Jump to page content

 


www.ready.gov

 
Open for Registration

  
Hydrants, Valves and Other Water Appurtenances (W)
May 17 - Wetumpka
May 18 - Birmingham
Learn More
  
Alabama/Florida Joint Training Conf (W/WW)
May 30-June 1
All Registration is open!
  
Operator Cert Test Prep for Grade III-IV Wastewater (WW)
Jun 8-Enterprise
Learn More
  
Operator Cert Test Prep for Grade I-II Water (W)
Jul 10-Thorsby
Learn More
  
Water University
Utility Management Certification
(W/WW)
Learn More
  
Schedule your own
On-site CEH Training

Earn CEHs
  
Training Calendar
  
Visit us on Facebook!
 

 

Quality on Tap

 

 

  

Custom Search

  

 

Pay Online
Pay any ARWA invoice online. 
Try
Quick Pay!

Go to
Account Login

  

Learn more about getting online bill pay!
  

 

This web site is structured in compliance with the
Web Accessibility Initiative
of the
World Wide Web Consortium.
  

Valid XHTML 1.0 Transitional

Valid CSS!

  

 

Identity Theft Prevention Program

Identity Theft Template Cover
Identity Theft Prevention Program Compliance Model
(Word document)

 

ARWA designed the Identity Theft Prevention Program Compliance Model to assist water and wastewater utilities in complying with the Federal Trade Commission’s (FTC) Identity Theft Red Flag Rule.

Download the template,
Identity Theft Prevention Program
Compliance Model

(MS Word format)
Compliance Deadline was May 1, 2009

The rule requires utilities to develop an “Identity Theft Prevention Program.” The program consists of selecting methods to detect red flags when accounts are fraudulent, procedures to prevent the establishment of false accounts, procedures to ensure existing accounts are not being manipulated, and procedures to respond to identity theft.

All utilities are required to comply with the FTC’s “Identity Theft Red Flag Rule” even if only nominal information such as name, phone number and address are collected. However, the true risk established through the risk assessment activity may not require any changes to existing policies or procedures.

The primary purpose of the rule is to protect against the establishment of false accounts and ensure existing accounts are not being manipulated. This regulation does not address or require utilities to adopt measures that will protect consumer information and prevent unauthorized access. However, implementation of good management practices to protect personal consumer data can prevent identity theft.

Appendix A is a list of other security procedures a utility should consider to protect consumer information and to prevent unauthorized access. Steps required to develop a utility’s individual Identity Theft Prevention Program:

• Assess their existing identity theft risk (risk assessment) for new and existing accounts.

• Use the risk assessment to select measures (red flags) that may be used to detect attempts to establish fraudulent accounts.

• Identify procedures for employees to prevent the establishment of false accounts and procedures for employees to implement if existing accounts are being manipulated.

• Obtain program approval by the governing body or designated senior management by November 1, 2008 (extended to May 1, 2009).

• Train the appropriate employees on the program’s policies and procedures.

• Update the plan annually with review and approval by the governing body or designated senior management.

The annual report should address any material matters related to the program such as the effectiveness of the policies and procedures, the oversight and effectiveness of any third party billing and account establishment entities, a summary of any identity thefts incidents and the response to the incident, and recommendations for substantial changes to the program, if any.

Download the template,
Identity Theft Prevention Program
Compliance Model

(MS Word format)

 

  

 

Copyright © 1999-2017. Alabama Rural Water Association. All rights reserved.

Web site design and maintenance by TEAM Support, Inc.