Orange County NC Website
2 <br />• Use the risk assessment to select measures (red flags) that may be used to detect <br />attempts to create fraudulent accounts. <br />• Identify procedures for employees to prevent the establishment of false accounts and <br />procedures for employees to implement if existing accounts are being manipulated. <br />• Obtain program approval of the program by the BOCC or senior designated management <br />by May 1, 2009. <br />• Train appropriate employees on the policies and procedures in the program. <br />• Provide an annual report to the BOCC or designated senior management. The annual <br />report should provide any material matters related to the effectiveness of the programs <br />policies and procedures, the oversight and effectiveness of any third party billing and <br />account establishment entities, a summary of any identity theft incidents and the <br />response to those incidents, and recommendations for any substantial changes to the <br />program, if any. <br />In February 2009, department covered by the Red Flags Rule reviewed their accounts to <br />determine whether or not they were covered by Red Flags Rule. A task force, made up of <br />covered departments, the staff attorney and Information Technology Department, was formed to <br />assess the risk and develop a policy that detected, mitigated and prevented identity theft. The <br />task force conducted an initial risk assessment of covered accounts and found there was some <br />risk of identity theft. The task force then identified red flags that could be used to detect <br />attempts to create fraudulent accounts and identified procedures to prevent and mitigate <br />incidents of identity theft. The proposed policy also provides for training of staff and an annual <br />review of the policy by an Identity Theft Prevention Task Force. A draft policy was reviewed by <br />the County Manager, the County Attorney and staff covered by the Red Flags Rules. The <br />attached recommended Identity Theft Prevention Program Policy complies with the Red Flags <br />Rule. <br />Some North Carolina Counties have enacted ordinances to comply with the FACTA's Red Flags <br />Rule. FACTA, and its implementing regulations, are federal not state requirements. Since <br />Counties in North Carolina have no inherent legislative power and possess only those powers <br />conferred upon them by the General Assembly, staff is recommending the Red Flags Rules be <br />implemented through an Identity Theft Prevention Program Policy instead of an ordinance. <br />FINANCIAL IMPACT: There is no current financial impact. However, there may be some <br />financial impact in the future. <br />RECOMMENDATION(S): The Manager recommends the Board adopt the Identity Theft <br />Prevention Program Policy. <br />z See Five C's, Inc. v. Pasquotank, 672 S.E.2d 737, 740 (2009) <br />