Loading...
Backup Documents 04/28/2009 Item #16C 2 ORIGINAL DOCUMENTS CHECKLIST & ROUTING SLIP 16 C'. 2 TO ACCOMPANY ALL ORIGINAL DOCUMENTS SENT TO THE BOARD OF COUNTY COMMISSIONERS OFFICE FOR SIGNATURE Print on pink papcr. Attach to original documcnt. Original documents should bc hand delivered to thc Board Officc. Thc completed routing slip and original documcnts arc to bc forwardcd to the Board Ortlcc only after the Board has taken action on the item.) ROUTING SLIP eomplete routing lines # I through #4 as appropriate for additional signatures, dates, and/or information needed. If the document is already complete with the exce tion of the Chairman's si nature, draw a line throu h routin lines # I throuh #4, com lete the checklist, and forward to Sue Filson (line #5). Route to Addressee(s) Office Initials Date (List in routin order) 1. 2. -- -' -- PRIMARY CONTACT INFORMATION (The primary contact is the holder of the original document pending BCC approval. Normally the primary contact is the person who created/prepared the executive summary. Primary contact information is needed in the event one of the addressees above, including Sue Filson, need to contact staff for additional or missing information. All original documents needing the Bel' Chairman's signature are to be delivered to the Bec ofTiee only after the BCC has acted to approve the item.) .---....- Name of Primary Staff Joe Bellone Phone Number 252-2350 Contact Agenda Date Item was April 28, 2009 Agenda Item Number 16C2 Approved by the BCC Type of Document Executive Summary and eollier eounty Number of Original 1 Attached Water-Sewer District Identity Theft Documents Attached Prevention Program 3. -"' - .---- -- -- Adopt a Resolution amending Schedule Six of Appendix A to Section Four of the Collier County Ordinance No. 2006-27, the Collier County Water-Sewer District Uniform Billing, Operating And Regulatory Standards Ordinance. This amendment corrects scrivener's error and includes a proposed rate for the late payment charge and the vehicle over meter charge; and provides for an effective date of October 1,2008 for Schedule Six of Appendix A of the Ordinance. 5. Executive Manager Board of County Commissioners Yes (Initial) N/ A (Not A licable) 6. Minutes and Records Clerk of Court's Office 1)6 1)6 'J)c, '])6 '3)6 tj)6 1. INSTRUCTIONS & CHECKLIST Initial the Yes column or mark "N/ A" in the Not Applicable column, whichever is a ro riate. Original document has been signed/initialed for legal sufficiency. (All documents to be signed by the ehairman, with the exception of most letters, must be reviewed and signed by the Office of the eounty Attorney. This includes signature pages from ordinances, resolutions, etc. signed by the County Attorney's Office and signature pages from contracts, agreements, etc. that have been fully executed by all parties except the BCC Chairman and Clerk to the Board and ossibly State Officials.) All handwritten strike-through and revisions have been initialed by the County Attorney's Office and all other arties exce t the BCC ehairman and the Clerk to the Board The Chairman's signature line date has been entered as the date ofBCC approval ofthe document or the final ne >otiated contract date whichever is a licable. "Sign here" tabs are placed on the appropriate pages indicating where the Chairman's si nature and initials are re uired. In most cases (some contracts are an exception), the original document and this routing slip should be provided to Sue Filson in the Bce office within 24 hours of BCC approval. Some documents are time sensitive and require forwarding to Tallahassee within a certain time frame or the Bee's actions are nullified. Be aware of our deadlines! The document was approved by the BCC on 4/28/2009 enter date) and all changes made during the meeting have been incorporated in the attached document. The Count Attorne 's Office has reviewed the chan es, if a licable. I: Forms! County Forms! Bee Forms! Original Documents Routing Slip WWS Onginal 9.03.04. Revised 1.2605. Revised 2.24.05 2. 3. 4. 5. 6. 16C2 MEMORANDUM Date: April 29, 2009 To: Joe Bellone, Operations Supervisor Collier County Public Utilities Department From: Teresa Polaski, Deputy Clerk Minutes & Records Department Re: Water-Sewer District Identity Theft Prevention Program Enclosed please find one copy, as referenced above (Agenda Item #16C2) adopted by the Board of County Commissioners on Tuesday, April_ 2009. The original document is being retained for the record. If you should have any questions, please contact the Minutes and Records Department at 252-8411. Thank you. Enclosure EXECUTIVE SUMMARY 16C2 Recommendation to approve the Identity Theft Prevention Program for the Collier County Water-Sewer District utility pursuant to a ruling by the Federal Trade Commission requiring water utilities among financial entities that must have a written plan in place by May 1, 2009. OBJECTIVE: That the Board of County Commissioners, Ex-Officio, the Governing Board of the Collier County Water-Sewer District (Board), Approve the Identity Theft Prevention Program for the Collier County Water-Sewer District utility. CONSIDERATIONS: The Identity Theft Prevention Program, known as The Red Flag Rule, requires any entity where there is a risk of identity theft, to develop and implement an Identity Theft Prevention Program. The primary purpose of the rule is to protect against the establishment of false accounts and ensure existing accounts are not being manipulated. The program must include reasonable policies and procedures for detecting, preventing and mitigating identity theft. Staff developed the Identity Theft Prevention Program by following these steps: · Assessed existing policies and procedures related to establishing new and changing existing water-sewer utility accounts · Identified measures (red flags) that may be used to detect attempts to establish fraudulent accounts · Developed new procedures and updated existing procedures to prevent establishment of false accounts and for employees to implement if existing accounts are being manipulated . Trained staff on the program's policies and procedures Staff benchmarked programs being established by other utilities in Florida. Actions taken will meet the intent of the Red Flag Rule. Many of the elements ofthe program are reinforcements to existing CMA procedures, including Code of Ethics 5311, End User Computing 5405 and Media Reuse or Replacement 5908. Some of the technical guidelines in the program are in process of being implemented, utilizing internal IT staff expertise and external resources. Staff will review and update the program annually with senior management and address any material matters related to the program's effectiveness and recommendations for changes if appropriate. LEGAL CONSIDERATIONS: This item has been reviewed and approved by the County Attorney's Office, is not quasi-judicial and requires no ex parte disclosure, requires only a majority vote for approval, and is otherwise legally sufficient for Board action.-SRT FISCAL IMPACT: There is no associated Fiscal Impact. GROWTH MANAGEMENT IMPACT: There is no associated Growth Management Impact. RECOMMENDATION: That the Board of County Commissioners, Ex-Officio, the Governing Board of the Collier County Water-Sewer District, approve the Identity Theft Prevention Program for the Collier County Water-Sewer District utility pursuant to a ruling by the Federal Trade Commission requiring water utilities among financial entities that must have a written plan in place by May 1,2009. 16C2 PREPARED BY: Joe Bellone, Manager Utility Billing and Customer Service, Public Utilities Division 16C2 ~ Identity Theft Prevention Program For Collier County Water-Sewer District 3301 Tamiami Trail East Naples, Florida 34112 November 1,2008 Collier County Water-Sewer District Identity Theft Prevention Program This Plan is intended to identify red flags that will alert our employees when new or existing accounts are opened using false information, protect against the establishment of false accounts, methods to ensure existing accounts were not opened using false information, and measures to respond to such events. Contact Information: The Senior Management Person responsible for this plan is: Name: Thomas G. Wides Title: Director, Financial Operations Phone number: (239) 252-2553 The Governing Body Members of the Utility are: The Board of Collier County Commissioner, as ex-officio, the Board of the Collier County Water-Sewer District: 1. Commissioner Donna Fiala 2. Commissioner Fred Coyle 3. Commissioner Frank. Halas 4. Commissioner Tom Henning 5. Commissioner Jim Coletta CCWSD - Identity Theft Prevention Program Page I of? 16C2 ~ Risk Assessment The Collier County Water-Sewer District has conducted an internal risk assessment to evaluate how at risk the current procedures are at allowing customers to create a fraudulent account and evaluate if current (existing) accounts are being manipulated. This risk assessment evaluated procedures for opening new accounts and the methods used to access the account information. Using this information the utility was able to identify red flags that were appropriate to prevent identity theft: CJ New accounts opened In Person CJ New accounts opened via Telephone CJ New accounts opened via Fax CJ New accounts opened via Web CJ Account information accessed In Person CJ Account information accessed via Telephone (Person) CJ Account information is accessed via Telephone (Automated) CJ Account information is accessed via Web Site CJ Identity theft occurred in the past from someone falsely opening a utility account New Accounts Protection The Collier County Uniform Billing, Operating and Regulatory Standards Ordinance, number 2001-73, as amended, Section 1.2 D 1 requires all accounts be established in the name of the property owner. Application Forms have been redesigned to include relevant property owner information and security questions to ensure new accounts are opened in accordance with legally recorded documents. Procedures are being developed to tie owner's names in the District's billing system to the Public Records annually. Account Information Access Customers are required to show valid identification when they appear in person at the Utility Billing and Customer Service lobby for payments and changes to their accounts. Customers must have their eleven (11) digit account number available to access their account. Procedures are being developed to require Personal Identification Numbers (PINs), in addition to the account number, to access accounts on-line for payment and account changes. Detection (Red Flags): The Collier County Water-Sewer District adopts the following red flags to detect potential fraud. These are not intended to be all-inclusive and other suspicious activity may be investigated as necessary: CJ CJ Deferred pay plan requests are reviewed and approved only by Customer Service Supervisor and Accounting Supervisor. Inconsistent activity patterns indicated by: o Recent and significant increase in volume of inquiries o Unusual number of recent deferred pay plan applications o A material or frequent change in payment methods CCWSD - Identity Theft Prevention Program Page 2 of7 16C2 ~ o Accounts closed for cause or abuse o Identification documents appear to be altered o Photo and physical description do not match appearance of applicant o Other information is inconsistent with information provided by applicant o Other information provided by applicant is inconsistent with information on file o Application appears altered or destroyed and reassembled o Personal information provided by applicant does not match other sources of information (e.g. Ownership information contained in the Property Appraiser's website or in the Minutes and Records of the Clerk of Courts of Collier County) o Information provided is associated with known fraudulent activity (e.g. address or phone number provided is same as that of a fraudulent application) o Information commonly associated with fraudulent activity is provided by applicant (e.g. address that is a post office box, non-working phone number or associated with answering service/pager) o Address or telephone # is the same as that of other customer at utility o Customer fails to provide all information requested o Personal information provided is inconsistent with information on file for a customer o Applicant cannot provide information requested beyond what could commonly be found in a purse or wallet o Identity theft is reported or discovered Response o Customers who have selected the automatic bank draft payment method are notified via phone or letter if current consumption will cause larger than normal bank draft payment o Requests for deferred pay plans are reviewed and approved by multiple internal revenue supervIsors o Meters locked for non-payment are reported to internal management daily o Ask customer for additional documentation or for permission to continue bank draft o Notify internal manager: Any utility employee who becomes aware of a suspected or actual fraudulent use of a customer or potential customers identity must notify their immediate supervisor o Do not open the account if the information supplied on the application for service does not match information on the Collier County Property Appraiser's website or in the Minutes and Records of the Clerk of Courts of Collier County o Lock the customer's meter for non-payment and notify the customer via outbound call o The Uniform Billing, Operating and Regulatory Standards Ordinance 2001-73, as amended, Section 1.2 D 3 requires change of address for billing purposes must be by letter, email or District change of address form. Section 1.2 D 4 provides for duplicate utility bills if payment is from someone other than the property owner. CCWSD - Identity Theft Prevention Program Page 3 of7 16C2 ~ Personal Information Security Procedures: The Collier County Water-Sewer District adopts the following security procedures: 1. Paper documents, files, and electronic media containing secure information will be stored in locked file cabinets. File cabinets will be stored in a secured office facility. 2. Only specially identified employees with a legitimate need will have keys to the room and cabinet. 3. Files containing personally identifiable information are kept in locked file cabinets except when an employee is working on the file. 4. Employees will not leave sensitive papers out on their desks when they are away from their workstations. 5. Employees will secure files when leaving their work areas. 6. Employees utilize secured screen savers on their computers when leaving their work areas. 7. Employees lock file cabinets when leaving their work areas. 8. No visitor will be given any entry codes or allowed unescorted access to the office. 9. Passwords to employees's computers will not be shared or posted near workstations. 10. Password-activated screen savers will be used to lock employee computers after a period of inactivity. 11. When installing new software, immediately change vendor-supplied default passwords. 12. Sensitive consumer data will not be stored on any computer with an Internet connection. 13. Sensitive information that is sent to third parties over public networks will be encrypted. 14. Anti-virus and anti-spyware programs will be run on individual computers and on servers daily. 15. When sensitive data is received or transmitted, secure connections will be used. 16. Computer passwords will be required. 17. User names and passwords will be different. CCWSD - Identity Theft Prevention Program Page 4 of 7 16C 2 ~ 18. Passwords will be changed quarterly. 19. Laptops are stored in a secured office facility. 20. Laptop users will not store sensitive customer information on their C-Drive. 21. Employees will never leave a laptop visible in a car, at a hotel luggage stand, or packed in checked luggage. 22. If a laptop must be left in a vehicle, it is locked in a trunk. 23. The computer network will have a firewall where your network connects to the Internet. 24. Any wireless network in use is secured. 25. Maintain centrallog files of security-related information to monitor activity on your network. 26. Employees will log out of the In-Hance billing application when they leave for lunch and at the end of the business day. 27. Monitor incoming traffic for signs of a data breach. 28. Monitor outgoing traffic for signs of a data breach. 29. Implement a breach response plan. 30. Check references or do background checks before hiring employees who will have access to sensitive data. 31. Newly hired employees will be fingerprinted. 32. New employees sign an agreement to follow your company's confidentiality and security standards. 33. Access to customer's personal identify information is limited to employees with a "need to know." 34. Procedures exist for making sure that workers who leave your employ or transfer to another part of the company no longer have access to sensitive information. 35. Implement a regular schedule of employee training. 36. Employees will be alert to attempts at phone phishing. 37. Employees are required to notify department management immediately if there is a potential security breach, such as a lost or stolen laptop or security card. CCWSD - Identity Theft Prevention Program Page 5 of7 ~C2 38. Employees who violate security policy are subjected to discipline, up to, and including, dismissal in accordance with CMA 5311 (Code of Ethics) and CMA 5405 (End User Computing). 39. Service providers notify you of any security incidents they experience, even if the incidents may not have led to an actual compromise of our data. 40. Paper records containing secure information will be shredded before being placed into the trash. 41. Paper shredders will be available at administrative assistant's desk in the office. 42. Any data storage media will be disposed of by shredding, punching holes in, or incineration, or any appropriate means as defined by CMA 5908 (Media Reuse or Replacement Policy). CCWSD - Identity Theft Prevention Program Page 6 of7 16C2 ~ A report will be prepared annually and submitted to the above named senior management or governing body to include matter related to the program, the effectiveness of the policies and procedures, the oversight and effectiveness of any third party billing and account establishment entities, a swnmary of any identify theft incidents and the response to the incident, and recommendations for substantial changes to the program, if any. Appropriate employees have been trained on the contents and procedures of this Identity Theft Prevention Program. Identity Theft Prevention Program Review and Approval: This plan has been reviewed and adopted by the Board of County Commissioners of Collier County, Florida, as Ex-Officio the Governing Board of the Water-Sewer District on this 28th day of April, 2009. '1'1,,/ " ATTEST:, BOARD OF COUNTY COMMISSIONERS '", "~', .' L :~'t . ..1>'.'" UMGHT E. BRQC,K, CLERK OF COLLIER COUNTY, FLORIDA, AS EX-OFFICIO THE. . . ,.,::, >, '~[L GOVERNING BOARD OF THE WATER-SEWER DISTRICT ~Si.iteCIM"- , By: /L da 11 Qnatn 'Oft .Geputy Clerk DONNA FIALA, CHAIRMAN Approval as to form and legal Sufficiency: ~ h?J~ Deputy County Attorney CCWSD - Identity Theft Prevention Program Page 7 00