COLUMBIA – Columbia renewed its anti-identity theft program, known as the Red Flag Rule, at the City Council meeting Monday night.
The Red Flag Rule–City of Columbia Identity Theft Prevention Program is designed to find and prevent identity theft by monitoring records that contain and hold consumer identifications, such as city utility accounts, applications, registrations and other transactions.
Here is a list of steps city personnel can employ if they find red flags that suggest the possibility of identity theft:
- Continue to monitor a record.
- Notify the possible victim of identity theft.
- Change passwords or other security devices with access to records.
- Reopen a record with a new number.
- Not open a new record.
- Close an existing record.
- Notify law enforcement.
- Determine that no response is warranted.
- Notify the program administrator.
The program was enacted in Columbia in 2009 to comply with the Federal Trade Commission. Assistant City Manager Paula Hertwig-Hopkins conducted the annual review of the program, at which point it needed the approval of the City Council.
The Federal Trade Commission required all financial institutions and creditors who hold consumer accounts to comply with the program by November 2008. Congress, however, has delayed enforcement of the rule several times to prevent unintentional consequences. The deadline now is Dec. 31.
In a May news release, the commission said it wants to limit the scope of private businesses covered by this rule.
According to Columbia's resolution, a red flag is identified when a city employee finds “a pattern, practice, or specific activity that indicates the possible existence of identity theft.”
Identification of red flags fall into three different categories: suspicious documents, suspicious personal identifying information and unusual use of or suspicious activity related to a record. Examples include signatures on checks that appear to be forged, the failure of a person to fully complete an application or the submission of invalid phone numbers on forms.
Hertwig-Hopkins said there have been no red flags reported or instances of identity theft in the past year. She would be notified if someone were to find a red flag.
The Federal Trade Commission released numbers of identity theft complaints from 2009 in February. States were ranked based on the number of complaints per 100,000 population. Florida ranked first, followed by Arizona and Texas. Missouri ranked 32nd, with 64.3 complaints per 100,000 residents for a total of 3,850 complaints. In the country, there were 264,078 complaints in total last year.
In the event that city personnel find a red flag, they will need to take appropriate action based on the severity of the red flag.
The program only pertains to departments with information the city retains and keeps. Those include the Finance, Parks and Recreation, Information Systems and Police departments.
Hertwig-Hopkins said the city did a review of the program for this year even though it has yet to be enacted at the federal level. For the review, all department heads had to do a needs assessment, reporting on their process for obtaining identifying information, who has access to that information after it is put into the computer and how it is protected.
“It is not just identity theft. It is for operations that collect sensitive info and retain it,” she said. “It has caused us to look at the information we retain and keep.”
Hertwig-Hopkins added that the program looks at city employees to ensure they are not abusing their positions.