The URL can be used to link to this page

Home My WebLink AboutMemo - Mail Packet - 3/1/2022 - Memorandum From Gretchen Stanford Re: 2021 Annual Report: Fort Collins Utilities Program To Detect, Prevent And Mitigate Identity Theft Utilities electric ·stormwater ·wastewater ·water 222 Laporte Ave. PO Box 580 Fort Collins, CO 80522-0580 970.212.2900 V/TDD: 711 utilities@fcgov.com fcgov.com/utilities MEMORANDUM DATE: February 18, 2022 TO: Mayor Arndt and City Councilmembers THROUGH: Kelly DiMartino, Interim City Manager Kevin Wilkins, Chief Information Officer Theresa Connor, Interim Utilities Executive Director FROM: Gretchen Stanford, Utilities Deputy Director, Customer Connections Privacy Committee Senior Management Representative RE: 2021 Mitigate Identity Theft Bottom Line: -102. In 2021, there were no reports of identity theft. The following incidents were documented and required follow-up that verified there were no Red-Flags compliance issues from a customer: On one occasion, a customer received another customer disconnect notice along with their own as they were processed by the vendor. Accounts were noted, and bills were re-mailed correctly. The customer was instructed to destroy the notice. No identity theft incidents from the customer were reported to Utilities. On two occasions, a new customer was inadvertently provided an account number for an existing customer. The new customers were contacted and notified of the mistake and instructed to destroy anything that reflected the wrong account number. No identity theft incidents from the customers were reported to Utilities. On one occasion, a customer received three HOA bills included with their own bill for the month. The customer was instructed to shred the bills that did not belong to her. No incidents were reported from the customers. On one occasion, a Water Conservation Intern provided a list of sprinkler checkup program participants (12 customer names and addresses) to one customer . Staff contacted the customer, explained the error, and instructed her to destroy the information and refrain from using it. The intern completed refresher Red Flags Training. Background The Utilities Privacy Committee is required to submit this report to its governing body by the Red Flags Rules, federal regulations effective as of December 31, 2010. The rules were promulgated as required by the Fair and Accurate Credit Transactions (FACT) Act of 2003 (Part 681 of Title 16 of the Code of Federal Regulations implementing Sections 114 and 115). Resolution 2008-102 requires the annual update to include the following information: The effectiveness of the policies and procedures of Fort Collins Utilities in addressing the risk existin offered or maintained primarily for personal, family, or household purposes, that involve multiple payments or transactions; and any other account offered or maintained for which there is a reasonably foreseeable risk to customers or to the safety and soundness of the utility from The effectiveness of the policies and procedures of Fort Collins Utilities in addressing the risk of identity theft in connection with service provider agreements: Recommendations for material changes to the Program. Fort Collins Utilities has taken numerous steps to detect, prevent and mitigate identity theft in relation to covered utility accounts, and it continues to fine-tune its business practices as they relate to identity theft. In 2021, Utilities: Continued to support the Compliance Specialist Position: This individual is responsible to ensure adherence with regulatory requirements to prevent violations of data and privacy laws. Additionally, the employee is responsible for overseeing the implementation, maintenance of, and adherence to policies and procedures covering the access, use and handling of customer information. Added Connexion: Connexion employees were included in the following policies, procedures, and training upon go-live of broadband services in September 2019. Followed Identity Theft Policies & Procedures: Detailed policies and procedures were maintained in 2021, which consist of: o Inclusion of the Federal Law 47 U.S.C. § 222 for telecommunications carriers which prevents unauthorized disclosure of Customer Proprietary Network Information (CPNI); o Verifying identity when handling customer accounts. o Administering agreements with service providers who have access to data; and o . Continued Video and In-Person Training: Utilities requires annual interactive e-learning staff training on the Red Flags Rules and the Provided Mandatory Cybersecurity Video Training: Knowb4 videos offer cybersecurity awareness training via engaging learning videos. IT assigns a monthly video training to all Utilities staff to increase employees of cyberthreats. Completion of training is tied to system access. Training Adherence: Procedures are in place to ensure that all Utilities staff have obtained required training. Collaborated on Cybersecurity: Utilities continues to collaborate with applicable City staff and Platte River P meets or exceeds all applicable security requirements and best practices. Evaluated (defined as patterns, practices, or specific activities that indicate the possible existence of identity theft) are evaluated regularly to determine the need for business process improvements. The Privacy Committee is unaware of any significant incidents of identity theft since the plan was approved in October 2008 and has no recommendations for substantial material changes to the program. In 2021, Utilities continues to ensure adherence with these policies and all regulatory requirements to detect, prevent and mitigate identity theft. CC: Lori Clements, Senior Manager, Customer Support and Privacy Officer Cyril Vidergar, Senior Attorney Carrie Daggett, City Attorney Tammi Pusheck, Sr Analyst, Administration (City Privacy and Records Manager)