- News
- Events
- Winter Storm Event 2023
-
- Deferred Compensation
- Employee Assistance Program
- eForms
- Email Services
- Benefits
- Employee Self Service
- Lactation Accommodation Request Form
- Dimensions System
- VHR Program
- Employee Safety and Health
- Staying Connected
- Kaiser Occ Health
- Flexible Spending Account
- Disaster Worker
- Trainings
- Drug-Free Workplace
-
- Preface
- 1-1 Advisory Bodies Roles and Relationships
- 1-2 Providing County Support of Grant Applications from Outside Agencies
- 2-1 Policy for Submitting Agenda Items
- 2-2 Departmental Representation at BOS Meetings
- 2-3 Policy for Board Chambers Security
- 3-1 Policy for Appropriation Transfers
- 3-2 Travel and Meal Reimbursements
- 3-3 Interdepartmental Billings for Services Policy
- 3-4 Policy for Memberships to Professional Associations & Organizations – Use of Public Funds
- 4-1 Performance Evaluations
- 4-2 Policy for Position Allocation List
- 4-3 Position Reclassifications
- 4-4 EEO Policy
- 4-5 Departmental/Internal Reorganizations
- 4-6 Policy for Hiring/Retaining Personnel Services in EMP or Ind. Contractor Status - See Civil Service Rules
- 4-7 Policy for Flexible Merit Increases
- 4-8 Advanced Salary Step Appointments
- 4-9 Policy for Relocation Incentives
- 4-10 Medical Leave Policy
- 4-11 Preemployment Preplacement Screening Policy
- 4-12 COVID-19 Vaccination and Testing Policy
- 4-13 Telework Policy
- 4-14 Lactation Policy
- 5-1 Vehicle Use
- 5-2 Policy for Capital Project and Asset Responsibility
- 5-3 Public Art Policy
- 6-1 Records Retention Storage Destruction Policy
- 6-2 Incompatible Activities Policy
- 6-3 TTrD Policy
- 6-4 Safety Management Policy
- 6-5 Identity Theft Prevention Program
- 7-1 Purchasing Policy
- 7-2 Real Property Acquisition and Management Policy
- 8-1 Investigations of Alleged Inappropriate Activities
- 8-2 Reasonable Suspicion Policy
- 8-3 Safety and Security for County Employees
- 8-4 Policy for Receipt and Distribution of Tickets or Passes
- 9-1 Official Use of Social Media Sites Policy
- 9-2 IT Use and Security Policy
- 9-3 Website Accessibility Policy
- 9-4 Information Technology Professionals Policy
- 9-5 Information Technology Governance Policy
- 9-6 Information Technology Artificial Intelligence (AI) Policy
- Employee & Volunteer Engagement & Recognition (EVER)
- Combined Fund Drive
- Website Accessibility Assistance
- Back to Administrative Policy Manual
6-5 Identity Theft Prevention Program
Return to Identity Theft Prevention Program Table of Contents
Approved: Board of Supervisors
Authority: Board of Supervisors and Board of Directors, Community Development Commission
Revised Date: July 21, 2009
What’s on this Page
Read next: Section III. Definitions
II. Background
The Federal Trade Commission regulations governing the Identity Theft Prevention Program, adopted as 16 CFR § 681.2 (referred to as the “FTC Regulations”), require creditors to develop and provide a written program to detect, prevent and mitigate identity theft in connection with the opening of a covered account or any existing covered account. Recently, the FACT Act has been amended to require that all creditors (including local government agencies that defer payments for goods or services) establish policies and procedures to help prevent identity theft. Under the FTC Regulations, “creditor” is a person that extends, renews or continues credit, and defines “credit,” in part, as the right to purchase property or services and defer payment.
Under the FTC Regulations “covered account” includes accounts that a creditor provides for personal, family or household purposes designed to allow multiple payments or transactions; or any other account that the creditor maintains for which there is a foreseeable risk to customers or to the safety and soundness of the creditor from identity theft.
The County and the Sonoma County Community Development Commission (“SCCDC”) have determined that they are each a “creditor” under the FTC Regulations based on the activities of certain departments and consequently are required to have an Identity Theft Prevention Program in place. The County departments, which are considered to be Stakeholder Departments, are:
- The Health Department provides health care services for which payment is made after the service is consumed or the service has otherwise been provided.
- The Human Services Department provides general and other financial assistance, including overpayment collections; and provides expense money for job training programs.
- Sonoma County Regional Parks bills for utilities, berthing fees, and dock use at Spud Point Marina and Porto Bodega/Sport fishing Center; accepts credit card payments for camping reservations and other park functions; and may begin conducting credit checks for potential tenants at Spud Point Marina.
- The Auditor-Controller-Treasurer-Tax Collector (ACTTC) collects money that is owed to the County, in the following manner: as installment payment plans on taxes; as contractual assessment payments for energy improvements under the Sonoma County Energy Independence Program; by processing charges for sanitation and water services; and by providing general collection services on debts owed to or collected by the County. Thus, their files contain personal identifying information that is covered by the FACT Act.
The SCCDC administers a number of loan programs for County employees and member of the public. SCCDC both originates and services such loans.
The FTC Regulations specify guidelines that should be considered in the development of the Program, taking into account the past incidents of identity theft with respect to the County’s and the SCCDC’s covered accounts and the County’s and the SCCDC’s assessment of the risk of future incidents. Accordingly, this Program provides a basic framework governing the County’s and the SCCDC’s policies and procedures for the identification, prevention and mitigation of incidents of identity theft with respect to the County’s and the SCCDC’s covered accounts. In developing the Program, the County and the SCCDC have considered relevant “red flags” (see Definitions section, page 5) outlined in the FTC Regulations which are patterns, practices, or specific activities that indicate the possible existence of identity theft with respect to a covered account.
Consistent with the FTC Regulations, the initial Program is to be in place and effective as of August 1, 2009, and requires the approval of the Board of Supervisors for the County and the Board of Commissioners for the SCCDC. The implementation and administration of the Program is to be overseen by the County Administrator’s Office.
The Federal Trade Commission also has issued regulations, adopted as 16 CFR § 681.1, to require users of consumer credit reports to develop policies and procedures relating to notices regarding address discrepancies from a consumer reporting agency. The County and the SCCDC use consumer credit reports for a variety of purposes such as: obtaining credit information regarding loan applicants; establishing deferred payment plans, and locating delinquent debtors. The County departments that use the consumer credit reports for these purposes are listed above as Stakeholder Departments in the paragraph where the County determined that it acts as a “creditor.” In addition, the County uses consumer credit information for conducting background checks in the County’s hiring process. It was determined that the FACT Act does not apply in this situation because only part of the consumer information is used, the data is not retained at the County and notices of address discrepancy are not sent to the County.