Laserfiche WebLink
<br />REPORT <br /> <br />6.38 <br />age 1 <br /> <br />To the Honorable Mayor and City Council <br />From the eit Mana er <br /> <br />September 14, 2009 <br /> <br />SUBJECT <br />Federal Trade Commission's Red Flag Rules <br /> <br />RECOMMENDATION. <br />Approve by resolution a policy to implement the Red Flag Rules (Rules), a recently <br />required mandate to assist in the prevention of identity theft. <br /> <br />BACKGROUND <br />The Federal Trade Commission's (FTC) Rules are federal regulations enacted as part <br />of the Fair and Accurate Credit Transactions Act (FACT) of 2003 which require financial <br />institutions and creditors with covered accounts to design and implement a written <br />identity theft prevention program by August 1, 2009. The Rules define identity theft as <br />fraud committed using the identifying information of another person and a red flag as a <br />pattern, practice, or specific activity that indicates the possible existence of identity theft. <br />The policies and procedures of the program must include the following four basic <br />elements: (1) identify relevant warning signs, including patterns, practices, or specific <br />activities, that are indicative of identity theft. I.e. "red flags;" (2) detect the red flags that <br />have been incorporated into the program; (3) provide for appropriate responses to such <br />red flags in order to prevent or mitigate identity theft with respect to the covered <br />account; and (4) detail a plan to periodically update the program. <br /> <br />The FTC has issued guidelines to assist creditors in designing their programs and which <br />identify possible red flags. These red flags fall into five categories: (1) alerts, <br />notifications, or warnings from a consumer reporting agency; (2) suspicious documents; <br />(3) suspicious personal identification information, such as a suspicious address; (4) <br />unusual or suspicious activity relating to a covered account; and (5) notices from <br />consumers, victims of identity theft, law enforcement, or other businesses regarding <br />possible identity theft in connection with covered accounts. The Rules also require the <br />City Council or senior employees to manage the program and provide for appropriate <br />staff training and oversight of the program. The Rules are designed to be flexible so <br />entities and creditors may tailor their programs in accordance with the size, complexity, <br />and nature of their operations. <br /> <br />With respect to cities, it appears that the Rules apply to cities in cases where local <br />government entities are "creditors" with "covered accounts." The FTC considers a <br />government entity to be a creditor where it defers payment for goods or services by its <br />customers, the most common example being public utilities. A "covered accounr is <br />defined as (1) an account that is used primarily for family, personal, or household <br />purposes and involves or is designed for multiple payments or transactions, such as <br />credit card accounts, utility accounts, and checking or savings accounts; or (2) any <br />other account that involves a foreseeable risk of identity theft. <br /> <br />On August 12, 2009, staff presented the Identity Theft Prevention Program to the City <br />Council Utilities Committee for their feedback and direction. The Utilities Committee <br />