a way that is not consistent with prior use (such as very high
activity);
4) Mail sent to the account holder is repeatedly returned as undeliverable;
5) Notice to the City that a customer is not receiving mail sent by the City;
6) Notice to the City that an account has unauthorized activity;
7) Breach in the City's computer system security; and
8) Unauthorized access to or use of customer account information.
E. Alerts from Others Red Flag.
9) Notice to the City from a customer, a victim of identity theft, a law
enforcement authority or other person that it has opened or is maintaining a
fraudulent account for a person engaged in identity theft.
4. DETECTING RED FLAGS
A. New Accounts. In order to detect any of the red flags identified above associated
with the opening of a new account, City personnel will take the following steps
to obtain and verify the identity of the person opening the account:
1) Require certain identifying information such as name, date of birth,
residential or business address, principal place of business for an entity,
driver's license or other identification;
2) Verify the customer's identity (for instance, review a driver's license or other
identification card);
3) Review documentation showing the existence of a business entity; and
4) Independently contact the customer.
B. Existing Accounts. In order to detect any of the red flags identified above for an
existing account, City personnel will take the following steps to monitor
transactions with an account:
1) Verify the identification of customers if they request information (in person,
via telephone, via facsimile, via email);
C:\Documents and Settings\A11 Users\ Desktop \Kelly\MSDATA\Resolutions\Red Flags Identity Theft Exhibit A.doc
SH:ksn 2/25/2009
Page 4 of 7
2) Verify the validity of requests to change billing addresses; and
3) Verify changes in banking information given for billing and payment
purposes.
5. PREVENTING AND MITIGATING IDENTITY THEFT. In the event City
personnel detect any identified red flags, such personnel shall take one or more of
the following steps, depending on the degree of risk posed by the red flag:
A. Prevent and Mitigate Identity Theft.
1) Monitor a covered account for evidence of identity theft;
2) Contact the customer with the covered account;
3) Change any passwords or other security codes and devices that permit access
to a covered account;
4) Not open a new covered account;
5) Close an existing covered account;
6) Re -open a covered account with a new number;
7) Not attempt to collect payment on a covered account;
8) Notify the Finance Director for determination of the appropriate step(s) to
take;
9) Notify law enforcement; or
10) Determine that no response is warranted under the particular circumstances.
B. Protect Customer Identifying Information. In order to further prevent the
likelihood of identity theft occurring with respect to City accounts, the City shall
take the following steps with respect to its internal operating procedures to
protect customer identifying information:
1) Secure the City website but provide clear notice that the website is not secure;
2) Undertake complete and secure destruction of paper documents and
computer files containing customer information;
3) Make office computers password protected and provide that computer
screens lock after a set period of time;
4) Keep offices clear of papers containing customer identifying information;
5) Request only the last 4 digits of social security numbers (if any);
C: \Documents and Settings\Al1 Users\ Desktop \Kelly\MSDATA\Resolutions \Red Flags Identity Theft Exhibit A.doc
SH:ksn 2/25/2009
Page 5 of 7
6) Maintain computer virus protection up to date; and
7) Require and keep only the kinds of customer information that are necessary
for City purposes.
6. PROGRAM ADMINISTRATION
A. Oversight.
1) The Finance Director or other designated city employee at the level of senior
management shall be responsible for developing, implementing, and
updating the Program.
2) The Finance Director shall also be responsible for the Program
administration, for appropriate training of City staff on the Program, for
reviewing the annual staff report required under the Program, as well as any
other staff reports regarding the detection of red flags and the steps for
preventing and mitigating identity theft, determining which steps of
prevention and mitigation should be taken in particular circumstances, and
considering periodic changes to the Program.
B. Staff Training and Reports. City staff responsible for implementing the Program
shall be trained either by or under the direction of the Finance Director in the
detection of red flags, and the responsive steps to be taken when a red flag is
detected. Additionally, a compliance report shall be provided annually to the
Finance Director. The annual compliance report shall, at a minimum, address
the following:
1) The effectiveness of the City's policies and procedures in addressing the risk
of identity theft in connection with the opening of covered accounts and with
respect to existing covered accounts;
2) Service provider arrangements;
3) Significant incidents involving identity theft and the City's response; and
4) Recommendations for material changes to the Program.
C. Service Provider Arrangements. In the event the City engages a service provider
to perform an activity in connection with one or more covered accounts, the City
shall take the following steps to require that the service provider performs its
activity in accordance with reasonable policies and procedures designed to
detect, prevent, and mitigate the risk of identity theft.
1) Require, by contract, that service providers acknowledge receipt and review
of the Program and agree to perform their activities with respect to City
covered accounts in compliance with the terms and conditions of the Program
C:\Documents and Settings\Al1 Users\ Desktop \Kelly \MSDATA\Resolutions\Red Flags Identity Theft Exhibit A.doc
SH:ksn 2/25/2009
Page 6 of 7
and with all instructions and directives issued by the Finance Director
relative to the Program; or
2) Require, by contract, that service providers acknowledge receipt and review
of the Program and agree to perform their activities with respect to City
covered accounts in compliance with the terms and conditions of the service
provider's identity theft prevention program and will take appropriate action
to prevent and mitigate identity theft; and that the service providers agree to
report promptly to the City in writing if the service provider in connection
with a City covered account detects an incident of actual or attempted
identity theft or is unable to resolve one or more red flags that the service
provider detects in connection with a covered account.
D. Customer Identifying Information and Public Disclosure. The identifying
information of City customers with covered accounts shall be kept confidential
and shall be exempt from public disclosure to the maximum extent authorized
by law, including RCW 42.56.230(4). The City Council also finds and determines
that public disclosure of the City's specific practices to identify, detect, prevent,
and mitigate identity theft may compromise the effectiveness of such practices
and hereby direct that, under the Program, knowledge of such specific practices
shall be limited to the Finance Director and those City employees and service
providers who need to be aware of such practices for the purpose of preventing
identity theft.
7. PROGRAM UPDATES. The Program will be periodically reviewed and updated to
reflect changes in risks to customers and to the safety and soundness of the City
from identity theft. The Finance Director shall, at least annually, review the annual
compliance report and consider the City's experiences with identity theft, changes in
identity theft methods, changes in identity theft detection and prevention methods,
changes in types of accounts the City maintains and changes in the City's business
arrangements with other entities and service providers. After considering these
factors, the Finance Director shall determine whether changes to the Program,
including the listing of red flags, are warranted. If warranted, the Finance Director
shall present the recommended changes to the City Council for review and
approval.
C:\Documents and Settings\All Users\ Desktop \Kelly\MSDATA\Resolutions\Red Flags Identity Theft Exhibit A.doc
SH:ksn 2/25/2009
Page 7 of 7
MICHAEL R. KENYON
BRUCE L. DISEND
SHELLEY M. KERSLAKE
SANDRA S. MEADOWCROFT
CHRIS D. BACHA
BOB C. STERBANK
KENYON DISEND, PLLC
THE MUNICIPAL LAW FIRM
11 FRONT STREET SOUTH
ISSAQUAH, WASHINGTON 98027 -3820
W WW. KENYONDISEND. COI
(425) 392 -7090 (206) 628 -9059
FAX (425) 392 -7071
TO: Mayor Jim Haggerton and Members of the City Council
Rhonda Berry, City Administrator
FROM: Shelley M. Kerslake, City Attorney
Shawn Hunstock, Finance Director
DATE: February 18, 2009
RE:
Overview of Requirements of FTC Red Flags Rule
I. BACKGROUND
In 2003, Congress passed the Fair and Accurate Credit Transaction Act "FACTA
(Public Law 108 -159). To implement the identity theft provisions of FACTA, the Federal Trade
Commission "FTC was charged with promulgating rules that require the adoption of certain
identity theft prevention programs. The FTC adopted these rules, known as the "Red Flags
Rule," on November 7, 2007. The Red Flags Rule requires financial institutions and creditors
that hold consumer accounts to develop and implement a written Identity Theft Prevention
Program by May 1, 2009. City utilities are one of the entities that must comply with this
requirement.' Because the deadline for adopting a written Identity Theft Prevention Program
"Program is approaching, the purpose of this memorandum is to outline the Program
requirements and identify some issues for consideration during the course of adoption.
The FTC Red Flags Rule "Rule and its appendix, also provide specific suggestions
and examples of red flags and suggested responses that a city may use to create its Program. A
draft Ordinance with an attached Program that incorporates the Rule's suggestions is provided
with this memorandum. A copy of the relevant Rule is also provided.
II. REOUIREMENTS
To comply with the new Rule, Tukwila must develop and implement a written Program
that is appropriate for the size and complexity of the City, and which is "designed to detect,
prevent and mitigate identity theft in connection with the opening of a covered account or any
existing covered account. Under the Rule, a "covered account" is:
The Red Flags Rule and Address Discrepancy Rules apply to "fmancial institutions" and "creditors" with "covered
accounts." A "creditor" is defined as any entity that regularly extends, renews, or continues credit and specifically
includes utility companies. 16 C.F.R. 681.2(b)(3)(ii).
2 16 C.F.R. 681.2(d).
C:\DOCUME— I\kathyp \LOCALS-- 1 \Teinp\XPgrpwise \Tuk Meino Red Flag Rules_2.doc/KIS /02/13/09
SERVING WASHINGTON CITIES SINCE 1993
MARGARET J. KING
KARI L. SAND
NOEL R. TREAT
RENEE G. WALLS
AiLw JO PEARSALL
Any account a city or utility offers or maintains primarily for personal, family or
household purposes, that involves multiple payments or transactions; and
Any other account a city or utility offers or maintains for which there is a reasonably
foreseeable risk to customers or to the safety and soundness of the city or utility of
identity theft.
Accordingly, the first step in preparing the City's Program is to identify all City accounts that
constitute a "covered account."
Second, the Program must include reasonable policies and procedures for detecting,
preventing, and mitigating identity theft. To accomplish this, the Program must include
procedures to focus on "red flags" that, with further analysis, would suggest that identity theft
might be occurring. Red flags are defined as patterns, practices, or specific activities that
indicate the possible existence of identity theft. The Rule identifies five general categories of
red flags and suggested responses. The general red flag categories are:
1. The receipt of warnings from consumer reporting agencies;
2. Providing suspicious documents to a city;
3. Providing suspicious personal identifying information;
4. The unusual use of an account; and
5. Notices from customers, victims, or law enforcement of identity theft in connection
with a covered account.
While the FTC's Red Flags Rule provides a helpful template of categories and suggested
responses to incorporate into a required Program, each city must deter mine the specific aspects
to include or expand upon in its Program after a review of its specific situation. This suggests
that each city should consider which particular actions or circumstances concerning its "covered
accounts" might indicate identity theft, and consider including those actions or circumstances as
a defined "red flag."
Third, the Program must include procedures to accomplish the following:
1. Identify relevant red flags for covered accounts and incorporate those red flags into
the Program;
2. Detect red flags that have been incorporated into the Program;
3. Respond appropriately to any red flags that are detected to prevent and mitigate
identity theft; and
4. Ensure the Program is updated periodically, to reflect changes in risks to customers or
to the safety and soundness of the creditor from identity theft.
16 C.F.R. 681.2(3).
a 16 C.F.R. 681.2(b)(9).
This issue is discussed in more detail under Section III of this memorandum.
-2-
C\DOCUME -1 \kathyp \LOCALS -1 \Temp\XPgrpwise \Tuk Memo Red Flag Ruies_2.doc /KIS /02/18/09
In addition to the foregoing, a Program must include certain administrative procedures.
An initial written Program must receive approval from the City Council or the utility's board of
directors or an appropriate committee of the board. The Council, board, or committee must also
continue with oversight, development, implementation, and administration of the Program or
assign such duties to an employee at the senior management level. Third, as part of this
implementation and oversight, staff must receive proper training concerning implementation of
the Program. Finally, staff must prepare a staff report so that the program administrator or
Council can evaluate the effectiveness of the Program with respect to open and existing
accounts, service provider arrangements, significant incidents and responses, and
recommendations for change.
III. COMPLIANCE
While all cities with utilities must comply with the Rules by adopting a Program, the
extent of the Program will depend on the size and practices of the utility. Because large cities
and utilities will have different issues than small cities and utilities, there is 110 one size fits -all
Solution. Additionally, while the Rule requires the adoption of a Program, it also discusses the
need for assessment and application of policies addressing the unique requirements of the
regulated entity. For example, if a city does not use or receive credit reports as part of its utility
billing services, then it will not need to include in its category of red flags a procedure for
addressing alerts, notifications, or other warnings received from consumer reporting agencies.
The process of creating the policies adopted in the City's Program is therefore as
important as complying with the rules adopted by the Program. A Program with procedures and
policies that do not apply to the City's circumstances will likely pose a bigger problem than
adopting a solid Program that meets that City's needs a few weeks beyond the November 1, 2008
deadline. While the FTC has the authority to enforce the Red Flags Rule and assess penalties not
to exceed $2,500 per violation for a failure to adopt a policy, a statement from the Minnesota
Municipalities Utilities Association's website explains that the FTC will not be checking
individual utilities to see if the deadline is met. Accordingly, having a well thought -out program
that is applicable to Tukwila's specific needs is preferable to adopting a cookie cutter policy or
plan.
6 16 C.F.R. 681.2(e)(1).
16 C.F.R. 681.2(e)(2).
8 16 C.F.R. 681.2(e)(3) -(4).
9 Appendix A to Part 681 A(VI)(b)(1).
-3-
C:\DOCUME- -1\katlryp \LOCALS- --1 \Temp\XPgrpwise \Tuk Memo Red Flag Rules_2.doc/KIS /02/18/09
Finance Safety Committee Minutes March 3, 2009 Page 2
This criterion substantially limits the number of students that are eligible to apply for the high school
representative position on COPCAB; a position that is often difficult to fill. Staff would like to amend
these criteria to reflect similar requirements and guidelines of other COPCAB positions. The change
would only require that:
The high school representative be a student in the Tukwila School District, and
The individual be appointed by the Mayor and confirmed by the Council.
This proposed amendment will broaden the Police Department's opportunity to seek out
qualified high school students eligible for this position on the Community Oriented Policing
Advisory Board.
The Committee inquired as to how this would affect the eligibility of high school students
interested in serving on COPCAB who live in Tukwila but attend high schools outside the City
limits. Staff responded that as with the previous requirements, students not attending school in
the Tukwila School District were not able to serve as a student representative; however, they
have always and will continue to be eligible to apply for the residential representative positions.
Having a student representative actively attending school in the Tukwila School District on
COPCAB is essentially to information sharing among members of the Board.
Committee Chair Linder suggested additional information be provided for clarification in the
memo that is submitted to full Council regarding the purpose of COPCAB as well as the
purpose of the student representative. UNANIMOUS APPROVAL. FORWARD TO MARCH 9
COW FOR DISCUSSION.
C. An Ordinance Establishing a Drug Seizure Fund
Staff is seeking full Council approval of an ordinance that will amend the 2009 -10 Biennial Budget and
establish a special revenue fund for the Police Department's drug seizure revenue and expenditure
activity.
Currently, these funds are accumulated in the General Fund and require manual tracking of revenues and
expenses throughout the year. Creating a special revenue fund specifically for this purpose will
streamline the oversight process and increase efficiency relative to revenue and expenditure activities.
Additionally, this separate fund will be eligible to accrue interest.
Committee Chair Liner requested a memo be submitted to full Council at the same time this item goes
forth, explaining the current revenue /expenditures balance relative to this account. UNANIMOUS
APPROVAL. FORWARD TO MARCH 9 COW FOR DISCUSSION.
D. A Resolution an Identity Theft Prevention Program
Staff is seeking full Council approval of a resolution adopting an Identity Theft Prevention Program.
Originally passed by Congress in 2003, implementation of policies and programs relating to the detection
and prevention of identify theft were previously delayed; however, the Federal Trade Commission is
now requiring that businesses adopt such programs and policies by May 1, 2009. This consumer
protection law is also known as the Red Flag Rule.
The Red Flag Rule specifically applies to utility accounts (such as the City's water billing) and any other
account where there may be a reasonable risk for identity theft. This resolution will approve and adopt an
identity theft protection program for the City which will be administered by Shawn Hunstock.
UNANIMOUS APPROVAL. FORWARD TO MARCH 9 COW FOR DISCUSSION.